SOLVED: Azure File Share Connection Problems

If you are using Azure File Shares you will find connection errors on various Operating Systems and configurations.  This article is designed to tell you what you need to know quickly.

Azure File Share Requirements:

  1. SMB3 : You need to be on Windows 8.1 or above or Windows Server 2012 (original ‘R1’) or above because Azure File Sharing requires SMB 3.0
    1. See the OS/SMB table at the bottom of this article for more details
      .
  2. PORT 445: You need to ensure you do not have OUTBOUND access to port 445 blocked, because Azure uses port 445
    1. Some ISP’s block non-standard ports like 445 so if you are trying Azure File Shares from a home connection and your firewall is not blocking outbound 445 (like 99.9% of firewalls) you still may not be able to connect because your ISP may be blocking 445.  In Canada Telus used to block it but we don’t know if they still do or not.
      .
  3. NTLMv2: NTLM version 2 must be enabled to use Azure File Share:
    1. If HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel is set to 3 4 or 5
    2. You can set the NTLM level via GPO as detailed in THIS Microsoft article and you can see the NTLM registry entry settings at the bottom of this article

Azure File Share Connection Errors:

a) Azure File Share System Error 53 on Server 2012 R2

Most likely you have an NTLM or SMB problem – Check your NTLM setting in the registry

azure file share system error 5 access is deniedb) Azure File Share System Error 5 Access Denied:

Most likely you have an SMB problem – Try again from a patched Windows 10 PC


Azure File Share Troubleshooter:

If you have problems that this page does not resolve, try the free Azure File Share Troubleshooter directly from Microsoft.  It works very well.


APPENDIX:

a) NTLM Registry settings:

Setting

Description Registry security level
Send LM & NTLM responses Client computers use LM and NTLM authentication, and they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 0
Send LM & NTLM – use NTLMv2 session security if negotiated Client computers use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 1
Send NTLM response only Client computers use NTLMv1 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 2
Send NTLMv2 response only Client computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 3
Send NTLMv2 response only. Refuse LM Client computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM authentication, and they will accept only NTLM and NTLMv2 authentication. 4
Send NTLMv2 response only. Refuse LM & NTLM Client computers use NTLMv2 authentication, and they use NTLMv2 session security if the server supports it. Domain controllers refuse to accept LM and NTLM authentication, and they will accept only NTLMv2 authentication. 5

b) Windows SMB Versions & Azure:

Windows version SMB version Mountable in Azure VM Mountable On-Premises
Windows Server 2019 SMB 3.0 Yes Yes
Windows 101 SMB 3.0 Yes Yes
Windows Server semi-annual channel2 SMB 3.0 Yes Yes
Windows Server 2016 SMB 3.0 Yes Yes
Windows 8.1 SMB 3.0 Yes Yes
Windows Server 2012 R2 SMB 3.0 Yes Yes
Windows Server 2012 SMB 3.0 Yes Yes
Windows 7 SMB 2.1 Yes No
Windows Server 2008 R2 SMB 2.1 Yes No

1Windows 10, versions 1507, 1607, 1703, 1709, 1803, and 1809.
2Windows Server, version 1709 and 1803.

Leave a Reply