Overview:
Failure to Establish FTP Control Connection with Vault
Root Cause:
Possible causes for not being able to establish TCP connection to port 21 on Host:
- Incorrect Host setting
- Incorrect Port
- Customer-side firewall restrictions
Solution:
- Incorrect Host setting
- Ensure the Domain name of Vault is correct.
- If NLB(Network Load Balancing) is bypassed (Host setting set to vlt-<PODID>-ftp.veevavault.com) make sure the Vault is on the POD specified.
- Incorrect Port
- Ensure port is set to 21. This is the default port for Explicit FTPS (FTPES).
- Implicit FTPS is not supported and defaults to port 990. Vault's service is strictly PASSIVE mode Explicit FTPS.
- Customer-side firewall restrictions
- Ensure the firewall has open outbound connections to port 21 on the FTP server.
- Windows(see link below for further instruction on setting up telnet):
telnet yourdomain.com 21
- macOS:
nc -vz yourdomain.com 21
- Windows(see link below for further instruction on setting up telnet):
- Ensure the firewall has open outbound connections to port 21 on the FTP server.
-
- If your destination IP range is restricted, contact Veeva Support to know IP Ranges that should be used.
- As the IP address of the NLB changes with every major release, if you have a specific IP in your rule and not the range, that would correlate to the service failing after a major release. It is recommended that customers always use IP address ranges to avoid this issue.
Related Documentation:
Vault Help Documentation: Veeva IP Addresses
TelNet Documentation: How to Check If FTP Port 21 Is Not Blocked
Send us your feedback: We're always looking for feedback to help improve our Knowledge Base! Please let us know if this article was helpful or provide feedback on how we can improve your experience here.