Hi - I had a very similar problem with my users. PUBLIC Endpoint works fine however some of our users working from home have ISP's blocking 445 out. So we built the VPN Gateway and set up the private endpoint - but when connecting to the drive they would get "The specified network password is incorrect". I could confirm the name resolution working correctly NRPT (Name resolution policy table) was applying correctly by running
test-netconnection -computername <storageaccount>.file.core.windows.net -port 445
This would then return the PRIVATE endpoint IP Address. (NSLookup does not respect NRPT tables). Great, so the connection was "valid". Then I read something about the VPN using the cached credentials of the VPN to authenticate to the share which was causing the issue. To work around this set the registry subkey KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableDomainCreds - Set the value to 1 After doing this the drive mapped fine. My understand is with this registry subkey set to 1 - the device will always query the domain and not use the cached creds.