Hello Huppertz, Nikolai,
Greetings! Welcome to Microsoft Q&A Platform.
I understand that you are using Azure Storage Mover for migrating some files from on-prem environment to an Azure File Share and encountering issues with it while performing the migration with error code AZSM1001 stating permission is denied.
Prerequisites for the SMB Share:
- Ensure you have an active Azure subscription and a resource group.
- You need at least one SMB Azure file share in your storage account.
- Your local network must allow the Storage Mover agent to communicate with Azure. Ensure that port 443 (TLS) is open outbound, and your firewall rules do not limit traffic to Azure.
Configuring SMB Share for Key Vault Secrets:
To configure your SMB share to permit access using Key Vault secrets, follow these steps:
- Create and Store Secrets in Azure Key Vault, store the credentials (username and password) for your SMB share in Azure Key Vault as secrets.
- Ensure the Storage Mover agent has the necessary permissions to access the Key Vault secrets. You can do this by assigning the appropriate roles (e.g., Key Vault Reader) to the managed identity of the Storage Mover agent.
- When setting up your migration job, specify the Key Vault secrets for the SMB share credentials. The Storage Mover agent will use these secrets to authenticate and access the SMB share.
Setting Permissions on the SMB Share:
Even though you've assigned 'Full Control' to 'Everyone', it's essential to ensure that the specific user account (whose credentials are stored in Key Vault) has the necessary permissions on the SMB share.
- Identify the User Account:
- Determine the user account that will be used by the Storage Mover agent to access the SMB share.
- Assign Permissions:
- On your SMB share, explicitly assign the required permissions (e.g., Read, Write, Modify) to this user account.
- Verify Permissions:
- Double-check that the permissions are correctly set and that there are no conflicting permissions that might be causing the access issue.
Troubleshooting Error Code AZSM1001,
The error code AZSM1001 indicates a failure to mount the source path during your Azure file share migration and indicates a permission issue.
Error Code |
Error Message |
Details/Troubleshooting steps/Mitigation |
AZSM1001 |
Failed to mount source path |
Verify the provided server name or IP-address is valid, or the source location is correct. If using SMB, verify the provided username and password is correct. |
AZSM1001 |
Failed to mount source path |
Verify the provided server name or IP-address is valid, or the source location is correct. If using SMB, verify the provided username and password is correct. |
AZSM1002 |
Encountered an error while scanning the source |
Retry or create a support ticket. |
AZSM1003 |
Failed to access source folder due to permission issues |
Verify that the agent has been granted permissions to the source file share. |
Please consider checking few additional steps to troubleshoot:
- Check Key Vault Access:
- Ensure that the Storage Mover agent can access the Key Vault and retrieve the secrets.
- Review SMB Share Permissions:
- Verify that the user account has the correct permissions on the SMB share.
- Network Connectivity:
- Confirm that there are no network issues preventing the Storage Mover agent from accessing the SMB share.
If you continue to face issues, reviewing the detailed logs from the Storage Mover agent might provide more insights into the specific cause of the permission denial.
Troubleshooting doc - https://learn.microsoft.com/en-us/azure/storage-mover/status-code, https://learn.microsoft.com/en-us/troubleshoot/azure/azure-storage/files/connectivity/files-troubleshoot-smb-connectivity?tabs=windows
reference docs: https://learn.microsoft.com/en-us/azure/storage/files/migrate-files-storage-mover will help you with detailed guidance.
Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.