FTPS failing, but only on some commands on some machines

I setup an FTP Server on IIS 10 on Server 2019. Got an SSL cert and got connections to it working on my home machine. The client I’m using is a program I wrote in VB.NET, but it uses an FTPS library in C# (a port of Alex’s FTPSClient to .NET 4.5). Anyway, all was good until I tried the same program on another machine, which was at my work. I got this error:

Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

The odd thing was, it connected successfully, and it was able to run certain commands, but once I tried to list a dir or upload a file, that’s when I get the error. I narrowed down the code that the error occurs in:

 private SslStream CreateSSlStream(Stream s, bool leaveInnerStreamOpen)
    {
        SslStream sslStream = new SslStream(s, leaveInnerStreamOpen,
            new RemoteCertificateValidationCallback(ValidateServerCertificate),
            null //new LocalCertificateSelectionCallback(ValidateClientCertificate)
            );

        sslStream.ReadTimeout = timeout;
        sslStream.WriteTimeout = timeout;

        X509CertificateCollection clientCertColl = new X509CertificateCollection();
        if (sslClientCert != null)
            clientCertColl.Add(sslClientCert);

        sslStream.AuthenticateAsClient(hostname, clientCertColl, SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls, false);

        CheckSslAlgorithmsStrength(sslStream);

        return sslStream;
    }

It happens on the AuthenticateAsClient call. I can step through that same line just fine earlier when it’s connecting. It’s only when I try to run certain commands that that line fails.

Then I tried it on another machine on a different network and it didn’t even get that far. Instead I got an error that "the connected party did not respond etc/etc" and the error lists the server’s IP and port (which is one of the ports I’ve reserved for passive FTP).

But I can use passive FTP just fine on both of these machines if I turn off SSL.

So, FTP and FTPS working just fine on one machine, FTP working fine on two other machines, but FTPS failing to even connect on one of those, and FTPS connecting, but can’t do much after that on the other.

What could be causing this and how would I begin to address it? My first thought was "firewall" (it being on a corporate network), but if it was the firewall, it wouldn’t be able to connect at all, right? And it wouldn’t be able to connect passive without SSL either, since those use the same ports. Could it be a proxy? I’m just stabbing in the dark here, cause I’m at a loss.

EDIT:

I installed WinSCP and turned on verbose logging. This is what I got. I get a different error in WinSCP than I do in my client, but it’s on the same step (trying to do anything in Passive: list/upload/etc).

. 2020-12-19 09:02:29.846 --------------------------------------------------------------------------
. 2020-12-19 09:02:29.846 Session name: [email protected] (Ad-Hoc site)
. 2020-12-19 09:02:29.846 Host name: mydomain.com (Port: 21)
. 2020-12-19 09:02:29.846 User name: myuser (Password: Yes, Key file: No, Passphrase: No)
. 2020-12-19 09:02:29.846 Transfer Protocol: FTP
. 2020-12-19 09:02:29.846 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2020-12-19 09:02:29.846 Disable Nagle: No
. 2020-12-19 09:02:29.846 Proxy: None
. 2020-12-19 09:02:29.846 Send buffer: 262144
. 2020-12-19 09:02:29.846 UTF: Auto
. 2020-12-19 09:02:29.846 FTPS: Explicit TLS/SSL [Client certificate: No]
. 2020-12-19 09:02:29.846 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto
. 2020-12-19 09:02:29.846 Session reuse: Yes
. 2020-12-19 09:02:29.846 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2020-12-19 09:02:29.846 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2020-12-19 09:02:29.846 Cache directory changes: Yes, Permanent: Yes
. 2020-12-19 09:02:29.846 Recycle bin: Delete to: No, Overwritten to: No, Bin path: 
. 2020-12-19 09:02:29.846 Timezone offset: 0h 0m
. 2020-12-19 09:02:29.846 --------------------------------------------------------------------------
. 2020-12-19 09:02:29.846 Session upkeep
. 2020-12-19 09:02:29.861 Connecting to mydomain.com ...
. 2020-12-19 09:02:29.861 TLS layer changed state from unconnected to connecting
. 2020-12-19 09:02:29.877 TLS layer changed state from connecting to connected
. 2020-12-19 09:02:29.877 Connected with mydomain.com, negotiating TLS connection...
< 2020-12-19 09:02:29.893 220 Microsoft FTP Service
> 2020-12-19 09:02:29.893 AUTH TLS
< 2020-12-19 09:02:29.924 234 AUTH command ok. Expecting TLS Negotiation.
. 2020-12-19 09:02:29.955 TLS connect: SSLv3/TLS write client hello
. 2020-12-19 09:02:29.955 TLS connect: SSLv3/TLS read server hello
. 2020-12-19 09:02:29.955 TLS connect: SSLv3/TLS read server certificate
. 2020-12-19 09:02:29.955 TLS connect: SSLv3/TLS read server key exchange
. 2020-12-19 09:02:29.955 TLS connect: SSLv3/TLS read server done
. 2020-12-19 09:02:29.970 TLS connect: SSLv3/TLS write client key exchange
. 2020-12-19 09:02:29.970 TLS connect: SSLv3/TLS write change cipher spec
. 2020-12-19 09:02:29.970 TLS connect: SSLv3/TLS write finished
. 2020-12-19 09:02:29.986 TLS connect: SSLv3/TLS write finished
. 2020-12-19 09:02:29.986 TLS connect: SSLv3/TLS read change cipher spec
. 2020-12-19 09:02:29.986 TLS connect: SSLv3/TLS read finished
. 2020-12-19 09:02:29.986 Verifying certificate for "" with fingerprint xxxxxxx and 20 failures
. 2020-12-19 09:02:29.986 Certificate common name "mydomain.com" matches hostname
. 2020-12-19 09:02:30.283 Certificate verified against Windows certificate store
. 2020-12-19 09:02:30.283 Using TLSv1.2, cipher TLSv1.2: xxxxxxx, 3072 bit RSA, xxxxxxxx TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
. 2020-12-19 09:02:30.314 TLS connection established. Waiting for welcome message...
> 2020-12-19 09:02:30.314 USER myuser
< 2020-12-19 09:02:30.314 331 Password required
> 2020-12-19 09:02:30.314 PASS ********
< 2020-12-19 09:02:30.345 230 User logged in.
> 2020-12-19 09:02:30.345 SYST
. 2020-12-19 09:02:30.361 The server is probably running Windows, assuming that directory listing timestamps are affected by DST.
< 2020-12-19 09:02:30.361 215 Windows_NT
> 2020-12-19 09:02:30.361 FEAT
< 2020-12-19 09:02:30.377 211-Extended features supported:
< 2020-12-19 09:02:30.377  LANG EN*
< 2020-12-19 09:02:30.377  UTF8
< 2020-12-19 09:02:30.377  AUTH TLS;TLS-C;SSL;TLS-P;
< 2020-12-19 09:02:30.377  PBSZ
< 2020-12-19 09:02:30.377  PROT C;P;
< 2020-12-19 09:02:30.377  CCC
< 2020-12-19 09:02:30.377  HOST
< 2020-12-19 09:02:30.377  SIZE
< 2020-12-19 09:02:30.377  MDTM
< 2020-12-19 09:02:30.377  REST STREAM
< 2020-12-19 09:02:30.377 211 END
> 2020-12-19 09:02:30.377 OPTS UTF8 ON
< 2020-12-19 09:02:30.408 200 OPTS UTF8 command successful - UTF8 encoding now ON.
> 2020-12-19 09:02:30.408 PBSZ 0
< 2020-12-19 09:02:30.424 200 PBSZ command successful.
> 2020-12-19 09:02:30.424 PROT P
< 2020-12-19 09:02:30.439 200 PROT command successful.
. 2020-12-19 09:02:30.439 Session upkeep
. 2020-12-19 09:02:30.502 Connected
. 2020-12-19 09:02:30.502 Got reply 1 to the command 1
. 2020-12-19 09:02:30.502 --------------------------------------------------------------------------
. 2020-12-19 09:02:30.502 Using FTP protocol.
. 2020-12-19 09:02:30.502 Doing startup conversation with host.
> 2020-12-19 09:02:30.517 PWD
< 2020-12-19 09:02:30.549 257 "/" is current directory.
. 2020-12-19 09:02:30.549 Got reply 1 to the command 16
. 2020-12-19 09:02:30.549 Getting current directory name.
. 2020-12-19 09:02:30.596 Retrieving directory listing...
> 2020-12-19 09:02:30.596 TYPE A
< 2020-12-19 09:02:30.611 200 Type set to A.
> 2020-12-19 09:02:30.611 PASV
< 2020-12-19 09:02:30.627 227 Entering Passive Mode (123,123,123,123,123,123).
> 2020-12-19 09:02:30.627 LIST -a
. 2020-12-19 09:02:30.627 Connecting to 123.123.123.123:123 ...
. 2020-12-19 09:02:30.658 Data connection opened
. 2020-12-19 09:02:30.658 Trying reuse main TLS session ID
< 2020-12-19 09:02:30.658 150 Opening ASCII mode data connection.
. 2020-12-19 09:02:30.658 TLS layer changed state from none to connected
. 2020-12-19 09:02:30.658 TLS layer changed state from connected to aborted
. 2020-12-19 09:02:30.658 Data connection closed
. 2020-12-19 09:02:30.658 <Empty directory listing>
< 2020-12-19 09:02:30.674 550 The specified network name is no longer available. 
. 2020-12-19 09:02:30.674 Could not retrieve directory listing
. 2020-12-19 09:02:30.674 Got reply 4 to the command 2
. 2020-12-19 09:02:30.689 LIST with -a failed, will try pure LIST
. 2020-12-19 09:02:30.689 Retrieving directory listing...
> 2020-12-19 09:02:30.689 TYPE A
< 2020-12-19 09:02:30.705 200 Type set to A.
> 2020-12-19 09:02:30.705 PASV
< 2020-12-19 09:02:30.736 227 Entering Passive Mode (123,123,123,123,123,123).
> 2020-12-19 09:02:30.736 LIST
. 2020-12-19 09:02:30.736 Connecting to 123.123.123.123:123 ...
< 2020-12-19 09:02:30.752 150 Opening ASCII mode data connection.
. 2020-12-19 09:02:30.752 Data connection opened
. 2020-12-19 09:02:30.752 Trying reuse main TLS session ID
. 2020-12-19 09:02:30.752 TLS layer changed state from none to connected
. 2020-12-19 09:02:30.752 TLS layer changed state from connected to aborted
. 2020-12-19 09:02:30.752 Data connection closed
. 2020-12-19 09:02:30.752 <Empty directory listing>
< 2020-12-19 09:02:30.783 550 The specified network name is no longer available. 
. 2020-12-19 09:02:30.783 Could not retrieve directory listing
. 2020-12-19 09:02:30.783 Got reply 4 to the command 2
* 2020-12-19 09:02:30.861 (ECommand) Error listing directory '/'.
* 2020-12-19 09:02:30.861 Could not retrieve directory listing
* 2020-12-19 09:02:30.861 The specified network name is no longer available. 
. 2020-12-19 09:04:30.099 Dummy directory read to keep session alive.
. 2020-12-19 09:04:30.099 Retrieving directory listing...
> 2020-12-19 09:04:30.099 TYPE A
< 2020-12-19 09:04:30.115 200 Type set to A.
> 2020-12-19 09:04:30.115 PASV
< 2020-12-19 09:04:30.146 227 Entering Passive Mode (123,123,123,123,123,123).
> 2020-12-19 09:04:30.146 LIST
. 2020-12-19 09:04:30.146 Connecting to 123.123.123.123:123 ...
. 2020-12-19 09:04:30.162 Data connection opened
. 2020-12-19 09:04:30.162 Trying reuse main TLS session ID
< 2020-12-19 09:04:30.162 150 Opening ASCII mode data connection.
. 2020-12-19 09:04:30.162 TLS layer changed state from none to connected
. 2020-12-19 09:04:30.162 TLS layer changed state from connected to aborted
. 2020-12-19 09:04:30.162 Data connection closed
. 2020-12-19 09:04:30.162 <Empty directory listing>
< 2020-12-19 09:04:30.193 550 The specified network name is no longer available. 
. 2020-12-19 09:04:30.193 Could not retrieve directory listing
. 2020-12-19 09:04:30.193 Got reply 4 to the command 2

ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;

sslStream.AuthenticateAsClient(hostname, clientCertColl, SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls, false);