SOLVED: Azure File Share Connection Problems

Published by Ian Matthews on

If you are using Azure File Shares you will find connection errors on various Operating Systems and configurations.  This article is designed to tell you what you need to know quickly.

Azure File Share Requirements:

  1. SMB3 : You need to be on Windows 8.1 or above or Windows Server 2012 (original ‘R1’) or above because Azure File Sharing requires SMB 3.0
    1. See the OS/SMB table at the bottom of this article for more details
      .
  2. PORT 445: You need to ensure you do not have OUTBOUND access to port 445 blocked, because Azure uses port 445
    1. Some ISP’s block non-standard ports like 445 so if you are trying Azure File Shares from a home connection and your firewall is not blocking outbound 445 (like 99.9% of firewalls) you still may not be able to connect because your ISP may be blocking 445.  In Canada Telus used to block it but we don’t know if they still do or not.
      .
  3. NTLMv2: NTLM version 2 must be enabled to use Azure File Share:
    1. If HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel is set to 3 4 or 5
    2. You can set the NTLM level via GPO as detailed in THIS Microsoft article and you can see the NTLM registry entry settings at the bottom of this article

Azure File Share Connection Errors:

a) Azure File Share System Error 53 on Server 2012 R2

Most likely you have an NTLM or SMB problem – Check your NTLM setting in the registry

azure file share system error 5 access is deniedb) Azure File Share System Error 5 Access Denied:

Most likely you have an SMB problem – Try again from a patched Windows 10 PC

Azure File Share Troubleshooter:

If you have problems that this page does not resolve, try the free Azure File Share Troubleshooter directly from Microsoft.  It works very well.

APPENDIX:

a) NTLM Registry settings:

Setting

DescriptionRegistry security level
Send LM & NTLM responsesClient computers use LM and NTLM authentication, and they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.0
Send LM & NTLM – use NTLMv2 session security if negotiatedClient computers use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.1
Send NTLM response onlyClient computers use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.2
Send NTLMv2 response onlyClient computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.3
Send NTLMv2 response only. Refuse LMClient computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM authentication, and they will accept only NTLM and NTLMv2 authentication.4
Send NTLMv2 response only. Refuse LM & NTLMClient computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they will accept only NTLMv2 authentication.5

b) Windows SMB Versions & Azure:

Windows versionSMB versionMountable in Azure VMMountable On-Premises
Windows Server 2019SMB 3.0YesYes
Windows 101SMB 3.0YesYes
Windows Server semi-annual channel2SMB 3.0YesYes
Windows Server 2016SMB 3.0YesYes
Windows 8.1SMB 3.0YesYes
Windows Server 2012 R2SMB 3.0YesYes
Windows Server 2012SMB 3.0YesYes
Windows 7SMB 2.1YesNo
Windows Server 2008 R2SMB 2.1YesNo

1Windows 10, versions 1507, 1607, 1703, 1709, 1803, and 1809.
2Windows Server, version 1709 and 1803.

Categories: Microsoft 365 Apps, Azure & CloudWindows Server
Tags:

1 Comment

macho · September 5, 2022 at 2:14 am

Yes! Finalⅼy something about Azure File Shares

Reply

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

An error occurred while using SSL configuration for endpoint 0 0 0 0 443

SOLVED: An Error Occurred While Using SSL Configuration For Endpoint 0.0.0.0:443

One of our new clients had a server with error 7023 “An error occurred while using SSL configuration for endpoint 0.0.0.0:443”: A quick investigation showed, this error has been occurring for months (likely years, but Read more…

Force Microsoft Authenticator App to Popup Prompt For Code

SOLVED: Microsoft Authenticator Not Popping Up Approval Prompt

If you use the Microsoft Authenticator frequently it can be really annoying to have it not popup prompt you for the code when you’re trying to sign into something. Recently we added a new client Read more…

how to set active directory group membership with group policy gpo restricted groups

SOLVED: User Accounts Being Deleted / Added From Groups Automatically

Today we had a very cool problem with a client who was trying to add a service account to a Windows Active Directory Group. the problem was that after the service account was added to Read more…