Resolving stuck nack: transfers stuck at 99%


In some environments you may encounter an issue where transfers are unable to finish after progressing to 99% completion. Transfers are unable to end, even after multiple transfer attempts.

The cause of this problem is likely a network device in the path between the client and server that is rejecting a bit sequence of the transfer. While the rest of the transfer packets are accepted, the network device rejects one particular packet every time, which happens when a packet is of an unknown type. An IDS or firewall that is configured to do deep packet inspection doesn’t trust certain packets and thus automatically rejects them.


A workaround to the problem is changing the shape of the file to be transferred, which changes the shape of every single packet. One way of doing this is to zip the file before transferring it. Another way is to encrypt transfers.

Transfers can be encrypted for a particular case, or you can configure the server to encrypt traffic for any or all users. If encryption is not configured, clients are given the option to encrypt but may not actually do so. The Aspera Connect plugin does not have the option to configure encryption on its end, so the option must be set on the server in order for the plugin to encrypt its transfers.

For example, you can force encryption from the server side for a particular user with the following command, where <name> is the username:

asconfigurator -x "set_user_data;user_name,<name>;transfer_encryption_allowed_cipher,aes-128"


To force encryption on all users, run the following command:

asconfigurator -x "set_node_data;transfer_encryption_allowed_cipher,aes-128"


You can also force encryption on the GUI, in Configuration. On the Authorization tab you can set Encryption Allowed to aes-128 on a global level, for particular groups or for particular users.

Ultimately, the ideal solution would be to find the offending network device and disable the deep packet inspection, at least on UDP traffic which Aspera transfers use. However, locating the network device can be difficult or even impossible, so the best solution is to force encryption on transfers.

Powered by Zendesk