Err Msg: 530 User <Username> Cannot Log In. Login Failed.

ID: Q200475

The information in this article applies to:
  • Microsoft Internet Information Server version 4.0

SYMPTOMS

When you use the FTP utility to connect to an FTP site, the following error occurs:

530 User <username> cannot log in.
Login failed.


CAUSE

This problem can be caused by one of the following:

  1. The "Allow only anonymous connections security" setting has been turned on in the MMC.


  2. The username does not have the "Log on locally" permission in User Manager.


  3. The Domain Name was not specified along with the username (in the form of DOMAIN\USERNAME).



RESOLUTION

Resolution 1

To clear the "Allow only anonymous connections security" check box, perform the following steps:
  1. Start the Internet Service Manager (ISM), which loads the Internet Information Server snap-in for the Microsoft Management Console (MMC).


  2. Right-click the default FTP site folder, and then click Properties.


  3. On the Security Accounts tab, clear the "Allow only anonymous connections security" check box.


  4. Click OK.




Resolution 2

To give the username the Log On Locally permission, perform the following steps:
  1. In the Administrative Tools group, select User Manager for Domains, click the Policies tab, and select User Rights.

    Note: If the username is not a member of the default domain opened by User Manager, click the User menu, and then select Domain to specify the correct domain. If the username is a member of the local computer's user list, type \\<computer_name> in the Domain text box.


  2. From the Policies menu, click User Rights.


  3. On the Rights drop-down list, select Log on Locally.


  4. Click the Add button, and add the appropriate username (or user group).


  5. Click OK twice.




Resolution 3

Try using the command line FTP utility and specifying the FTP username in the form of "DOMAIN\USERNAME" when you log into the FTP Site. If this works, then you can either instruct all users to log on using DOMAIN\USERNAME or you can specify the default authentication domain that the FTP Service should use when authenticating accounts that do not exist locally and that were not entered in "DOMAIN\USERNAME" form.
To do this you will need to make changes to the Metabase.

To specify a default logon domain so users do not have to type DOMAIN\USERNAME when logging on to the FTP Server, you can either use the Windows Script Host (if it was installed during the Windows NT Option Pack setup) or the NTOP utility Mdutil.exe.

Both methods are described below.

To use the Windows Script Host method, do the following:
  1. Change to the %systemroot%\system32\inetsrv\adminsamples directory.


  2. Type the following: 
    cscript //h:cscript
    (This sets Cscript as the default WSH interpreter.)


  3. Type the following: 
    Adsutil Set MSFTPSVC/DefaultLogonDomain "DomainName"
    Make sure when you type in the DomainName that it is enclosed in quotes.



  4. Stop and restart the FTP Service.



If the Windows Script Host was not installed during the NTOP setup, use Mdutil.exe. as follows:
  1. Copy Mdutil.exe. from the Windows NT Option Pack compact disc to the %WINDIR%\System32\ directory. Note: Make sure to copy Mdutil.exe. from the appropriate platform directory on the compact disc.


  2. Open a command prompt, and change to the %WINDIR%\System32 directory.


  3. Execute the command below replacing <DomainName> with the name of the accounts domain you want to authenticate your user against by default:
    mdutil set msftpsvc/DefaultLogonDomain -utype UT_Server -DType String -Value <DomainName>

    Make sure <DomainName> is typed without quotes.


  4. When the command completes successfully, stop and restart the FTP Service.


Additional query words: user name file transfer protocol logon login log on in open 


Keywords          : 
Version           : winnt:4.0
Platform          : winnt 
Issue type        : kbprb


Last Reviewed: July 14, 1999
© 1999 Microsoft Corporation. All rights reserved. Terms of Use.