SOLVED: Azure File Share Connection Problems

Published by Ian Matthews on

If you are using Azure File Shares you will find connection errors on various Operating Systems and configurations.  This article is designed to tell you what you need to know quickly.

Azure File Share Requirements:

  1. SMB3 : You need to be on Windows 8.1 or above or Windows Server 2012 (original ‘R1’) or above because Azure File Sharing requires SMB 3.0
    1. See the OS/SMB table at the bottom of this article for more details
      .
  2. PORT 445: You need to ensure you do not have OUTBOUND access to port 445 blocked, because Azure uses port 445
    1. Some ISP’s block non-standard ports like 445 so if you are trying Azure File Shares from a home connection and your firewall is not blocking outbound 445 (like 99.9% of firewalls) you still may not be able to connect because your ISP may be blocking 445.  In Canada Telus used to block it but we don’t know if they still do or not.
      .
  3. NTLMv2: NTLM version 2 must be enabled to use Azure File Share:
    1. If HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel is set to 3 4 or 5
    2. You can set the NTLM level via GPO as detailed in THIS Microsoft article and you can see the NTLM registry entry settings at the bottom of this article

Azure File Share Connection Errors:

a) Azure File Share System Error 53 on Server 2012 R2

Most likely you have an NTLM or SMB problem – Check your NTLM setting in the registry

azure file share system error 5 access is deniedb) Azure File Share System Error 5 Access Denied:

Most likely you have an SMB problem – Try again from a patched Windows 10 PC

Azure File Share Troubleshooter:

If you have problems that this page does not resolve, try the free Azure File Share Troubleshooter directly from Microsoft.  It works very well.

APPENDIX:

a) NTLM Registry settings:

Setting

 Description Registry security level
Send LM & NTLM responses Client computers use LM and NTLM authentication, and they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 0
Send LM & NTLM – use NTLMv2 session security if negotiated Client computers use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 1
Send NTLM response only Client computers use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 2
Send NTLMv2 response only Client computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 3
Send NTLMv2 response only. Refuse LM Client computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM authentication, and they will accept only NTLM and NTLMv2 authentication. 4
Send NTLMv2 response only. Refuse LM & NTLM Client computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they will accept only NTLMv2 authentication. 5

b) Windows SMB Versions & Azure:

Windows version SMB version Mountable in Azure VM Mountable On-Premises
Windows Server 2019 SMB 3.0 Yes Yes
Windows 101 SMB 3.0 Yes Yes
Windows Server semi-annual channel2 SMB 3.0 Yes Yes
Windows Server 2016 SMB 3.0 Yes Yes
Windows 8.1 SMB 3.0 Yes Yes
Windows Server 2012 R2 SMB 3.0 Yes Yes
Windows Server 2012 SMB 3.0 Yes Yes
Windows 7 SMB 2.1 Yes No
Windows Server 2008 R2 SMB 2.1 Yes No

1Windows 10, versions 1507, 1607, 1703, 1709, 1803, and 1809.
2Windows Server, version 1709 and 1803.

Categories: Microsoft 365 Apps, Azure & CloudWindows Server
Tags:

1 Comment

macho · September 5, 2022 at 2:14 am

Yes! Finalⅼy something about Azure File Shares

Reply

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

nla auth required domain controller

SOLVED: Remote Computer Requires Network Level Authentication

We recently had a client with several Windows Server presenting this error message when admins were attempting to RDP to them: REMOTE DESKTOP CONNECTIONThe remote computer that you are trying to connect to requires Network Read more…

SOLVED: Easy PowerShell Scripts To Delete Disabled User Accounts

Last week we had a client who wanted to delete ALL disabled user accounts because they had been hacked and wanted to reduce their attack surface. The two problems we had with this is that Read more…

how to deactivate a users M365 activation

SOLVED: How To Deactivate A Microsoft Office 365 Activation

Microsoft Office 365 licenses allow each user to install M365 on up to 5 different devices. So the question arises what happens when you have your 6th device? The answer is you will get error Read more…