Share via

Global Secure Access unable to access SMB File server via FQDN

Koh Shi Jie 40 Reputation points
2025-12-08T08:32:01.94+00:00

Hi,

I have setup the global access to access my on premise SMB File server using FQDN. But i'm unable to open up using FQDN but works with IP address instead. Could someone help me or setup a teams call to take a look at my current problem

Microsoft Security | Microsoft Entra | Microsoft Entra Private Access
0 comments
Answer accepted by question author
  1. Monalisha Jena 4,145 Reputation points Microsoft External Staff Moderator
    2025-12-09T11:08:23.94+00:00

    Hello Koh Shi Jie,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I will try to clarify your doubts.

    So, SMB works over the Private IP but not the FQDN because the GSA Private Access setup is missing the Private DNS configuration needed to resolve internal names. Using the IP works since the GSA client knows the destination, but FQDN access fails because DNS queries go to the local network’s DNS, which can’t resolve internal domains. To fix this, DNS requests for internal FQDNs must be routed through the GSA tunnel to the on-prem DNS servers.

    would like to know about some points as:

    Have you configured the Private DNS Settings in the Microsoft Entra admin center?

    Are you able to successfully access any other resources (e.g., RDP, internal web server) using their FQDN through the GSA tunnel?

    Till then would recommend below solutions as:

    The solution is to configure the Private DNS settings within the Global Secure Access setup to direct domain name lookups for your private network to your on-premises DNS servers.

    1.Identify On-Premises DNS Servers: Determine the Private IP addresses of your primary and secondary DNS servers/Domain Controllers (e.g., 192.168.x.x).

    2.Configure Private DNS in GSA:

    Navigate to the Microsoft Entra admin center.

    Go to Global Secure Access (preview) > Connect > Global settings.

    Select DNS forwarding.

    • Add your On-Premises DNS Server IPs (e.g., 192.168.x.x) under the DNS servers list.

    3.Configure the DNS Zone:

    • Under DNS forwarding, locate DNS zones.
    • Add the Private Domain Name Suffix for your network (e.g., corp.local or contoso.com).
    • Associate this zone with the DNS server IPs you added in the previous step.
    • The Global Secure Access client will now intercept any DNS queries for the domain corp.local and route them through the GSA tunnel to your on-premises DNS server, which will successfully resolve the FQDN (fileserver.corp.local) to the private IP address ( 192.168.x.x).

    Reference: https://learn.microsoft.com/en-us/entra/global-secure-access/concept-private-name-resolution

    https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-quick-access

    Hope this helps! If it answered your question, please consider clicking Accept Answer and Upvote. This will help us and others in the community as well.

    If you need more info, feel free to ask in the comments. Happy to help!

    Regards,

    Monalisha

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-08T08:32:10.94+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    If you are unable to access your SMB file server using the Fully Qualified Domain Name (FQDN) but can access it via the IP address, there are a few troubleshooting steps you can take:

    1. Check DNS Resolution: Ensure that the FQDN is correctly resolving to the IP address of your SMB file server. You can use the nslookup command to verify this.
    2. CNAME Alias Issues: If you are using a CNAME alias to access the SMB share, be aware that accessing SMB shares via CNAME can lead to issues. The article on SMB file server share access indicates that using a CNAME might cause access failures. You may need to access the share using the actual FQDN or NetBIOS name instead of the CNAME.
    3. Network Configuration: Verify that your network configuration allows traffic to the SMB server via the FQDN. Ensure that any firewalls or security groups are not blocking the necessary ports (TCP 445 for SMB).
    4. Global Secure Access Configuration: Make sure that your Global Secure Access configuration is set up correctly to allow access to the SMB file server using the FQDN. Check that the correct rules are applied in the forwarding profile.
    5. Logs and Diagnostics: Review the logs and diagnostics in the Global Secure Access client to identify any potential issues or errors that may indicate why the FQDN is not working as expected.

    If you continue to experience issues, consider consulting the troubleshooting guide for Global Secure Access or reaching out for further support.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.