Clients Can't Establish Connection

The following diagram shows the troubleshooting procedure if clients can't establish a FASP transfer connection to your Connect Server. Follow the instructions to identify and resolve problems:

Clients cannot connect to your Connect Server
  1. Test SSH ports and HTTP port
    To verify the SSH and HTTP connection ports, on the client machine, open a Terminal or a Command Prompt, and use the telnet command to test it. For example, to test connection to a computer (10.0.1.1) through a port (TCP/33001), use this command:
    # telnet 10.0.1.1 33001

    On Connect Server, test both the SSH connection ports and the web server ports (HTTP and HTTPS).

    If the client cannot establish connections to your Connect Server, verify the port number and the firewall configuration on the Connect Server machine.

  2. Test UDP ports
    If you can establish an SSH connection but not a FASP file transfer, there might be a firewall blockage of FASP's UDP port. Please verify your UDP connection.
  3. Verify SSH service status
    If there is no firewall blockage between the client and your Connect Server, on the client machine, try establishing a SSH connection in a Terminal or a Command Prompt: (Connect Server address: 10.0.1.1, TCP/33001)
    # ssh aspera_user_1@10.0.1.1 -p 33001

    If the SSH service runs normally, the client should see a message prompting to continue the connection or for a password. However, if you see a "Connection Refused" message, which indicates that the SSH service isn't running, review your SSH service status. Ignore the "permission denied" message after entering the password, which is discussed in next steps.

  4. Applied authentication method is enabled in SSH
    If you can establish a SSH connection, but it returns "permission denied" message, the SSH Server on your Connect Server may have password authentication disabled:
    Permission denied (publickey,keyboard-interactive).

    Open your SSH Server configuration file with a text editor:

    /etc/ssh/sshd_config

    To allow public key authentication, add or uncomment the PubkeyAuthentication yes. To allow password authentication, add or uncomment PasswordAuthentication yes. Here is a configuration example:

    ...
    PubkeyAuthentication yes
    PasswordAuthentication yes
    ...

    To reload SSH service, execute the following command:

    $ pfexec svcadm refresh ssh
  5. Verify the Apache configuration.
    If the client can access your Connect Server through the HTTP or HTTPS port, but the client's browser doesn't bring up Aspera Web UI, there may be configuration problems when setting up the IIS. Refer to Configuring the Apache Server to Host the Connect Server Web UI and review the configuration.
  6. Verify that the user credentials are correct, and has sufficient access permissions to its docroot

    To make sure that the client can establish a SSH connection to your Connect Server, and has correct system user credentials, execute this command on the client machine: (Connect Server address: 10.0.1.1, login: aspera_user_1/aspera)

    $ ssh aspera_user_1@10.0.1.1 -p 33001
    aspera_user_1@10.0.1.1's password:

    Enter the user's password when prompted. If you see "Permission denied" message, you may have a wrong user credentials, or the user account doesn't have sufficient access permissions to its docroot. Refer to Setting Up Transfer Users for instructions about setting up the user account, and review the user's docroot directory's permissions.

  7. Verify that the user is set up for Web UI authentication
    In addition to SSH authentication, Connect Server uses Apache's authentication to authorize Web UI access. If the client can establish SSH connections, but cannot pass the authentication over web browser, it is likely that the user account is not configured for Web UI correctly. To do so, execute the following command: (User name: aspera_user_1)
    $ htpasswd /opt/aspera/etc/webpasswd aspera_user_1
    Important: Use the -c option ONLY if this is the first time running htpasswd to create the webpasswd file. Do not use the -c option otherwise.

If you still encounter connection problems after going through these steps, contact Technical Support.