Set EPSV4 to OFF and give a try . Regards, Linda
On Fri, Aug 19, 2016 at 7:00 PM, Kurt Quackenbush <ku...@us.ibm.com> wrote: > On 8/18/2016 10:44 AM, b...@jndata.dk wrote: > >> Hi' >> We had same issue (SSL mandatory) with SMP/E Receive Order jobs this week >> and we have corrected our jobs to recommend FTP option, so now we gets a >> new FTP problem: >> -------- >> EZA1701I >>> RETR /2016081863489/PROD/GIMPAF.XML >> SC2035 connDsConnection: entered >> SC2129 connDsConnectionIPv4: entered >> SC2297 connDsConnectionIPv4: connect() failed on socket 6, retry_conn = 0 >> - EDC8 >> 127I Connection timed out. (errno2=0x76630291) >> SC7576 update_data_appldata: entered >> FU1864 getNegotiatedTLSvalues: entered >> GU5349 ftpSetApplData: entered >> GU5361 ftpSetApplData: ioctl() failed on SIOCSAPPLDATA - EDC5113I Bad >> file descr >> iptor. (errno2=0x1015011C) >> CG1980 SETCEC code = 8 >> CG1982 hfs_rcvFile: could not get a data connection >> EZA1636I *** I can't open a data-transfer connection: >> SC3277 getReply: entered >> SC4343 getNextReply: entered with waitForData = TRUE >> 425 Can't open data connection. >> SC4035 getLastReply: entered >> CG1499 pcgCleanup: entered >> MF0629 seq_close_file: entered >> MF0783 seq_close_file: file closed >> MV2310 seq_delete_file: entered >> MV2316 seq_delete_file: file=/u/SMPNTS/smpeauto/ORD000 >> 92-18August2016-11.32.34/G >> IMPAF.XML >> ----- >> >> Any hints/tips to what we are missing ???. >> > > Looks to me like your firewall is getting in the way. > > Does any one know which ports SFTP uses compared to FTP traffic against >> this IBM IP-dest. ?? >> > > It is FTPS, not sftp, and the data connection ports are not statically > defined. Passive FTP data connection ports on the IBM servers are defined > as a range, I believe 65024 through 65535. > > Could it be Firewall changes we are missing, after changing to SFTP >> options ??. >> > > Yes, I suspect it is your firewall that is blocking the data connection. > > I highly recommend you try using https instead of ftps, by adding the > following to your <CLIENT> specification: > > downloadmethod=”https” > downloadkeyring=”javatruststore” > javahome="/usr/lpp/java/Jn.n" > > where javahome of course points to your installed and preferred level of > java. Firewalls and proxies are generally much more tolerant of https than > they are of ftps. > > > Kurt Quackenbush -- IBM, SMP/E Development > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN