Cant connect to Azure File Share with AAD Credentials

Alex Shanahan 0 Reputation points
2023-10-26T11:20:26.82+00:00

I have migrated from on-premise to cloud. All accounts are synced to M365 and I have removed the Azure AD sync (all accounts no longer show that they are connected to on-premise).

What I would like to do is have a user log into their PC with their UPN (so employee@domain.com), and then have network drives there from the Azure File shares (authenticated via Entra AD, not the key).

So far I cant get it to work. What I can get to work is:

  • Connect to the File share with the Storage account key powershell script.
  • Connect to the File share using the DOMAIN\username but only connected to the VPN.

To clarify the last point, I have tried these two commands. The first command doesnt work, the second does and only on the VPN.

  1. Doesnt Works - net use Z: \filestore.file.core.windows.net\share /user:[employee@domain1.com]
  2. Works - net use Z: \filestore.file.core.windows.net\share /user:ad.domain2.com\employee@domain.com

ad.domain2.com is my domain for my Entra AD DS.

[domain1.com] is the primary domain for the tenant

These commands were attempted with a laptop connected with AD Join but not connected to the AD DS.

Whenever I try with command 1 or 2 (without VPN) I get the error:

System error 86 has occurred.

The specified network password is not correct.

This is what I have done:

Set-up a fileshare and provided all users with SMB write access.

Set up the Entra AD DS.

Changed passwords of the users.

Connected the AD DS to the fileshare.

Logged onto a computer and AD Joined (Not AD DS).

Created a VPN connection and connected on the computer (successfully).

AD DS syc it set to everything (not just cloud only).

No matter what I do, however, I cannot seem to log into the Azure File Share.

If I create a W11 VM it's the same problem with the same error message.

Port 445 is open and can connect.

So to me there are two problems:

  1. AD DS not recognising the UPN and only the DOMAIN\username. As the user is signed in via employee@domain1.com, I cant connect via AD.
  2. In addition to the above, it will only connect using the user credentials when a VPN is connected (or connected to VM).

Any help would be greatly appreciated!

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,045 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 40,806 Reputation points Microsoft Employee
    2023-10-31T17:14:18.7966667+00:00

    @Alex Shanahan Apologies for the delay response!

    It seems like you are trying to access Azure File Shares using Azure AD DS and Entra AD. Based on the information you have provided, it appears that the issue is related to the authentication mechanism being used to access the file share. When you try to connect to the file share using the UPN (employee@domain1.com), it fails with the error "The specified network password is not correct".

    This error message indicates that the authentication mechanism being used is not able to authenticate the user. To resolve this issue, you can try the following steps:

    1. Ensure that the user account is synced to Azure AD and is assigned the appropriate permissions to access the file share.
    2. Verify that the Entra AD DS is configured correctly and is able to authenticate the user. You can try logging in to a domain-joined computer using the UPN and verify if the user is able to authenticate successfully.
    3. Try accessing the file share using the DOMAIN\username format instead of the UPN. This should work if the Entra AD DS is able to authenticate the user.
    4. If you want to use the UPN to access the file share, you can try configuring Kerberos authentication between Azure AD DS and Entra AD. This will allow users to authenticate using their UPN and obtain a Kerberos ticket-granting ticket (TGT) from Azure AD DS, which can be used to access the file share.
    5. Ensure that the firewall rules are configured correctly to allow traffic between the client computer and the file share.

    Based on the error message, please refer to the suggestion mentioned in this thread

    Additional information: Please refer to the suggestion mentioned in the below link.

    https://learn.microsoft.com/en-us/answers/questions/869793/azure-files-network-password-is-not-correct-when-u

    I would also recommended to cross verify the perquisites
    Overview - on-premises Active Directory Domain Services authentication over SMB for Azure file shares

    There is a video which gives detailed information on Azure files Integration with AAD

    I hope this helps. Let me know if you have any further questions or concerns.

    I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you.  Once again, apologies for any inconvenience with this issue.
    Thanks for your patience and co-operation.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments