Azure Files
An Azure service that offers file shares in the cloud.
1,415 questions
Have you made the registry changes to the Azure AD Joined client and rebooted?
Cannot connect to Azure Files share
Ash
56
Reputation points
I have set up an Azure Files share with Azure AD Kerberos as the source.
When running the connection script (Active Directory authentication) I get the error below. Please help!
The PC is Azure AD-joined, with the user logging in with an Azure AD account.
The Azure website states: "Azure AD Kerberos authentication allows users to connect to Azure Files over the internet without requiring a line-of-sight to domain controllers."
New-PSDrive : The system cannot contact a domain controller to service the authentication request. Please try again later
At C:\Users\testuser\Desktop\connect-files-share.ps1:4 char:5
- New-PSDrive -Name Z -PSProvider FileSystem -Root "\storage ...
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (Z:PSDriveInfo) [New-PSDrive], Win32Exception
- FullyQualifiedErrorId : CouldNotMapNetworkDrive,Microsoft.PowerShell.Commands.NewPSDriveCommand
Azure Files
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,048 questions
Accepted answer
-
Luke Murray 11,436 Reputation points MVP Volunteer Moderator2022-12-20T21:38:16.087+00:00 -
Ash 56 Reputation points
2022-12-21T02:54:33.833+00:00 This is just what I was looking for. Thanks!
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
Ravi Kanth Koppala 3,391 Reputation points Microsoft Employee Moderator2022-12-20T02:46:35.35+00:00 @Ash ,
It looks like you are getting the error "The system cannot contact a domain controller to service the authentication request. Please try again later" when using the New-PSDrive cmdlet to connect to an Azure Files share using Azure AD Kerberos authentication.There are a few things you can try to troubleshoot this issue:
- Make sure that the client machine can communicate with the domain controller. You can test this by pinging the domain controller or trying to access other resources on the domain.
- Check the status of the Azure AD Domain Services instance in the Azure portal to ensure it is running and healthy.
- Ensure that the Azure AD Domain Services instance is configured correctly for the Azure AD tenant. You can check this by going to the Azure AD Domain Services page in the Azure portal and looking for any error messages or warning icons.
- Check the event logs on the client machine for any relevant error messages.
- Make sure that the client machine is configured correctly for Kerberos authentication. This includes setting the correct DNS server, time synchronization, and Kerberos configuration settings.
I hope this helps! Let me know if you have any further questions or need more information.
----------
Please "Accept as Answer" and Upvote if any of the above helped so that it can help others in the community looking for remediation for similar issues.
-
Ash 56 Reputation points
2022-12-20T03:01:08.807+00:00 Azure Files share is currently configured with Azure AD Kerberos as the source.
"Azure AD Kerberos authentication allows users to connect to Azure Files over the internet without requiring a line-of-sight to domain controllers."
Shouldn't this mean that Azure AD-joined PCs can connect to Azure Files without a local domain controller?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 10%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMO%3C/text%3E%3C/svg%3E)
Matias Osca 0 Reputation points2023-06-07T15:47:04.4566667+00:00 Agree with Ash.. Azure AD Kerberos doesn't require line-of-sight with DCs.
Im facing the same issue, and I have followed the instructions and also tried other blogs as well. No luck :(
Sign in to comment