![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 77%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,162 questions
@shahid Afridi Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Can you share the screenshot of the exact error message?
Please cross verify the the SMB version (SMB version compatibility) and verify DNS resolution(nslookup yourfileshare.file.core.windows.net) ?
To learn how to enable AD DS authentication, first read Overview - on-premises Active Directory Domain Services authentication over SMB for Azure file shares and then see Enable AD DS authentication for Azure file shares.
How it works: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview#azure-ad-ds
Based on the information provided, it seems that you are encountering errors when trying to map an Azure SMB File Share from a Windows 10 workstation. Let's go through the errors you mentioned and possible solutions for each:
This article lists common problems that might occur when you try to connect to and access SMB Azure file shares from Windows or Linux clients. It also provides possible causes and resolutions for these problems.
Error 86:
Error System 86 has occurred. The specified network password is not correct. when clients trying to connect to Azure storage using ADDS Authentication for Azure files.
If you have a Private Endpoint with ADDS or Azure ADDS Authentication for Azure files – please verify the Private link is configured correctly by doing an **NSLookup of [storageaccount.file.core.windows.net ]**and an **NSLookup of [storageaccount.privatelink.file.core.windows.net ]**via cmd prompt.
See documentation - Use private endpoints - Azure Storage
Verify that the Storage Account is AAD or AD is joined and verify if user has RBAC roles in ASC, also check with customer to verify NTFS permissions have been setup.
Run the debug cmdlet from AzFilesHybrid in Powershell Releases· Azure-Samples/azure-files-samples · GitHub - User may need to import the modules from AzFilesHybrid.zip if they do not have it installed from the user context. https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems#self-diagnostics-steps
This error typically occurs when there is a mismatch in the encryption settings between the client and server. Here are some troubleshooting steps you can try:
- Make sure the workstation's time is synchronized with the domain controller and Azure AD.
- Ensure that the Azure file share and the workstation are both configured with the same encryption settings. You can set the encryption settings on the Azure file share by navigating to the "Configuration" section of the file share in the Azure portal.
- Check if any firewall or network security groups are blocking the necessary ports (e.g., port 445 for SMB). Ensure that the required ports are open between the workstation and the Azure file share.
Verify the customer is utilizing acceptable encryption settings on-premises to match the level encryption supported by the feature.
Error 53: This error typically indicates that the network path to the Azure file share is not found. Here are some steps to troubleshoot this error:
- Ensure that the workstation has network connectivity to the Azure file share. You can try pinging the file share endpoint from the workstation to verify connectivity.
- Check if any firewall or network security groups are blocking the necessary ports (e.g., port 445 for SMB). Ensure that the required ports are open between the workstation and the Azure file share.
- Verify that the DNS resolution is working correctly. Ensure that the file share endpoint is resolving to the correct IP address.
Error 85: This error usually occurs when you attempt to map a drive letter that is already in use by another resource. Ensure that the drive letter you are trying to map is not already in use by another mapped network drive or any other resource on the workstation.
Additionally, you mentioned that you want your users to access the Azure file shares using their AD credentials from anywhere in the world without a VPN requirement. This can be achieved using Azure AD DS (Domain Services) or Azure AD Application Proxy. Please let me know if you need more information on setting up either of these options.
If the troubleshooting steps mentioned above do not resolve your issue, it would be helpful to provide the specific error messages you are encountering, any relevant event log entries, and the output of the "DSRegCmd /status" command on the workstation. This information can help in further diagnosing the problem.
If the issue still persist, I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you. Once again, apologies for any inconvenience with this issue.
Thanks for your patience and co-operation.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 38%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)