How to Resolve “Valid hostname is expected” Error in IIS 10 FTP Virtual Host Configuration


4 views

When configuring multiple FTP sites in IIS 10 using virtual hostnames, you might encounter the frustrating "331 Valid hostname is expected" error during client connection attempts. This typically occurs when the FTP server can't properly route the connection to the correct virtual host.

The IIS FTP virtual hosting feature requires three essential components to work correctly:

  1. A properly formatted binding in applicationHost.config
  2. Correct DNS records pointing to your server
  3. Proper client connection syntax

The initial configuration had several problematic elements:


<binding protocol="ftp" bindingInformation="127.0.0.1:21:www.telefonievergelijken.nl" />

Key issues:

  • Using 127.0.0.1 prevents external connections
  • Missing host header format in client connection
  • Potential DNS resolution problems

1. Correct Binding Configuration

Modify your site binding in applicationHost.config:


<binding protocol="ftp" bindingInformation="*:21:www.telefonievergelijken.nl" />

2. Proper Client Connection Format

When connecting via FTP client (FileZilla in this case), use the exact syntax:


HOST: www.telefonievergelijken.nl
USERNAME: www.telefonievergelijken.nl|tv_ftp
PASSWORD: [your_password]

3. DNS Configuration

Ensure your DNS has:

  • An A record for www.telefonievergelijken.nl pointing to your server IP
  • Proper reverse DNS (PTR) record
  • Consider adding ftp.telefonievergelijken.nl as CNAME

Checking FTP Logs

Enable detailed logging in IIS:


<system.applicationHost>
    <logFile 
        logFormat="W3C" 
        directory="C:\inetpub\logs\LogFiles" 
        logExtFileFlags="Date, Time, ClientIP, UserName, SiteName, ComputerName, ServerIP, Method, UriStem, UriQuery, HttpStatus, Win32Status, BytesSent, BytesRecv, TimeTaken, ServerPort, UserAgent, Cookie, Referer, ProtocolVersion, Host, HttpSubStatus" />
</system.applicationHost>

Testing with Command Line

Verify basic connectivity first:


> telnet www.telefonievergelijken.nl 21
220 Microsoft FTP Service

While fixing the connection issue, don't compromise security:

  • Implement FTP over SSL (FTPS)
  • Restrict IP access ranges
  • Use complex credentials for FTP accounts
  1. Incorrect hostname format in client connection
  2. Firewall blocking port 21 (or your custom FTP port)
  3. Windows Firewall interfering with connections
  4. Antivirus software blocking FTP traffic

A properly configured site section should look like:


<site name="FTP-TV" id="4">
    <application path="/">
        <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" 
            userName="tv_ftp" 
            password="[enc:AesProvider:...]" />
    </application>
    <bindings>
        <binding protocol="ftp" bindingInformation="*:21:www.telefonievergelijken.nl" />
    </bindings>
    <ftpServer>
        <security>
            <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
            <authentication>
                <basicAuthentication enabled="true" />
                <clientCertAuthentication enabled="false" />
            </authentication>
            <sslControlChannelPolicy="SslRequire" />
        </security>
    </ftpServer>
</site>

When configuring multiple FTP sites on IIS 10 with virtual hostnames, many administrators encounter the frustrating "331 Valid hostname is expected" error during client connections. This typically occurs when the FTP server expects the client to provide a specific hostname format during authentication.

The error sequence you're seeing:

Command:    USER tv_ftp
Response:   331 Valid hostname is expected.
Command:    PASS ***********
Response:   503 Login with USER first.

Indicates that IIS is expecting the username to include the virtual host identifier. This is part of IIS's FTP virtual hosting implementation.

Your binding configuration looks mostly correct, but needs adjustment:

<bindings>
    <binding protocol="ftp" bindingInformation="85.214.200.30:21:www.telefonievergelijken.nl" />
</bindings>

Note the three-part binding format: IP:Port:Hostname

For virtual host FTP connections, clients must format credentials as:

username@hostname|username
OR
hostname|username

In FileZilla, you need to use either:

  • Host: ftp.telefonievergelijken.nl
  • Username: www.telefonievergelijken.nl|tv_ftp
  • Password: [your password]

Here's a properly configured FTP site section:

<site name="FTP-TV" id="4">
    <application path="/">
        <virtualDirectory path="/" physicalPath="E:\telefonievergelijken\wwwroot" 
             userName="tv_ftp" password="[encrypted]" />
    </application>
    <bindings>
        <binding protocol="ftp" bindingInformation="85.214.200.30:21:www.telefonievergelijken.nl" />
    </bindings>
    <ftpServer>
        <security>
            <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
            <authentication>
                <basicAuthentication enabled="true" />
            </authentication>
        </security>
    </ftpServer>
</site>

If you're still experiencing issues:

  1. Verify DNS resolution for your FTP hostname
  2. Check Windows Firewall for port 21 access
  3. Confirm the FTP service is bound to the correct IP
  4. Enable FTP logging in IIS for detailed error analysis

For command-line testing:

ftp
open 85.214.200.30
username: www.telefonievergelijken.nl|tv_ftp
password: ********

Or using curl:

curl ftp://www.telefonievergelijken.nl --user "www.telefonievergelijken.nl|tv_ftp:password"

Remember that virtual host FTP implementations vary between clients, so testing with multiple clients can help isolate client-specific issues.