Unable to mount azure storage to VM inside same VNET as storage thru private endpoint

Wayne 0 Reputation points
2023-09-20T18:34:38.7066667+00:00

I have been fighting mounting a drive via private endpoint to azure storage all day.

I get access denied when trying to run mounting script.

I notice when pinging the file share name, it always resolves to public ip - not the private endpoint ip.

I have the private endpoint DNS in my AAD DS DNS server, no go, still resolves to public ip.

I tired using the private link approach, still, resolves to public ip.

If i change storage to allow from all public, it works.

If i change storage to deny public but configure service endpoints via selecting VNET to add, it works.

It just will not work if I disable from all public and use just the endpoint.

I can connect to port 445 to URL of share just fine when set to private even though its going public (allowed Storage destination from VNET in my firewall), but it will not mount the drive and says access denied when I run mounting script.

Please advise

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,091 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sumarigo-MSFT 45,776 Reputation points Microsoft Employee
    2023-09-27T16:48:59.57+00:00

    @Wayne Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    First, it's important to note that when you're using a private endpoint, the DNS resolution should be handled by your on-premises DNS server, not the Azure DNS server. You mentioned that you have the private endpoint DNS in your AAD DS DNS server, but it's still resolving to the public IP. Have you confirmed that your on-premises DNS server is correctly configured to resolve the storage account name to the private endpoint's private IP address?

    This article provides detailed information on How Connect to a storage account using an Azure Private Endpoint

    Refer to this article Connect to an Azure File Share via a Private Endpoint

    This article provides possible causes and solutions for errors that cause the mounting of an Azure file share to fail. It give ideas based on the error, If the issue still persist, share the screenshot of the error message.

    Additional information: Architecture

    Please let us know if you have any further queries. I’m happy to assist you further.     


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.