Issue accessing azure file share from windows 11 with kerberos. Windows 10 works fine.

John Benson 1 Reputation point
2023-02-16T03:43:21.57+00:00

I've set up a fileshare in azure - using Azure AD kerberos for hybrid deployments.
All configuration looks good - using the UNC from a Windows10 machines displays the folder correctly so connectivity and basic config looks fine.
Yet a Windows 11 machine using same domain account on same network doesn't. It eventually times out and prompts for username/password.

Wireshark tracing shows the Windows11 machine is starting the protocol negotiation using SMB (which is odd) and response from azure is coming back as SMB2 so it then does SMB2 request. The next SMB2 response seems to trigger a TCP RST response even though the negotiation seemed to work (encryption and preauth match between request and response)
ie SMB request
SMB2 response
SMB2 request
SMB2 response
TCP ACK from client and the TCP RST from client.

The Windows10 machine doesn't do an initial SMB request - it goes straight into the SMB2 request/response and then into the session setup.

Has anyone come across this before or something similiar?

Thanks.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,575 questions
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,285 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,603 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Limitless Technology 44,321 Reputation points
    2023-02-16T11:19:47.5666667+00:00

    Hi. Thank you for your question and reaching out. I’d be more than happy to help you with your query

    Issue accessing azure file share from windows 11 with kerberos. Windows 10 works fine.

    If you are having trouble accessing an Azure File Share from Windows 11 with Kerberos, it is likely due to an incompatibility with the Windows 11 operating system or the version of Kerberos being used. To troubleshoot this issue, you should try the following:

    Check to see if the version of Kerberos being used is supported on Windows 11.

    Make sure that Windows 11 has the latest updates installed.

    Make sure that the Azure File Share is configured correctly.

    Try using a different authentication protocol, such as NTLM or Basic authentication.

    Try using a different version of Kerberos.

    Try using a different version of Windows 11.

    Try using a different file share protocol, such as SMB.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments No comments

  2. Sumarigo-MSFT 46,126 Reputation points Microsoft Employee
    2023-03-06T11:34:06.0766667+00:00

    @John Benson Adding more information to the above response!

    The Azure AD Kerberos functionality for hybrid identities is only available on the following operating systems:

    • Windows 11 Enterprise/Pro single or multi-session.
    • Just for cross-verifying: Before you enable Azure AD Kerberos authentication over SMB for Azure file shares, make sure you've completed the following prerequisites.

    This article lists common problems when using SMB Azure file shares with identity-based authentication. It also provides possible causes and resolutions for these problems. Identity-based authentication isn't currently supported for NFS Azure file shares.

    Can run the Debug-AzStorageAccountAuth cmdlet to conduct a set of basic checks on your AD configuration with the logged on AD user. This cmdlet is supported on AzFilesHybrid v0.1.2+ version. You need to run this cmdlet with an AD user that has owner permission on the target storage account.

    Unzip the files, and run a Powershell with ADM rights where you have the files:

    $ResourceGroupName = "<resource-group-name-here>"  
    $StorageAccountName = "<storage-account-name-here>"    
    Debug-AzStorageAccountAuth -StorageAccountName $StorageAccountName -ResourceGroupName $ResourceGroupName -Verbose  
    
    

    If the issue still persist I would like to work closer on this issue

    Please let us know if you have any further queries. I’m happy to assist you further.


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  4. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

  5. Kamal Jayaram 0 Reputation points
    2024-09-10T16:54:58.6266667+00:00

    Hi Sumarigo-MSFT, I am running into similar issue. also raised a microsoft case. but couldnt get a fix yet. can you assist us on this ?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.