Cannot reach Azure File Private Endpoint from on-premise stations

Brandon Smith 20 Reputation points
2024-03-27T23:51:52.0533333+00:00

We have an Azure Storage account with an SMB share create and a Private Endpoint attached.

We have 2 office locations connected to our Azure vNet via CATO SD-WAN appliances.

We are not able to connect to our Azure File share over this connection via the private endpoint IP or after configuring DNS with the private endpoint IP.

We have run the AzFileDiagnostic script and all checks passed except for the following:

======Validate port 445 reachability over Storage Account IP 10.99.0.7

[ERROR]: Connection attempt fails with iteration(0 + 1) of 3 with the error --- No connection could be made because the target machine actively refused it 10.99.0.7:445

[ERROR]: Connection attempt fails with iteration(1 + 1) of 3 with the error --- No connection could be made because the target machine actively refused it 10.99.0.7:445

[ERROR]: Connection attempt fails with iteration(2 + 1) of 3 with the error --- No connection could be made because the target machine actively refused it 10.99.0.7:445

[ERROR]: Last connection exception is:

   ---No connection could be made because the target machine actively refused it 10.99.0.7:445

[ERROR]: Port 445 is not reachable from this client, Exit the validation and please verify the network

We are able to reach SMB shares on Azure VMs on the same vNet, but not this private endpoint.

Test-NetConnection with port 445 passes from on-premise to an Azure VM, but fails to the private endpoint.

We created a Point to Site connection and can reach the private endpoint over that connection fine.

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,164 questions
Accepted answer
  1. KarishmaTiwari-MSFT 18,447 Reputation points Microsoft Employee
    2024-03-28T18:45:16.9666667+00:00

    @Brandon Smith

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer. Accepted answers show up at the top, resulting in improved discoverability for others.

    Issue: Cannot reach Azure File Private Endpoint from on-premises stations.

    Solution: Customer shared - "This was resolved. A member of the company's IT staff advised that the CATO LAN socket was using the same IP. This is odd because the IP used for the private endpoint was assigned by Azure and didn't show up in the connected devices list on the NVet. However, recreating the endpoint with a static IP different from the previous IP resolved our issues."

    If your issue remains unresolved or have further questions, please let us know in the comments how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback.

    User's image

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more