Azure file shares could not be accessed

Azure file shares could not be accessed | Port 445

Asked 28/3, 2019 at 4:5 Answered 28/3, 2019 at 6:25

I have setup Azure Storage Files, I have added a couple of firewall rules in my dev machine to open the port#445. But I could not access my file shares now. It does not respond to ping command as well.

But I am able to access the same file shares from Azure VM IaaS Servers. Is there something I missed?

Bolero answered 28/3, 2019 at 4:5 Comment(1)

Should it help others, for me the issue was NetBios filtering on my router: serverfault.com/questions/1056711/… – Quemoy 11/3, 2021 at 14:38

It's not recommended to directly use PING command to verify network connectivity to a public DNS name or IP address as usually PING is forbidden. You could use PowerShell command Test-NetConnection -Port 445 -ComputerName somestoragexxx.file.core.windows.net to verify the port 445 on the dev machine.

If this TCP 445 connectivity fails, properly you could check the ISP or your on-premise network security is not blocking outbound port 445. Please note that you should open outbound port instead of inbound port 445.

As a test result, on my local machine, TCP test port 445 is false.

On the Azure VM, TCP test port 445 is true, and I could access the storage file share successfully.

Additionally, port 445 always is not allowed to access over the Internet. You could use different ways to access files in Azure Files.

You can mount the file share on your local machine by using the SMB 3.0 protocol, or you can use tools like Storage Explorer to access files in your file share. From your application, you can use storage client libraries, REST APIs, PowerShell, or Azure CLI to access your files in the Azure file share.

Dierolf answered 28/3, 2019 at 6:25 Comment(2)

Test-NetConnection returns true for my file share. But it does not map in my local machine. Should I assume that it is due to on-premise organization firewall blocking it? But it always works well in any Azure VM. – Bolero 28/3, 2019 at 6:58

Organization firewall or Internet service provider security. By default, Azure VM locally traffic goes to the Internet without limitation as well as NSG. Also,

Azure routes traffic for any address not specified by an address range within a virtual network, to the Internet, with one exception. If the destination address is for one of Azure's services, Azure routes the traffic directly to the service over Azure's backbone network, rather than routing the traffic to the Internet.

refer to this. – Dierolf 28/3, 2019 at 7:13

Refer to the suggestions mentioned in the GitHub article

One alternative to mounting the share on-premises over port 445 is Azure File Sync, which enables you to create a cache of an Azure file share on an on-premises Windows Server. Azure File Sync only sends data over the Azure Files HTTPS (using the File REST APIs). You can learn more about Azure File Sync here: https://learn.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning

Can you mount that drive from a VM in Azure, just to make sure it's not a problem with the file share? In fact, I'd try it from a VM in a different region if you can, which will confirm that SMB 3.0 is working correctly.

Troubleshooter for Azure Files storage problems

Kindly let us know if the above helps or you need further assistance on this issue.

If the issue still persist,share the screen shot of the error message

Comedietta answered 28/3, 2019 at 6:12 Comment(1)

We are working on Azure File Sync as well. It is nice. Thanks for recommendations! – Bolero 28/3, 2019 at 6:58

Recommended topics

Hot tags