SFTP server best practices and troubleshooting
SFTP server best practices
When managing files and data for ETL purposes, these files are stored on a hosted SFTP server provided by Adobe. This SFTP is designed to be a temporary storage space on which you can control retention and deletion of files.
When not correctly used or monitored, this space can quickly fill the physical space available on the server and lead to files being truncated on subsequent uploads. Once the space saturated, automatic purge may trigger and erase oldest files from the SFTP storage.
To avoid such problems, Adobe recommends following the best practices below.
If your instance is hosted on AWS, you can monitor your SFTP server storage with the Campaign Classic Control Panel .
To check if your instance is hosted on AWS, follow the steps detailed in this section .
- The server size capabilities vary according to your license. In any case, keep the minimum data possible, and keep data for only as long as required (15 days is the maximum time limit).
- Use key based authentication rather than password authentication, in order to avoid password expiration (passwords have a validity period of 90 days). Moreover, key based authentication lets you generate multiple keys, for example when managing multiple entities. On the contrary, password authentication requires that you share the password with all the entities you are managing.The supported key format is SSH-2 RSA 2048. Keys can be generated with tools like PyTTY (Windows), or ssh-keygen (Unix).You will have to provide the public key to Adobe Support team via a support ticket to have it uploaded on the Campaign server.
- Use workflows to properly delete the data (manage the retention from workflows consuming the data).
- Use batching in SFTP uploads as well as in workflows.
- Handle errors/exceptions.
- Occasionally, log-in to SFTP to directly check what is lying there.
- Remember that SFTP disk management is primarily your responsibility.
- By default, all the folders you create are in Read/Write mode for your identifier only. When creating folders that need to be accessed by Campaign, make sure to configure them with Read/write rights for the whole group. Otherwise, workflows may not be able to create / delete files as they are run under a different identifier within the same group for security reasons.
- The public IPs from which you are trying to initiate the SFTP connection must be added to the allow list on the Campaign instance. Adding IP addresses to the allow list can be requested via a support ticket .
If you use your own SFTP server, make sure to follow the recommendations above as much as possible.
Connection issues with Adobe hosted SFTP server
The section below lists the information to check and provide to the Adobe Support team via a support ticket when encountering connection issues with Adobe hosted SFTP servers.
- Check that your instance is running. To do this, open your browser, then make a GET call on the instance /r/test endpoint:
https://instanceUrl/r/testIf the instance is running, you should get this type of response:
<redir status='OK' date='YYYY-MM-DD HH:MM:SS' build='XXXX' instance='instanceName' sourceIP='AAA.BB.CCC.DD' host='instanceUrl' localHost='instanceName'/>In any case, provide the command response in the support ticket.
- Check if the outbound port 22 is opened at the site from which you are trying to initiate the SFTP connection. To do this, use the following command:
bash-3.2$ nc -vz <SFTP_URL> 22 # Replace the SFTP_URL with actual SFTP instance URL # If the port 22 is opened you will see output similar to the below one # for e.g. the output for the command on myCompany-stage-sftp.neolane.net after ssh-out, will give bash-3.2$ nc -vz myCompagny-stage-sftp.neolane.net 22 myCompany-stage-sftp.neolane.net [AAA.BBB.CCC.D] 22 (ssh) openThe Netcat tool lets you easily manage network connections on various operating systems (see https://eternallybored.org/misc/netcat/ ).If the port is not opened, make sure to open outbound connections at your side, then try again. If you still meet connection issues, share the output of the command with Adobe Support team.
- Check that the public IP from which you are trying to initiate the SFTP connection is the one you provided to the Adobe Support for the allow list.
- If you are using a password-based authentication, your password may have expired (passwords have a 90 days validity period). We therefore strongly recommend using a key based authentication (see SFTP server best practices ).
- If you are using a key based authentication, check that the key you are using is the same that you provided to Adobe Support team for the instance configuration.
- If you are using FileZilla or an equivalent FTP tool, provide the connection logs details in the support ticket.
"Couldn't resolve host name" error
This section provides information on the checks and action to perform when getting the "Couldn't resolve host name" error after connecting to FTP server from Campaign Classic.
The workflow journal shows the following logs:
16/05/2016 12:49:03 fileTransfer Upload error in cURL 16/05/2016 12:49:03 fileTransfer Couldn't resolve host name 16/05/2016 12:49:03 fileTransfer Couldn't resolve host name 16/05/2016 12:49:03 fileTransfer Starting transfer of '/usr/local/neolane/nl6/var/williamreed/export/Recipients' to 'ftp://18.104.22.168/Recipients' 16/05/2016 12:49:03 fileTransfer 1 file(s) to transfer
This error occurs when trying to connect the FTP server from a workflow and downloading the files from the server, while you are still able to connect via FTP using FileZilla or WinSCP.
This error indicates that FTP server domain name could not be resolved properly. To troubleshoot, do the following:
- Troubleshoot DNS server configuration :
- Check if the server name has been added into the local DNS server.
- If yes, run the following command on Adobe Campaign server to get the IP address:nslookup <server domain name>This confirms the FTP server is working and reachable from Adobe Campaign application server.
- Troubleshoot session logs :
- In the workflow, double-click the File transfer activity.
- Go to File Transfer tab, then click Advanced Parameters .
- Check the Display the session logs option.
- Go to the workflow Audit and check if the logs show the 'Couldn't resolve host name' error.
- If the SFTP server is hosted by Adobe, check whether IP is added to the allow list by contacting Customer Care.Otherwise validate:
- The password doesn't contain '@'. The connection failed if there is '@' in the password.
- There are no firewall issues which can hamper communication between Adobe Campaign application server and SFTP server.
- Run tracert and telnet commands from the campaign server to the sftp to see if there are any connection issues.
- There are no communication protocol issues.
- Port is open.