IBM Support

Enhanced Customer Data Repository (ECuRep) - FTP Help

General Page


Check the connection

  • The ping command will not work. The firewall will block these requests

    Note: If you are behind a firewall, ping generally only works within your local network.

  • How far did the connection get or where did it fail?

    Run traceroute, which shows the path to the server. The last IP address is the probable source of connection failure. The command traceroute will not show the FTP server, the firewall will block these requests

    Note: If you are behind a firewall, traceroute generally only works within your local network.

    • MS/DOS command - tracert
    • Unix command - traceroute
    • MVS, VM, OS/390 command - tracerte

Check for timeouts

The FTP server timeout is 10 minutes if no data transfer. If your FTP session times out in less than 10 minutes, it is not the server that is timing out. The timeout value for the FTP client can usually be specified when FTP is invoked (i.e. timeout=nn where nn is in seconds). Check the documentation for the FTP client you are using to verify the parameters and/or syntax.

If you are submitting a large file via batch FTP, the batch job may time out. This is a function of the TIME= parameter on the JOB card. The file size can be reduced by compression (TRSMAIN), or the TIME= parameter can be increased or set to 1440.

Files not on the server

Files received in /toibm/xxx/ directory not following the defined naming convention are routinely purged from the FTP server. These files require manual intervention by your IBM service representative or they are deleted after 7 days.

Because of security considerations, the display of files on the server site '/toibm/' directories is limited to the directories themselves. Uploads are only allowed for sub-directories of the /toibm directory, e.g. /toibm/aix, /toibm/zos. No individual files can be listed. Only files in the '/fromibm/<hash_key>' sub-directories may be listed.

Server error messages

If you receive error messages from the server, a connection is occurring. The server will return a 'Permission Denied…' message for any of the following conditions:

  • Permission Denied upload name.

    The filename cannot contain quotes or national characters (#,@,$). It can contain only a-z, A-Z, 0-9 and . (period).

  • Permission Denied upload.

    The file already exists. You cannot replace existing files. Any 'replacements' must be loaded with a new file name.

  • Permission Denied on Server.

    Invalid directory is specified. Uploads are only allowed for sub-directories of the /toibm directory, e.g. /toibm/aix, /toibm/zos ...

Passive mode

It is strongly recommended that to use "passive" mode for FTP transmissions. "Passive" mode is the only mode supported for the ECuRep FTPS server. Active FTP support is planned to be discontinued for ECuRep.

If none of these procedures solves the problem, further diagnosis can be performed to identify the failure. The server maintains logs of all activity, and the date and time of the transfer problem is needed for further diagnosis. Use the ticket for which the file is being transferred to report any FTP problems you are unable to resolve or send an email to with a detailed error description including timestamps.

Binary mode

It is recommended to use "binary " mode for FTP transmissions. If not, the server will get incorrect data.

Common Firewall


FTPS usage under z/OS

Please notice, that: utilizes RFC4217 DRAFT level, and in future utilizes full RFC4217 level, which differ in sub-commands AUTH and CCC uses:
RFC4217 and TLS1.2
The current and IBM recommended implementation is called Application Transparent Transport Layer Security AT-TLS or TTLS.
There is no way to use pre-RFC4217 CCCNONOTIFY.

Some firewalls need to read the port number on the PASV command to create dynamic rules.
Use of a CCC command before the PUT to clear the control connection might be needed.

For additional information regarding certificates and IBM ID / Transfer ID usage, please refer to FAQs About GDPR-related Changes to ECuRep and Testcase FTP File Uploads .

Information about the z/OS cipher suite definitions can be found at the reference for z/OS 2.4:

Related links

[{"Type":"MASTER","Line of Business":{"code":"","label":""},"Business Unit":{"code":"","label":""},"Product":{"code":"ECUREP","label":"ECuRep notice"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
26 July 2021