WinSCP fails to access via PAM and shows Network Error

Document ID : KB000075933
Last Modified Date : 03/04/2018
Show Technical Document Details
Issue:
Similar to the following, SFTP service has been setup under Services > TCP/UDP services for WinSCP access.

Basic Info:
  Service Name: mysftp
  Local IP: 127.0.0.222
  Port(s): 22
  Protocol: TCP
Administration:
  Enable: <selected>
  Application Protocol: Disabled 
  Client Application: "C:\Program Files (x86)\WinSCP\WinSCP.exe" sftp://<User>:<Password>@<Local IP> <First Port>

Policy has been setup so that a user can access this service to a target SFTP server.
However, when the user click the service link on his/her Access page the connection fails and WinSCP shows the following error dialog.

Network error: Connection to "127.0.0.222" refused.
The server rejected SFTP connection, but it listes for FTP connections.
Did you want to user FTP protocol instead of SFTP? Prefer using encryption.


When Restart Session is executed on the Access page, the following error was shown too.

The following loopback address could not be loaded:
127.0.0.222:22
Some Access Methods and Services may not work as expected until this error is fixed. Please contact your System Administrator.


 
Environment:
PAM 2.8.3
WinSCP 5.11.x
Cause:
There is a 3rd party process in the PAM Client machine, where WinSCP was launched on, that is using TCP/22 port. For example, the 3rd party process is BvSshServer.exe. Because of this process, PAM Client failed to load TCP/22 port on any specified loopback address and caused this issue.
Resolution:
Close PAM Client if any and then launch a DOS prompt on the PAM Client machine and run the following command
    netstat -aon | findstr ":22"

E.g. if you get the following result
    TCP    0.0.0.0:22       0.0.0.0:0       LISTENING     1228
then it means process with process ID (PID) equals to 1228 is using TCP/22 port. Now, launch Task Manager and go to its Details tab, add PID column if not exist, and find for the process. Shutdown the process, do Restart Session and try to access the service again.