Map network drive to Azure File Shares failed using Azure AD account, but works with Storage account.

Question

Hello,

I have an Azure File Shares with Azure Active Directory enabled however all users are unable to map a drive to this File Shares. Mapping a drive always result in the error "The specified network password is not correct."

If map drive using Storage account key, it works fine.

I've confirmed the port 445 is not being blocked by the ISP currently in used.

I've also downloaded and run AzFileDiagnostics on Windows outside of Azure it does not show any issue.

Does anyone have any solution on this issue? Thanks

Answer 1

@RAC Welcome to Microsoft Q&A Forum, Thank you for posting the query here!

Firstly, Apologies for the delay response!

Can you please share the screen shot of the error message?

Based on the error message, please refer to suggestion mentioned in this link

Refer to the suggestion mentioned in the below link and let me know the status

https://learn.microsoft.com/en-us/answers/questions/869793/azure-files-network-password-is-not-correct-when-u

I would also recommended to cross verify the perquisites

There is a video which gives detailed information on Azure files Integration with AAD

Additional information: Azure Files, network password is not correct when using storage account key
Network password incorrect using Azure AD DS Identity

I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you.  Once again, apologies for any inconvenience with this issue.

Thanks for your patience and co-operation.

Please let us know if you have any further queries. I’m happy to assist you further.

---

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

So I have everything setup and working with user direct RBAC assignments. If I assign the user Storage File Data SMB Share Contributor at the storage account or share level the drive is mapped fine. We are hybrid. We have a hybrid group that is synced from on premise with all required members being synced as well.

If I assign these same permissions to the group (which according to this link is supported) I get the "The password is invalid for [storage account/share]" error message. I have tested this with 4 different accounts.

Why does Microsoft say it is supported when it obviously does not work? Its counterintuitive to have 20-30 direct RBAC assignments and should be supported for a single group.

Answer 3

So last year I tried working with MS but after few a couple of months, no resolution to my issue and the trial development subscription expired. Now management wants to engage this again with pay-as-you-go subscription, so same result as before: map drive with storage account works but not from Azure AD/Entra connected login VM.

When running AzFileDiagnostics at the part where it attempt to map the drive using the Azure logged on account, there is Get-WmiObject error at line 1215, @Sumarigo-MSFT any ideas why is it failing here?vmconnect_zc6CCS4Ljd.png

This is a Azure AD (Entra ID) only setup and the Azure File Share identity source is configured to use Microsoft Entra Domain Services, share-level permission is all users and groups are Storage File Data SMB Share Contributor. share-level-permissions.png

Answer 4

Revisiting this issue again in 2024. Last year worked with MS for several weeks but no resolution. Now when running AzFileDiagnostics getting error like https://github.com/Azure-Samples/azure-files-samples/issues/179