EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Connection Timed Out error when downloading files.

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#5319
Posted: 03/07/2008 11:48:00
by Bill Armstrong (Basic support level)
Joined: 07/14/2006
Posts: 22

Our product is using the ElSimpleSftpClientX class (in the ActiveX modules) to connect to a server and download files. This is working very well in our test environment and in numerous customer installations. We recently got a support case from a customer who is getting Connection Timed Out errors when downloading files.

Here are the details for his server:

Suse Linux Enterprise Server 9
OpenSSH_4.1p1, OpenSSL 0.9.7d 17 Mar 2004

Here is the code that we're using to download the files:

Code
IElSimpleSftpClientX3Ptr  m_pftpClient;
TESTHR(m_pftpClient.CreateInstance(SFTPBBoxCli::CLSID_ElSimpleSftpClientX));
m_pftpClient->Address = m_bstrServer;
m_pftpClient->Password = m_bstrPassword;
m_pftpClient->Port = m_port;
m_pftpClient->UserName = m_bstrUserName;
m_pftpClient->SoftwareName = L"MessageStats";
m_pftpClient->UseInternalSocket = TRUE;
m_pftpClient->CompressionLevel = 6;
m_pftpClient->EnableAuthenticationType(SSH_AUTH_TYPE_PASSWORD);
m_pftpClient->SocketTimeout = 60000;
m_pftpClient->DownloadBlockSize = 8192;
m_pftpClient->SftpBufferSize = 131072;
//SB_SFTP_VERSION_6
TxSBSftpVersion ftpVersion = m_pftpClient->GetVersion();
m_pftpClient->DisableVersion(SB_SFTP_VERSION_0);
m_pftpClient->EnableVersion(SB_SFTP_VERSION_6);
m_pftpClient->Open();
m_pftpClient->DownloadFile(strRemoteFile, strLocalFile)


Any ideas why we might be getting this error? I've downloaded the latest release version of the BlackBack components (5.2.123) and had the customer install it to no avail. Prior to downloading the file we are opening up a session with with ElSimpleSSHClientX class and executing several commands. This portion is working ok, so I know that SSH communication with the server is definitely possible.
#5321
Posted: 03/08/2008 02:05:41
by Ken Ivanov (EldoS Corp.)

Thank you for your message.

Does the problem occur on every file download or from time to time?
#5407
Posted: 03/13/2008 11:53:11
by Bill Armstrong (Basic support level)
Joined: 07/14/2006
Posts: 22

Hi Innokentiy

Thanks for your reply. For some reason I didn't get an email that you had added a response (either that or I somehow missed the email).

Anyway to answer your question it is failing with every attempt to download. Normally I would suspect that there is a configuration problem on the server side that is preventing a connection from being established. The most common one that I've seen is Password Authentication being disabled on the server side. In this case however we are able to create a terminal connection and execute several commands using password authentication, so if it is a server configuration problem it is one that I haven't seen before.

Also the customer reports that he is able to download the same file using SFTP (I assume that he is doing this from another Linux box).

Bill
#5409
Posted: 03/13/2008 12:13:45
by Ken Ivanov (EldoS Corp.)

Thank you for the detailed response. Please enable SSH_AUTH_TYPE_KEYBOARD authentication type and check if this solves the issue.

BTW, please consider checking method results in your code. For instance, the following line

m_pftpClient->Open();

may return an error which will not be noticed. Please use the following notation instead:

if (SUCCEEDED(m_pftpClient->Open())) {
// ...
}

The results should be checked for each method being called.
#5412
Posted: 03/13/2008 13:13:25
by Bill Armstrong (Basic support level)
Joined: 07/14/2006
Posts: 22

Thanks for the quick reply.

The line of code that you are referring to (i.e. m_pftpClient->Open()) is actually calling a wrapper function that was generated by Visual Studio. This wrapper function is defined like so:

Code
inline HRESULT IElSimpleSftpClientX::Open ( ) {
    HRESULT _hr = raw_Open();
    if (FAILED(_hr)) _com_issue_errorex(_hr, this, __uuidof(this));
    return _hr;
}


As you can see, if the call to Open fails a _com_error exception will be thrown. This error will be caught in an exception handler that is not shown in the original code that I posted.

All of the IElSimpleSftpClientX methods have similar wrapper functions, so even though it doesn't look like I'm checking the return values, I actually am.

I have no problem with making a change to the code and sending it to the customer as long as there is a reasonable expectation that it might change the outcome. The code as it is written is working in many customer sites. Do you have a reason to suspect that adding SSH_AUTH_TYPE_KEYBOARD might solve the problem? We are not specifying it when opening up a terminal connection and that connection is not failing. Is there some conditions under which the BlackBox code is doing an interactive authentication 'under the hood' for SFTP connections?
#5414
Posted: 03/13/2008 13:48:10
by Ken Ivanov (EldoS Corp.)

Quote
The line of code that you are referring to (i.e. m_pftpClient->Open()) is actually calling a wrapper function that was generated by Visual Studio.

Then everything is OK. Sorry for confusion.

Quote
The code as it is written is working in many customer sites. Do you have a reason to suspect that adding SSH_AUTH_TYPE_KEYBOARD might solve the problem?

Well, it might help. Actually, keyboard-interactive authentication should be handled internally by ElSimpleSFTPClientX, but explicitly specifying it may help is some specific situations. So we recommend to make it always enabled.

We may try to get closer to the problem prior to sending the updated software to your customer. Please provide us the following information about the issue:
1. What is the size of the file(s) being downloaded,
2. What exactly method does fail with timeout error (we suppose it's the DownloadFile() one?),
3. Is some part of the file downloaded before the error is returned or no bytes are received at all,
4. Is OnError event fired before timeout problem occurs?

Thank you in advance.
#5724
Posted: 04/03/2008 10:49:29
by Bill Armstrong (Basic support level)
Joined: 07/14/2006
Posts: 22

Sorry it took me so long to reply. It took me some time to gather the information that you requested.

First of all it turns out that SSH_AUTH_TYPE_KEYBOARD is turned on by default. Since we are not explicitly dissabling it, it is already turned on.

We sent the customer an instrumented test program to get a better idea of what is happening. Essentially we added event handlers for all the possible events and added extensive logging to discover exactly what is happening during the copy. Here is the relevant content from the log file:

Code
CSBBClient::BindSFTP - Calling Open
CSFTPEventHandler::OnAuthenticationSuccess
Error: Connection timed out


Here is the relevant code to the log above:

Code
(*CSFTPEventHandler::m_pLogFile) << L"CSBBClient::BindSFTP - Calling Open\n";
m_pftpClient->Open();
(*CSFTPEventHandler::m_pLogFile) << L"CSBBClient::BindSFTP - Connection Opened\n";


As you can see, the exception is occurring during the call to Open. The authentication is succeeding and there is no OnError event being generated.

Let me know if you need any additional information.
#5731
Posted: 04/04/2008 02:26:45
by Ken Ivanov (EldoS Corp.)

It seems that SFTPBBoxCli.dll library is not registered properly. Please try to re-register all the libraries and try to connect again. Please note, that the DLL's must be registered in the following order:

BaseBBox.dll
PKIBBox.dll
SSHBBoxCli.dll
SFTPBBoxCli.dll
#5836
Posted: 04/10/2008 13:58:30
by Bill Armstrong (Basic support level)
Joined: 07/14/2006
Posts: 22

Here is the response that I got back from the support engineer who is working on the case:

Quote
Reregistering the DLL's had no affect.. The customer is still seeing the same thing

Let me know if you need anything else from the customer


Any more ideas?
#5848
Posted: 04/11/2008 08:24:04
by Ken Ivanov (EldoS Corp.)

Will it be possible for your customer to check if the problem is specific to client or server side? Please ask him to try to connect to some other server from his machine [using your application] and also to connect to the original server from some other client machine.

Actually, asking him is not necessary if all your customers connect to the same server (but some of them do succeed, while the others don't).
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 9043 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!