question

EduardoGarciaC-4268 avatar image
0 Votes"
EduardoGarciaC-4268 asked deherman-MSFT edited

SMB 2 with azure storage file share

I have an Azure storage account where I created a file share to use with AD authentication. I have this old Windows Server 2008 R2 which we need it to connect to this file share over SMB however I am not able to connect to the share from this server. I am able to connect from other servers but not this one. Both the storage account and the server are on the same region and I have a private endpoint for the storage account and a DNS record so it can resolve to an internal IP that way I make sure that the storage account is accessed internally only.

My question is if I can enable this file share to support this old server to connect to it? The server has SMB1 and 2 enabled. Sooner than later this server is going away but for now we need to save stuff out of it to a share.

This is what I see as the output when I run the commands from this documentation about SMB and file shares.


ResourceGroupName :
StorageAccountName :
SmbMultichannelEnabled : False
SmbProtocolVersions : SMB2.1, SMB3.0, SMB3.1.1
SmbChannelEncryption : AES-128-CCM, AES-128-GCM, AES-256-GCM
SmbAuthenticationMethods : NTLMv2, Kerberos
SmbKerberosTicketEncryption : RC4-HMAC, AES-256

Then I ran this to "clear" secure SMB settings but I guess that it keeps only the defaults, I don't see an option to disable encryption:

Update-AzStorageFileServiceProperty -ResourceGroupName $resourceGroupName -AccountName $storageAccountName -SMBProtocolVersion @()
-SMBAuthenticationMethod @() -SMBKerberosTicketEncryption @()
-SMBChannelEncryption @()






azure-files
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

deherman-MSFT avatar image
0 Votes"
deherman-MSFT answered

@EduardoGarciaC-4268
Yes, if you wish to use SMB 2.1 you need to disable secure transfer for the storage account. You can use the below PowerShell or do this via the portal.

Set-AzStorageAccount -Name "{StorageAccountName}" -ResourceGroupName "{ResourceGroupName}" -EnableHttpsTrafficOnly $False

https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer?toc=/azure/storage/files/toc.json

Hope this helps! Let us know if you have further questions or issues and we will be happy to assist.



Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.