FTP Non-SSL Fails with 534 Reply Code

Resolving The Problem

This document describes how to troubleshoot when a non-SSL FTP fails with 534 reply code.

The FTP session will display the following messages:

Connecting to host LPDAC710.RCHLAND.IBM.COM at address 9.5.67.75
using port 21.                                                              
 220-QTCP at LPDAC71X..ibm.com.                                
 220 Connection will close if idle more than 500 minutes.            
FTPUSR                                                            
 534-FTP server configuration requires encryption.                    
 534 AUTH must precede USER.    

This message appears immediately after pressing Enter and after typing the profile name.
You should review the parameter of Allow secure sockets layer in CHGTCPA.
The values for this parameter are as follows:

Allow secure sockets layer . . .    *SAME, *YES, *NO, *ONLY      

If a user is attempting to use non-SSL and the CHGFTP parameter of Allow secure sockets
layer is set to *ONLY, this scenario will trigger these 534 server reply codes.

You should do one of the following to solve this problem:

Use SSL FTP to this server

OR

In CHGFTPA, change the allow secure sockets layer to *YES.