Azure Files - Mount share on non domain joined VM

Jörg Mayer Azure Consulting 45 Reputation points
2023-05-26T10:03:24.6866667+00:00

Hello,

we use Azure Files with integration to our ON Prem AD (no Azure AD!) and Private Endpoint to access our offices via VPN tunnels. Setup works fine in all locations for systems and users with Domain JOIN.

However, all attempts to mount shares using domain credentials on non domain joined VM fail with system error 86. Connectivity to the domain controllers is available, this has all already been tested....

Also tests with

net use Z: <YourStorageAccountName>.file.core.windows.net<FileShareName> /user:username@domainFQDN

are unsuccessful (there was a Github issue about this (https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/storage/files/storage-files-identity-ad-ds-mount-file-share.md#mount-the-file-share-from-a-non-domain-joined-vm).

Does anyone have any ideas how we can troubleshoot this?

Thank you

Joerg

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,162 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,843 questions
Accepted answer
  1. Sumarigo-MSFT 43,486 Reputation points Microsoft Employee
    2023-05-29T10:51:15.76+00:00

    @örg Mayer Azure Trainings I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: Unable to Mount Azure Files share on non domain joined VM

    Error : 86. Connectivity to the domain controllers is available,
    net use Z: <YourStorageAccountName>.file.core.windows.net<FileShareName> /user:username@domainFQDN

    Solution: FQDN of the storage account from the non domain joined pc helped to resolve the issue

    The on-premises DNS server resolves IP addresses. However, Azure DNS resolves the Azure file share Fully Qualified Domain Name (FQDN). All DNS queries to Azure DNS originate from the virtual network. There's a DNS proxy inside the virtual network to route these queries to Azure DNS. For more information, see On-premises workloads using a DNS forwarder.

    Additional information:

    Based on the error message there are few threads which can resolve your issue: System error 86 has occurred. The specified network password is not correct.
    https://github.com/MicrosoftDocs/azure-docs/issues/49481
    https://stackoverflow.com/questions/67185346/how-do-you-mount-azure-files-using-ad-credentials
    https://stackoverflow.com/questions/66882545/azure-file-shares-drive-map-password-prompt

    Please let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Patrick Pinto 10 Reputation points
    2023-05-28T11:29:44.0666667+00:00

    Hi Joerg,

    Are you able to resolve the fqdn of the storage account from the non domain joined pc?

    Patrick