Hello
I would like to configure a backup from a VCSA 7.0 to to a FTPS-Server (running on a Windows Server). I've installed Bitvise SSH server application on this Windows server and FTPS enabled on port 21. I'v set up the whole certificate things - and it seams when I start a backup from the VCSA (VAMI -> Backup), then it stucks during TLS negotiation. The VCSA backup reports "General system error reported by backup server."
This is what the Bitvise SSH/FTPS server says in his logs from the very start until the end of the session - the interesting part is red:
<event seq="103" time="2020-10-29 16:10:21.962619 +0100" app="BvSshServer 8.37" name="I_CONNECT_ACCEPTED" desc="Connection accepted.">
<session id="1012" service="FTP" remoteAddress="192.168.1.88:53812"/>
<parameters addressRule="AnyIP" listenAddress="192.168.1.50:21"/>
<sessions ssh="0" sshAuth="0" ftp="1" ftpAuth="0"/>
</event>
<event seq="104" time="2020-10-29 16:10:21.996486 +0100" app="BvSshServer 8.37" name="I_FTP_CONTROL_TLS_NEGOTIATED" desc="TLS algorithms for FTP control connection negotiated.">
<session id="1012" service="FTP" remoteAddress="192.168.1.88:53812"/>
<parameters negNr="1" protocol="TLS 1.2" cipherSuite="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"/>
</event>
<event seq="105" time="2020-10-29 16:10:22.076464 +0100" app="BvSshServer 8.37" name="I_LOGON_AUTH_SUCCEEDED" desc="User authentication succeeded.">
<session id="1012" service="FTP" remoteAddress="192.168.1.88:53812" virtualAccount="test" windowsAccount="VENUS\BvSsh_VirtualUsers"/>
<authentication attemptNr="1" serialize="completion" userName="test" method="password"/>
<parameters accountSettings="test" groupSettings="Virtual Users" tokenType="LogonUser" tokenLogonType="Network" tokenElevation="Restricted"/>
</event>
<event seq="106" time="2020-10-29 16:10:22.244984 +0100" app="BvSshServer 8.37" name="I_SFS_QUERY_HOME_DIRECTORY" desc="Virtual filesystem: query home directory.">
<session id="1012" service="FTP" remoteAddress="192.168.1.88:53812" virtualAccount="test" windowsAccount="VENUS\BvSsh_VirtualUsers"/>
<sfs moduleName="FlowSfsRoot" code="40000" desc="Querying home directory succeeded.">
<parameters homePath="/"/>
</sfs>
</event>
<event seq="107" time="2020-10-29 16:10:22.459125 +0100" app="BvSshServer 8.37" name="I_FTP_PASV_DISPATCHER_DATA_ACCEPTED" desc="FTP passive data connection accepted.">
<parameters remoteAddress="192.168.1.88:52498" listenAddress="0.0.0.0:61764" addressRule="AnyIP"/>
</event>
<event seq="108" time="2020-10-29 16:10:22.459887 +0100" app="BvSshServer 8.37" name="I_FTP_DATA_ACCEPTED" desc="Passive FTP data connection accepted.">
<session id="1012" service="FTP" remoteAddress="192.168.1.88:53812" virtualAccount="test" windowsAccount="VENUS\BvSsh_VirtualUsers"/>
<parameters remoteAddress="192.168.1.88:52498" listenAddress="0.0.0.0:61764" operation="Nlst"/>
</event>
<event seq="109" time="2020-10-29 16:10:22.463285 +0100" app="BvSshServer 8.37" name="I_FTP_DATA_ERROR" desc="FTP data connection failed.">
<session id="1012" service="FTP" remoteAddress="192.168.1.88:53812" virtualAccount="test" windowsAccount="VENUS\BvSsh_VirtualUsers"/>
<parameters remoteAddress="192.168.1.88:52498" operation="Nlst"/>
<error type="Exception" message="TLS session for the data connection was not resumed from the control connection."/>
<help message="To verify client identity, a TLS session for a data connection must be established using secret data negotiated in the original TLS session for the control connection. This client did not do this, so if this data connection was accepted, it could be hijacked. The client needs to use software that supports TLS session resume. If the feature is already available in the client software, it needs to be enabled by the user."/>
</event>
<event seq="110" time="2020-10-29 16:10:23.478112 +0100" app="BvSshServer 8.37" name="W_SESSION_DISCONNECTED_ABNORMALLY" desc="Session disconnected abnormally.">
<session id="1012" service="FTP" remoteAddress="192.168.1.88:53812" virtualAccount="test" windowsAccount="VENUS\BvSsh_VirtualUsers"/>
<parameters disconnectReason="Flow" socketBytesReceived="2139" socketBytesSent="8814" payloadBytesReceived="63" payloadBytesSent="248"/>
<error type="Flow" component="FtpManager/ftpControl" class="Flow" code="Unexpected" description="FtpControl: Received TLS shutdown"/>
<sessions ssh="0" sshAuth="0" ftp="0" ftpAuth="0"/>
</event>
Bitvise SSH/FTPS server say that the client does somehow not establish and resume the TLS session. So, it seams VCSA is the "guilty"?
The backup log file from the VCSA says nothing at all.
Has anybody any hint for me? I'm looking now quite long without any idea...
Kind regards
Roman