Enhanced Customer Data Repository (ECuRep) - FTP Help

• Check the connection
• Check for timeouts
• Videos

• Files not on the server
• Server error messages
• Common Firewall

• Passive mode
• Binary mode
• FTPS usage under z/OS

Check the connection

• The ping command does not work. The firewall blocks these requests.

  Note: If you are behind a firewall, ping generally only works within your local network.

• How far did the connection get or where did it fail?

  Run traceroute, which shows the path to the server. The last IP address is the probable source of connection failure. The command traceroute does not show the FTP server, the firewall blocks these requests.

  Note: If you are behind a firewall, traceroute generally only works within your local network.

  • MS/DOS command - tracert
  • Unix command - traceroute
  • MVS, VM, OS/390 command - tracerte

Back to top

Check for timeouts

The FTP server has a default timeout of 10 minutes for data transfer. If your session ends before this, it's likely due to the FTP client's settings, not the server. You can adjust the client's timeout by specifying it when initiating FTP (e.g., timeout=nn, where nn is in seconds). Consult your FTP client's documentation for specific parameters and syntax.
For large file transfers via batch FTP, the job can time out due to the TIME= parameter on the JOB card. To prevent this, you can compress the file using TRSMAIN, increase the TIME= parameter, or set it to 1440.

Back to top

Files not on the server

Files in the /toibm/xxx/ directory that don't follow the naming convention are automatically removed from the FTP server. If they're not handled by IBM Support, they'll be deleted after 7 days.
Due to security reasons, only the /toibm/ directories can be viewed on the server. Uploads are permitted only in sub-directories like /toibm/aix or /toibm/zos, not individual files. Only files in the /fromibm/<hash_key> sub-directories can be listed.

View the FTP site

Back to top

Server error messages

If you receive error messages from the server, a connection is occurring. The server returns a 'Permission Denied…' message for any of the following conditions:

• Permission Denied upload name.

  The file name cannot contain quotes or national characters (#,@,$). It can contain only a-z, A-Z, 0-9 and . (period).

• Permission Denied upload.

  The file already exists. You cannot replace existing files. Any 'replacements' must be loaded with a new file name.

• Permission Denied on Server.

  Invalid directory is specified. Uploads are only allowed for sub-directories of the /toibm directory, for example /toibm/aix, /toibm/zos ...

  View the FTP site

Back to top

Passive mode

"Passive" mode is the only mode supported for the ECuRep FTPS server. Further diagnosis can be performed to identify the failure. The server maintains logs of all activity, and the date and time of the transfer problem is needed for further diagnosis. Use the ticket for which the file is being transferred to report any FTP problems you are unable to resolve or send an email to contact@ecurep.ibm.com with a detailed error description including timestamps.

Back to top

Binary mode

It is recommended to use "binary " mode for FTP transmissions. If not, the server is getting incorrect data.

Back to top

Common Firewall

• I can connect to the FTP server. The connection hangs after the ls, dir, put or get command.

  Use passive FTP. This is done with the "passive" command for most command-line clients. If your client does not offer the passive command, it is using active FTP properly.

• My FTP client is using passive FTP, but the session still hangs after the ls, dir, put or get commands.

  Ask your firewall administrator to allow connections to the port range 65024 - 65535 for our FTP server.

• Your firewall may check the control connection for the protocol.

  Ask your firewall administrator about the setup of your firewall. For a CheckPoint Firewall-1 NG, for example, the new line character check must be disabled. Check out Solution ID sk22632.

Back to top

FTPS usage under z/OS

For z/OS FTPS usage, please refer to z/OS documentation within IBM Documentation for according z/OS FTPS setup

Please notice, that:
ftps.ecurep.ibm.com uses full RFC4217 level, which differs in sub-commands AUTH and CCC

ftps.ecurep.ibm.com uses RFC4217 and TLS1.2
The current and IBM recommended implementation is called Application Transparent Transport Layer Security AT-TLS or TTLS.
There is no way to use pre-RFC4217 CCCNONOTIFY.

Some firewalls need to read the port number on the PASV command to create dynamic rules.
Use of a CCC command before the PUT to clear the control connection might be needed.

Information on Traversing firewalls with SSL/TLS secure FTP (CCC command)

For additional information regarding certificates and IBMid / Transfer ID usage, please refer to FAQs About GDPR-related Changes to ECuRep and Testcase FTP File Uploads .

Information about the z/OS cipher suite definitions can be found at the reference for z/OS 2.4:

https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.gska100/csdcwh.htm?view=kc#csdcwh__telcsd

Back to top