Acesso Negado Ao Conectar No File Storage Azure

Jéssica Advocacia 20 Reputation points
2024-01-31T18:53:33.7+00:00

Bom dia. Eu segui todos passos desta documentação para criar uma VPN P2S para acesso de uma conta de armazenamento/compartilhamento de arquivos do azure: https://learn.microsoft.com/pt-br/azure/storage/files/storage-files-configure-p2s-vpn-windows?tabs=azure-portal#generate-a-client-certificate Mesmo segundo todos os passos da documentação, no momento de montar o compartilhamento de acesso eu recebo a informação de acesso negado. Criei os certificados, configurei a rede virtual, conectei na vpn criada mas o erro persiste. Já tentei montar o compartilhamento pelo cmd, windows power shell, pelo mapeamento de unidade de redes do windows e pelo caminho do explorador de arquivos e não funciona.

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,114 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anand Prakash Yadav 3,305 Reputation points Microsoft Vendor
    2024-02-01T11:41:52.77+00:00

    Hello Jéssica Advocacia,

    Thank you for posting your query here!

    We cannot completely understand your question as this is an English global support. It would be helpful, if you can translate your question in English. Or you can consider support in other languages from here: https://azure.microsoft.com/support/options/

    Refer the FAQ here: For which languages does Microsoft provide support?

    After translating your question, I understood that you encounter "Access Denied" issue while connecting to Azure File Storage despite following documentation for P2S VPN setup, including certificate creation, virtual network configuration, and VPN connection establishment.

    Please note that to create a file share and access it from the desktop, you need to create and configure a Private End Point under the subnet where the storage account exists. (Service Endpoints will not work with P2S).

    Go to 'Private Endpoint Connection' under settings of storage account in Azure portal.
    User's image Next create it as shown in the figure below. Remember to select the options as shown:
    User's imageFollow the steps and select the subnet created in earlier steps.

    For further details: Configuring Azure Files network endpoints.

    Once the creation is completed, note the Network interface IP address from the summary page. This is the IP address which you can connect through your P2S network.

    When you map the drive, use the folder format as \Private IP Address\Filesharename
    Note: Here you need to use the file share name instead of storage account name.

    Also, you may try to Peer P2S VPN VNET to the VNET where the Storage Account resides.

    Note: If a VNET peer is created after the VPN client has been downloaded, a new version of the VPN client will need to be downloaded to reflect the change.

    If you are getting "Access Denied" errors when trying to mount a file share with a private endpoint on your local machine, it's likely that the private endpoint is not properly configured to allow access from your local machine's IP address.

    Please check the following troubleshooting steps:

    · Check the firewall settings on your local machine: Ensure that the firewall on your local machine is not blocking traffic to the private endpoint. Specifically, make sure that port 445 is not blocked, as this is the port used for SMB file sharing.

    · Verify that the private endpoint is resolving correctly: Ensure that the private endpoint is resolving correctly from your local machine. You can do this by pinging the private endpoint's DNS name from your local machine and verifying that the IP address returned is the same as the private IP address assigned to the private endpoint.

    · Check the private endpoint logs: Check the private endpoint logs in the Azure portal to see if there are any errors or issues related to the private endpoint configuration or connectivity.

    Another possible reason for this issue could be related to the Azure Storage firewall settings. Since the file share is accessed through a private endpoint, the firewall rules need to be updated to allow traffic from the VNET of the private endpoint.

    To check if this is the case, you can go to the Azure Storage account settings and navigate to the "Firewalls and virtual networks" section. From there, ensure that the selected option is "Selected networks", and that the VNET of the private endpoint is added to the allowed networks list. Also, make sure that the "Allow trusted Microsoft services to access this storage account" option is enabled.

    Please let us know if you have any further queries or if the issue persists. I’m happy to assist you further.  

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Jéssica Advocacia 20 Reputation points
    2024-02-01T16:06:55.0233333+00:00

    Thanks Anand, your solution solved my problem. I believe that the documentation I mentioned in my previous post is outdated or has an error. In the documentation, it advises mounting the path: \<storageAccountName>.file.core.windows.net<fileShareName>, mounting this path, the error "Access denied" occurs. With your guidance to mount the path: \Private IP address\File share name, the problem was solved. Thank you very much for helping. Helped me a lot.

    0 comments No comments