Azure File Share requires VPN on certain networks

Luke Bittenbinder 21 Reputation points
2022-01-18T21:38:50.4+00:00

I have all of our file shares mounted on my laptop for quick access through Windows Explorer. When I'm in the office I'm able to connect to them fine. When I'm at home, I'm unable to connect to the file shares, and need to run a VPN which solves the problem. I'm trying to identify what the issue here is. I thought it might be port 445, but the port is shown as 'closed' when tested with the VPN both active and inactive. I don't know if this is a valid clue or not. I'd like to avoid having all of our employees require the usage of VPN when accessing these servers away from the office.

Thanks in advance

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
817 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
1,999 questions
Accepted answer
  1. Sumarigo-MSFT 32,006 Reputation points Microsoft Employee
    2022-01-21T13:17:40.937+00:00

    @Luke Bittenbinder SMB sharing is not accessible when TCP port 445 is listening in Windows Server

    SMB has always been a network file sharing protocol. As such, SMB requires network ports on a computer or server to enable communication to other systems. SMB uses either IP Port 445 . 445 is an important port because it is used by default for all SMB communication. Windows uses it for various functions since SMB serves as the network protocol at the application level.
    Learn more here

    Charter Spectrum ISP blocks the port 445. Please refer to the below solutions for causes
    ![167160-image.png]4

    Solution 1

    • Use Azure File Sync
      Azure File Sync can transform your on-premises Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. Azure File Sync works over port 443 and can thus be used as a workaround to access Azure Files from clients that have port 445 blocked. Learn how to setup Azure File Sync.

    Solution 2

    Solution 3

    • Unblock port 445 with help of your ISP/IT Admin
      Work with your IT department or ISP to open port 445 outbound to Azure IP ranges.

    Solution 4

    • Use REST API based tools like Storage Explorer/Powershell
      Azure Files also supports REST in addition to SMB. REST access works over port 443 (standard tcp). There are various tools that are written using REST API which enable rich UI experience. Storage Explorer is one of them. Download and Install Storage Explorer and connect to your file share backed by Azure Files. You can also use PowerShell which also user REST API.

    Please let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to 167244-screenshot-2021-12-10-121802.png and 167245-image.png wherever the information provided helps you, this can be beneficial to other community members

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 32,006 Reputation points Microsoft Employee
    2022-01-19T09:39:16.783+00:00

    @Luke Bittenbinder Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    port 445, but the port is shown as 'closed' So you are stating the Port 445 is blocked or enabled?
    Do you get any error message when you try to connect azure file share from home, If So can you please share the screenshot of the error message(Based on the error message, please refer to the troubleshooting article?

    I assume the issue may be related to ISP provider ? May I know your ISP provider? Summary of ISPs that Allow / Disallow Access from Port 445

    This article lists common problems that are related to Microsoft Azure Files when you connect from Windows clients. It also provides possible causes and resolutions for these problems. In addition to the troubleshooting steps in this article,
    https://learn.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems

    Additional information: You can mount the file share on your local machine by using the SMB 3.0 protocol, or you can use tools like Storage Explorer to access files in your file share. From your application, you can use storage client libraries, REST APIs, PowerShell, or Azure CLI to access your files in the Azure file share.

    Azure Files only allows connections using SMB 3.0 (with encryption support) from outside the region or datacenter. SMB 3.0 protocol has introduced many security features including channel encryption which is very secure to use over internet. However its possible that port 445 has been blocked due to historical reasons of vulnerabilities found in lower SMB versions. In ideal case, the port should be blocked for only for SMB 1.0 traffic and SMB 1.0 should be turned off on all clients.

    To check if your firewall or ISP is blocking port 445, use the AzFileDiagnostics tool or Test-NetConnection cmdlet.

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 166305-screenshot-2021-12-10-121802.png and 166754-image.png wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.