If you are using Azure File Shares you will find connection errors on various Operating Systems and configurations.  This article is designed to tell you what you need to know quickly.

Azure File Share Requirements:

  1. SMB3 : You need to be on Windows 8.1 or above or Windows Server 2012 (original ‘R1’) or above because Azure File Sharing requires SMB 3.0
    1. See the OS/SMB table at the bottom of this article for more details
      .
  2. PORT 445: You need to ensure you do not have OUTBOUND access to port 445 blocked, because Azure uses port 445
    1. Some ISP’s block non-standard ports like 445 so if you are trying Azure File Shares from a home connection and your firewall is not blocking outbound 445 (like 99.9% of firewalls) you still may not be able to connect because your ISP may be blocking 445.  In Canada Telus used to block it but we don’t know if they still do or not.
      .
  3. NTLMv2: NTLM version 2 must be enabled to use Azure File Share:
    1. If HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel is set to 3 4 or 5
    2. You can set the NTLM level via GPO as detailed in THIS Microsoft article and you can see the NTLM registry entry settings at the bottom of this article

Azure File Share Connection Errors:

a) Azure File Share System Error 53 on Server 2012 R2

Most likely you have an NTLM or SMB problem – Check your NTLM setting in the registry

azure file share system error 5 access is deniedb) Azure File Share System Error 5 Access Denied:

Most likely you have an SMB problem – Try again from a patched Windows 10 PC


Azure File Share Troubleshooter:

If you have problems that this page does not resolve, try the free Azure File Share Troubleshooter directly from Microsoft.  It works very well.


APPENDIX:

a) NTLM Registry settings:

Setting

DescriptionRegistry security level
Send LM & NTLM responsesClient computers use LM and NTLM authentication, and they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication.0
Send LM & NTLM – use NTLMv2 session security if negotiatedClient computers use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.1
Send NTLM response onlyClient computers use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.2
Send NTLMv2 response onlyClient computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication.3
Send NTLMv2 response only. Refuse LMClient computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM authentication, and they will accept only NTLM and NTLMv2 authentication.4
Send NTLMv2 response only. Refuse LM & NTLMClient computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they will accept only NTLMv2 authentication.5

b) Windows SMB Versions & Azure:

Windows versionSMB versionMountable in Azure VMMountable On-Premises
Windows Server 2019SMB 3.0YesYes
Windows 101SMB 3.0YesYes
Windows Server semi-annual channel2SMB 3.0YesYes
Windows Server 2016SMB 3.0YesYes
Windows 8.1SMB 3.0YesYes
Windows Server 2012 R2SMB 3.0YesYes
Windows Server 2012SMB 3.0YesYes
Windows 7SMB 2.1YesNo
Windows Server 2008 R2SMB 2.1YesNo

1Windows 10, versions 1507, 1607, 1703, 1709, 1803, and 1809.
2Windows Server, version 1709 and 1803.


1 Comment

macho · September 5, 2022 at 2:14 am

Yes! Finalⅼy something about Azure File Shares

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *