Share via

Azure File Share Authentication Issue

James 1 Reputation point
2022-12-22T00:38:24.517+00:00

I have been trying to fix an issue with a Azure File Share I have set up.

Here are some details on my environment

  1. Devices are Windows 10+ and joined to the Azure Domain. All devices have a line of sight of the on-prem domain controller. (able to ping domain controller and setup within the DNS)
  2. We have a on prem active directory service setup with Azure AD Connect to sync our on prem AD server to azure.
  3. Azure File share is setup with Active Directory authentication

273091-image.png

for some reason when I use the command net use X: \[azure file share directory]

I get the error:
Network password is incorrect
then it prompts me to login. using different credentials than the user whom is currently logged in.

I have ensured that the user is apart of a ACL to access the file share in both on prem and in Azure (SMB reader access)
I have even enabled all authenticated users be given read access.
273092-image.png

When I create a test user on the on prem server and force the sync then login to a device and use the command it works successfully. Why wont it work on existing users in the environment? It should atleast let you in considering all authenticated users have read access right? why are the users not considered authenticated?

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 47,506 Reputation points Microsoft Employee Moderator
    2022-12-26T07:07:59.007+00:00

    @James Firstly, Apologies for the delay response! Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    Can you reset the existing user password (make sure AD connect sync also runs after the password change) and try again to connect.

    Might be missing RBAC SMB permissions in Azure.
    Some applications run in the context of the network service, or another system service or account. When accessing the file share, these services or processes "act as the computer on the network", meaning that it has the SID and identity of the computer identity. Windows Defender is an example of a system process that accesses file shares via the computer account.

    Azure Files Active Directory integration decides share access based on Azure RBAC permissions set via Portal or PowerShell. Because these computer accounts have no corresponding RBAC identity, they cannot have a share permission defined for them.we return "logon failure" error.

    Under the Synchronization settings menu for Azure AD Domain Services. You can then change the scope from 'Scoped' to 'All': https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable

    You need to allow the RC4 cypher. If you have deployed CIS benchmarks Level 1 for AD in the domain it will disable RC4 and cause this issue too.

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 274021-accept-answer.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.