question

JoeTech-7816 avatar image
0 Votes"
JoeTech-7816 asked MichaelLong-4034 commented

Transfer files between on premiss AD joined and Azure AD joined device. \\computername\C$ doesnt work

Normally to simply and fast transfer files over the internal network i use \\computername\C$ so i can copy it. The envirement is hybrid with on premiss AD and Azure AD connected.

Now i have the problem this doesnt work with devices in Azure AD, is there another method how i can simply transfer files between AzureAD devices? Or need something to be configured?

The plan is to install all devices in our network with Intune and let them Join Azure AD. But simple things like this need to work before we go further.

Azure AD is new for me Thanks in advance!

azure-active-directorywindows-active-directorywindows-10-networkintune-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered JoeTech-7816 edited

What's the scenario where this is needed?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

When we simply want to transfer some files from 1 pc to another pc. Without the need of a fileserver.

PC's are in AzureAD but all are working in the local office.

Iam used to this method becasue it was always working when not using azureAD.

I think more IT people use this, to simply copy files from 1 pc to another pc.

Should this work with azureAD from start/run: \\computername\C$ ?

Thanks in advance!

0 Votes 0 ·
GeorgMatviak-7378 avatar image
0 Votes"
GeorgMatviak-7378 answered Jason-MSFT commented

Hello JoeTech-7816,

Thank you for your question and reaching out. My name is Jainth and I’d be more than happy to help you with your query.

For security reasons, connections to Azure file shares are blocked if the communication channel isn't encrypted and if the connection attempt isn't made from the same datacenter where the Azure file shares reside.

Unencrypted connections within the same datacenter can also be blocked if the Secure transfer required setting is enabled on the storage account.

An encrypted communication channel is provided only if the user's client OS supports SMB encryption.

Do check out the below link which discuss on how to Troubleshoot Azure Files problems in Windows (SMB)

https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems


Hope this answers all your queries, if not please do repost back.



--If an Answer is helpful, please click "Accept Answer" and upvote it--

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@GeorgMatviak-7378, the OP's question is completely unrelated to Azure files or storage.

2 Votes 2 ·
GeorgMatviak-7378 avatar image
0 Votes"
GeorgMatviak-7378 answered

Hello JoeTech-7816,

Thank you for your question and reaching out.

Below Microsoft article shows the basic steps for creating and using an Azure Files share. In this quickstart, the emphasis is on quickly setting up an Azure Files share so you can experience how the service works. If you need more detailed instructions for creating and using Azure file shares in your own environment,

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-windows



--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
1 Vote"
MotoX80 answered SimonRenMSFT-3639 edited

Now i have the problem this doesnt work with devices in Azure AD,

It's really hard to help you based on a description of "doesnt work". What error do you get? Access denied? Network path not found? What account are you logged in with? Is the on-premise server able to authenticate that account? Have you tried using a non-admin share?

Log on to the Azure server and use Powershell to test connectivity and to see if some firewall is blocking the TCP port.

 Test-NetConnection -ComputerName YourServerName -CommonTCPPort SMB 

When we simply want to transfer some files from 1 pc to another pc. Without the need of a fileserver.

In mstsc.exe, have it connect the local drives. and copy the files that way.



149398-capture.jpg



capture.jpg (61.9 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sorry about the doesnt work, it says cannot access i tried this with a domain administrator account. 149610-2021-11-16-09-07-37-network-error.png

i have tried the test-netconnection command it says the following:

WARNING: TCP connect to (172.16.60.82 : 445) failed
ComputerName : pcname
RemoteAddress : 172.16.60.82
RemotePort : 445
InterfaceAlias : Wi-Fi
SourceAddress : 172.16.61.84
PingSucceeded : True
PingReplyDetails (RTT) : 20 ms
TcpTestSucceeded : False

I think now... the 445 is blocked in the firewall, i get to my firewall administrator to let them check this.

Thanks i think this is helping me a lot! I will let you know if this solved the problem.

0 Votes 0 ·

Hi,

Thanks for your reply, If there is any update, please keep us on posted. And it's appreciated that you could click "Accept Answer" to helpful reply, this will help other users to search for useful information more quickly. Thank you!

Best regards,
Simon

0 Votes 0 ·
ChrisPhillips-1930 avatar image
1 Vote"
ChrisPhillips-1930 answered MichaelLong-4034 commented

A couple things to look at with your scenario as we're also going through the transition from all our computers being joined to an on premise AD to strictly AAD joined or some that are hybrid joined.

First, if you were disabling the Windows firewall on your on premise joined computers via AD group policy, specifically when they were on the domain's network, this isn't the case with AAD joined computers. Even though the AAD joined computers are sitting on the same network as your on premise domain, they are not pulling those same AD group policies, at least not without some further configuration. So access to the admin share on that PC is probably being blocked by the Windows firewall.

Second, if you get past that network error, the next error you'll probably run into is authenticating to the AAD computer if you're trying to access it from a hybrid joined or other non-AAD joined device. Typically when you try and access one AD joined computer's admin sharer (c$) from another AD joined computer, Windows authentication takes place behind the scenes seamlessly. But in this case, the AAD computer won't be able to authenticate due to it not recognizing the username format "username@domain.com" like a typical AD joined computer would. So instead you'll need to authenticate using the format "azuread\username@domain.com" (assuming you have everything setup to sync between your on premise AD and AAD via the Azure AD connect client.)

Hope this help you out. (I found this post as we are trying to copy files to AAD joined computers when they're not on our network, rather sitting on the internet at home or at a coffee shop. We need to replace a config. file and are trying find a way to push that out to all our AAD computers when they don't have access to a local file share within our datacenter. Your situation is a bit easier since they reside on your network.)

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I opened the ports via a custom profile and can easily connect to an Azure AD Joined device from another Azure AD Joined device. We do have issues in connecting from on-premise servers and from Hybrid devices though. No matter how we try to authenticate, we cannot get to the admin shares on an Azure AD Joined device. We have AD sync working correctly and all of our Users are synced to Azure AD. It kind of drives me nuts that the hybrid device users can't do this. But, doesn't affect me. I've been AADJ for over a year and any new device we bring on-board is AADJ. Still have some dinosaurs out there though.

0 Votes 0 ·
MichaelLong-4034 avatar image
0 Votes"
MichaelLong-4034 answered

We manage AADJ devices using Intune. Took me quite a while to figure this out. The solution was frustratingly simple, once I found it. The issue is the Windows Firewall on the AADJ machine blocking the File and Printer Sharing ports. Open UDP Ports 137 & 138, and open TCP Ports 139 & 445. Port 445 will also allow the AADJ machine to be pinged. There is no ADMX policy for this firewall setting in Intune but there is one in Group Policy. AADJ machines can't use Group Policy, but ADMX.help has a wealth of information on what those group policies do. This is the ADMX.help link for the File and Printer Sharing rule.
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.WindowsFirewall::WF_FileAndPrint_Name_2

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.