Cannot access Azure Files Share from Azure Portal

Michaël Gagnon 0 Reputation points
2023-03-18T16:23:37.1466667+00:00

Hi,

I cannot access Files Shares in a StorageAccount through Azure Portal.

It's currently configure as:

Public network access

  • Enabled from all networks

I'm just trying to access it from the Azure Portal with my Global Admin account to adjust configurations.

I get the following error message:

"This machine doesn't seem to have access."

Important note: Trying to access from the Azure Portal for management stuff, not even SMB or NFS. Just trying from the Azure Web portal. i don't see which kind of permissions can block this access as the Storage Account RBAC is currently set to allow Global Admin to connect to it.

I can manage everything else in the storage account but not any Files Share.

2023-03-18 12_35_43-Clipboard

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,156 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,667 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,916 Reputation points
    2023-03-18T17:34:14.3633333+00:00

    Hi,

    Did you tried incognito mode to try out the file shares pane in the portal? Also try another browser if you have onthe device.

    Hope this helps.

    JS

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.


  2. Sumarigo-MSFT 43,401 Reputation points Microsoft Employee
    2023-03-30T07:46:29.32+00:00

    @Michaël Gagnon Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    For better understating the issue: Are you able to access azure Blob Storage container?(In same storage account)
    Check your networking configuration (proxy configuration, IP rules, Azure network settings for storage, etc) in your organization to ensure Azure services can be fully accessed.

    The error message "This machine doesn't seem to have access" can occur when the machine is unable to access the Azure file share. There could be several reasons for this error. One possible reason is that the machine is not joined to the same domain as the Azure file share Another possible reason is that the machine's IP address is not allowed to access the Azure file share due to firewall rules. You can check if the machine's IP address is allowed by temporarily changing the firewall rules to allow access from all networks<sup>.</sup>

    Note: By design, access to a storage account from trusted services takes the highest precedence over other network access restrictions. For this reason, if you set Public network access to Disabled after previously setting it to Enabled from selected virtual networks and IP addresses, any resource instances and exceptions you had previously configured, including Allow Azure services on the trusted services list to access this storage account, will remain in effect. As a result, those resources and services may still have access to the storage account after setting Public network access to Disabled.

    In case that does not work, I suggest changing the IP address with **10.4.*.4 or you can remove all the entries containing <acc>.file.core.windows.net.

    Troubleshooting Storage Firewall Issues: https://techcommunity.microsoft.com/t5/azure-paas-blog/troubleshooting-storage-firewall-issues/ba-p/1944730

    Troubleshooting Storage Firewall Issues

    To assign an Azure role to an Azure AD identity, using the Azure portal, follow these steps:

    1. In the Azure portal, go to your file share, or create a file share.
    2. Select Access Control (IAM).
    3. Select Add a role assignment
    4. In the Add role assignment blade, select the appropriate built-in role from the Role list.
      1. Storage File Data SMB Share Reader
      2. Storage File Data SMB Share Contributor
      3. Storage File Data SMB Share Elevated Contributor
    5. Leave Assign access to at the default setting: Azure AD user, group, or service principal. Select the target Azure AD identity by name or email address. The selected Azure AD identity must be a hybrid identity and cannot be a cloud only identity. This means that the same identity is also represented in AD DS.
    6. Select Save to complete the role assignment operation.

    If the issue still persist, Please let me know I would like to work closer on this issue


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments