您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

在 Windows 中排查 Azure 文件问题Troubleshoot Azure Files problems in Windows

本文列出了从 Windows 客户端进行连接时,与 Microsoft Azure 文件相关的常见问题。This article lists common problems that are related to Microsoft Azure Files when you connect from Windows clients. 此外,还提供了这些问题的可能原因和解决方法。It also provides possible causes and resolutions for these problems. 除本文中的疑难解答步骤之外,还可使用 AzFileDiagnostics ,以确保 Windows 客户端环境满足正确的先决条件。In addition to the troubleshooting steps in this article, you can also use AzFileDiagnostics to ensure that the Windows client environment has correct prerequisites. AzFileDiagnostics 会自动检测本文中提及的大多数症状,并帮助设置环境,以实现最佳性能。AzFileDiagnostics automates detection of most of the symptoms mentioned in this article and helps set up your environment to get optimal performance. 还可在 Azure 文件共享疑难解答中找到这些信息,该疑难解答提供相关步骤来帮助解决连接/映射/装载 Azure 文件共享时遇到的问题。You can also find this information in the Azure Files shares Troubleshooter that provides steps to assist you with problems connecting/mapping/mounting Azure Files shares.

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

装载 Azure 文件共享时出现错误 5Error 5 when you mount an Azure file share

尝试装载文件共享时,可能会收到以下错误:When you try to mount a file share, you might receive the following error:

  • 发生系统错误 5。System error 5 has occurred. 访问被拒绝。Access is denied.

原因 1:信道未加密Cause 1: Unencrypted communication channel

出于安全考虑,如果信道未加密,且连接尝试并非来自 Azure 文件共享所在的同一数据中心,将阻止连接到 Azure 文件共享。For security reasons, connections to Azure file shares are blocked if the communication channel isn't encrypted and if the connection attempt isn't made from the same datacenter where the Azure file shares reside. 如果在存储帐户中启用需要安全传输设置,则还可以阻止同一数据中心中未加密的连接。Unencrypted connections within the same datacenter can also be blocked if the Secure transfer required setting is enabled on the storage account. 仅当用户的客户端 OS 支持 SMB 加密时,才提供加密的信道。An encrypted communication channel is provided only if the user's client OS supports SMB encryption.

Windows 8、Windows Server 2012 及更高版本的每个系统协商包括支持加密的 SMB 3.0 的请求。Windows 8, Windows Server 2012, and later versions of each system negotiate requests that include SMB 3.0, which supports encryption.

原因 1 的解决方案Solution for cause 1

  1. 从支持 SMB 加密的客户端(Windows 8、Windows Server 2012 或更高版本)进行连接,或者从用于 Azure 文件共享的 Azure 存储帐户所在数据中心内的虚拟机进行连接。Connect from a client that supports SMB encryption (Windows 8, Windows Server 2012 or later) or connect from a virtual machine in the same datacenter as the Azure storage account that is used for the Azure file share.
  2. 如果客户端不支持 SMB 加密,请确保在存储帐户上禁用需要安全传输设置。Verify the Secure transfer required setting is disabled on the storage account if the client does not support SMB encryption.

原因2:在存储帐户上启用虚拟网络或防火墙规则Cause 2: Virtual network or firewall rules are enabled on the storage account

如果在存储帐户上配置了虚拟网络 (VNET) 和防火墙规则,则将拒绝访问网络流量,除非允许客户端 IP 地址或虚拟网络访问。If virtual network (VNET) and firewall rules are configured on the storage account, network traffic will be denied access unless the client IP address or virtual network is allowed access.

原因 2 的解决方案Solution for cause 2

验证是否已在存储帐户上正确配置虚拟网络和防火墙规则。Verify virtual network and firewall rules are configured properly on the storage account. 若要测试虚拟网络或防火墙规则是否导致此问题,请将存储帐户上的设置临时更改为“允许来自所有网络的访问”。To test if virtual network or firewall rules is causing the issue, temporarily change the setting on the storage account to Allow access from all networks. 若要了解详细信息,请参阅配置 Azure 存储防火墙和虚拟网络To learn more, see Configure Azure Storage firewalls and virtual networks.

尝试装载或卸载 Azure 文件共享时发生错误 53、错误 67 或错误 87Error 53, Error 67, or Error 87 when you mount or unmount an Azure file share

尝试从本地或其他数据中心装载文件共享时,可能会看到以下错误消息:When you try to mount a file share from on-premises or from a different datacenter, you might receive the following errors:

  • 发生系统错误 53。System error 53 has occurred. 找不到网络路径。The network path was not found.
  • 发生系统错误 67。System error 67 has occurred. 找不到网络名称。The network name cannot be found.
  • 发生系统错误 87。System error 87 has occurred. 参数不正确。The parameter is incorrect.

原因1:端口445被阻止Cause 1: Port 445 is blocked

如果端口 445 到 Azure 文件数据中心的出站通信受阻,可能会发生系统错误 53 或 67。System error 53 or system error 67 can occur if port 445 outbound communication to an Azure Files datacenter is blocked. 若要概览允许或不允许从端口 445 访问的 ISP,请转到 TechNetTo see the summary of ISPs that allow or disallow access from port 445, go to TechNet.

若要检查防火墙或 ISP 是否阻止端口 445,请使用 AzFileDiagnostics 工具或 Test-NetConnection cmdlet。To check if your firewall or ISP is blocking port 445, use the AzFileDiagnostics tool or Test-NetConnection cmdlet.

若要使用 Test-NetConnection cmdlet,必须安装 Azure PowerShell 模块,有关详细信息,请参阅安装 Azure PowerShell 模块To use the Test-NetConnection cmdlet, the Azure PowerShell module must be installed, see Install Azure PowerShell module for more information. 记得将 <your-storage-account-name><your-resource-group-name> 替换为存储帐户的相应名称。Remember to replace <your-storage-account-name> and <your-resource-group-name> with the relevant names for your storage account.

$resourceGroupName = "<your-resource-group-name>"
$storageAccountName = "<your-storage-account-name>"

# This command requires you to be logged into your Azure account, run Login-AzAccount if you haven't
# already logged in.
$storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName

# The ComputerName, or host, is <storage-account>.file.core.windows.net for Azure Public Regions.
# $storageAccount.Context.FileEndpoint is used because non-Public Azure regions, such as sovereign clouds
# or Azure Stack deployments, will have different hosts for Azure file shares (and other storage resources).
Test-NetConnection -ComputerName ([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) -Port 445

如果连接成功,则会看到以下输出:If the connection was successful, you should see the following output:

ComputerName     : <your-storage-account-name>
RemoteAddress    : <storage-account-ip-address>
RemotePort       : 445
InterfaceAlias   : <your-network-interface>
SourceAddress    : <your-ip-address>
TcpTestSucceeded : True

备注

以上命令返回存储帐户的当前 IP 地址。The above command returns the current IP address of the storage account. 此 IP 地址不一定保持不变,可能会随时更改。This IP address is not guaranteed to remain the same, and may change at any time. 请勿将此 IP 地址硬编码到任何脚本中或某个防火墙配置中。Do not hardcode this IP address into any scripts, or into a firewall configuration.

原因 1 的解决方案Solution for cause 1

解决方案 1-使用 Azure 文件同步Solution 1 - Use Azure File Sync

Azure 文件同步可以将本地 Windows Server 转换为 Azure 文件共享的快速缓存。Azure File Sync can transform your on-premises Windows Server into a quick cache of your Azure file share. 可以使用 Windows Server 上可用的任意协议本地访问数据,包括 SMB、NFS 和 FTPS。You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. Azure 文件同步在端口443上工作,因此可将其作为一种解决方法,用于从已阻止端口445的客户端访问 Azure 文件。Azure File Sync works over port 443 and can thus be used as a workaround to access Azure Files from clients that have port 445 blocked. 了解如何设置 Azure 文件同步Learn how to setup Azure File Sync.

解决方案 2-使用 VPNSolution 2 - Use VPN

通过设置特定存储帐户的 VPN,流量将通过安全隧道,而不是通过 internet 传输。By Setting up a VPN to your specific Storage Account, the traffic will go through a secure tunnel as opposed to over the internet. 按照说明设置 VPN ,从 Windows 访问 Azure 文件。Follow the instructions to setup VPN to access Azure Files from Windows.

解决方案 3-取消阻止端口445,帮助你联系 ISP/IT 管理员Solution 3 - Unblock port 445 with help of your ISP/IT Admin

与你的 IT 部门或 ISP 合作,打开到AZURE IP 范围的出站端口445。Work with your IT department or ISP to open port 445 outbound to Azure IP ranges.

解决方案 4-使用存储资源管理器/Powershell 等基于 REST API 的工具Solution 4 - Use REST API based tools like Storage Explorer/Powershell

除了 SMB 外,Azure 文件还支持 REST。Azure Files also supports REST in addition to SMB. REST 访问通过端口443(标准 tcp)工作。REST access works over port 443 (standard tcp). 使用 REST API 编写的各种工具可实现丰富的 UI 体验。There are various tools that are written using REST API which enable rich UI experience. 存储资源管理器是其中之一。Storage Explorer is one of them. 下载并安装存储资源管理器,并连接到 Azure 文件支持的文件共享。Download and Install Storage Explorer and connect to your file share backed by Azure Files. 还可以使用PowerShell ,它也是用户 REST API。You can also use PowerShell which also user REST API.

原因2: NTLMv1 已启用Cause 2: NTLMv1 is enabled

如果客户端上已启用 NTLMv1 通信,可能会出现系统错误 53 或 87。System error 53 or system error 87 can occur if NTLMv1 communication is enabled on the client. Azure 文件仅支持 NTLMv2 身份验证。Azure Files supports only NTLMv2 authentication. 启用 NTLMv1 将创建安全级别较低的客户端。Having NTLMv1 enabled creates a less-secure client. 因此,Azure 文件的通信受阻。Therefore, communication is blocked for Azure Files.

若要确定错误是否由此造成,请验证以下注册表子项的值是否设置为 3:To determine whether this is the cause of the error, verify that the following registry subkey is set to a value of 3:

HKLM\SYSTEM\CurrentControlSet\Control\Lsa > LmCompatibilityLevelHKLM\SYSTEM\CurrentControlSet\Control\Lsa > LmCompatibilityLevel

有关详细信息,请参阅 TechNet 上的 LmCompatibilityLevel 主题。For more information, see the LmCompatibilityLevel topic on TechNet.

原因 2 的解决方案Solution for cause 2

在以下注册表子项中,将 LmCompatibilityLevel 值还原为默认值 3:Revert the LmCompatibilityLevel value to the default value of 3 in the following registry subkey:

HKLM\SYSTEM\CurrentControlSet\Control\LsaHKLM\SYSTEM\CurrentControlSet\Control\Lsa

复制到 Azure 文件共享时,出现错误 1816“配额不足,无法处理此命令”Error 1816 "Not enough quota is available to process this command" when you copy to an Azure file share

原因Cause

在要装载文件共享的计算机上,如果达到文件允许的并发打开句柄上限,便会发生错误 1816。Error 1816 happens when you reach the upper limit of concurrent open handles that are allowed for a file on the computer where the file share is being mounted.

解决方案Solution

关闭一些句柄,减少并发打开句柄的数量,再重试。Reduce the number of concurrent open handles by closing some handles, and then retry. 有关详细信息,请参阅 Microsoft Azure 存储性能和可伸缩性清单For more information, see Microsoft Azure Storage performance and scalability checklist.

若要查看文件共享、目录或文件的打开句柄,请使用AzStorageFileHandle PowerShell cmdlet。To view open handles for a file share, directory or file, use the Get-AzStorageFileHandle PowerShell cmdlet.

若要关闭文件共享、目录或文件的打开句柄,请使用AzStorageFileHandle PowerShell cmdlet。To close open handles for a file share, directory or file, use the Close-AzStorageFileHandle PowerShell cmdlet.

备注

Az PowerShell 模块2.4 版或更高版本中包含 AzStorageFileHandle 和 AzStorageFileHandle cmdlet。The Get-AzStorageFileHandle and Close-AzStorageFileHandle cmdlets are included in Az PowerShell module version 2.4 or later. 若要安装最新的 Az PowerShell 模块,请参阅安装 Azure PowerShell 模块To install the latest Az PowerShell module, see Install the Azure PowerShell module.

浏览到门户中的 Azure 文件共享时出现 "授权失败" 错误Error “Authorization failure” when browsing to an Azure file share in the portal

浏览到门户中的 Azure 文件共享时,可能会收到以下错误:When you browse to an Azure file share in the portal, you may receive the following error:

授权失败Authorization failure
你无权访问You do not have access

原因1:你的用户帐户无权访问存储帐户Cause 1: Your user account does not have access to the storage account

原因 1 的解决方案Solution for cause 1

浏览到Azure文件共享所在的存储帐户,单击“访问控制(IAM)”,确保你的用户帐户有权访问该存储帐户。Browse to the storage account where the Azure file share is located, click Access control (IAM) and verify your user account has access to the storage account. 若要了解详细信息,请参阅如何使用基于角色的访问控制 (RBAC) 来保护存储帐户To learn more, see How to secure your storage account with Role-Based Access Control (RBAC).

原因2:在存储帐户上启用虚拟网络或防火墙规则Cause 2: Virtual network or firewall rules are enabled on the storage account

原因 2 的解决方案Solution for cause 2

验证是否已在存储帐户上正确配置虚拟网络和防火墙规则。Verify virtual network and firewall rules are configured properly on the storage account. 若要测试虚拟网络或防火墙规则是否导致此问题,请将存储帐户上的设置临时更改为“允许来自所有网络的访问”。To test if virtual network or firewall rules is causing the issue, temporarily change the setting on the storage account to Allow access from all networks. 若要了解详细信息,请参阅配置 Azure 存储防火墙和虚拟网络To learn more, see Configure Azure Storage firewalls and virtual networks.

无法删除 Azure 文件共享中的文件或目录Unable to delete a file or directory in an Azure file share

原因Cause

如果文件或目录具有打开的句柄,通常会发生此问题。This issue typically occurs if the file or directory has an open handle.

解决方案Solution

如果 SMB 客户端已关闭所有打开的句柄,但问题仍然存在,请执行以下操作:If the SMB clients have closed all open handles and the issue continues to occur, perform the following:

备注

Az PowerShell 模块2.4 版或更高版本中包含 AzStorageFileHandle 和 AzStorageFileHandle cmdlet。The Get-AzStorageFileHandle and Close-AzStorageFileHandle cmdlets are included in Az PowerShell module version 2.4 or later. 若要安装最新的 Az PowerShell 模块,请参阅安装 Azure PowerShell 模块To install the latest Az PowerShell module, see Install the Azure PowerShell module.

在 Windows 中将文件复制到 Azure 文件以及从中复制文件时速度缓慢Slow file copying to and from Azure Files in Windows

尝试将文件传输到 Azure 文件服务时,可能会发现速度缓慢。You might see slow performance when you try to transfer files to the Azure File service.

  • 如果没有特定的最低 I/O 大小要求,建议 I/O 大小为 1 MiB 以实现最佳性能。If you don't have a specific minimum I/O size requirement, we recommend that you use 1 MiB as the I/O size for optimal performance.
  • 如果知道通过写入要扩展的最终文件大小,并且软件在文件的未写入结尾包含零时未出现兼容性问题,请提前设置文件大小,而不是让每次写入都成为扩展写入。If you know the final size of a file that you are extending with writes, and your software doesn't have compatibility problems when the unwritten tail on the file contains zeros, then set the file size in advance instead of making every write an extending write.
  • 使用正确的复制方法:Use the right copy method:
    • 使用 AZCopy 在两个文件共享之间传输任何内容。Use AzCopy for any transfer between two file shares.
    • 在本地计算机上的文件共享之间使用 RobocopyUse Robocopy between file shares on an on-premises computer.

Windows 8.1 或 Windows Server 2012 R2 的注意事项Considerations for Windows 8.1 or Windows Server 2012 R2

对于运行 Windows 8.1 或 Windows Server 2012 R2 的客户端,请确保已安装修补程序 KB3114025For clients that are running Windows 8.1 or Windows Server 2012 R2, make sure that the KB3114025 hotfix is installed. 此修补程序可提升创建和关闭句柄的性能。This hotfix improves the performance of create and close handles.

可运行以下脚本,检查是否已安装此修补程序:You can run the following script to check whether the hotfix has been installed:

reg query HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\Policies

如果安装了修补程序,会显示以下输出:If hotfix is installed, the following output is displayed:

HKEY_Local_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\Policies {96c345ef-3cac-477b-8fcd-bea1a564241c} REG_DWORD 0x1

备注

自 2015 年 12 月起,Azure 市场中的 Windows Server 2012 R2 映像将默认安装修补程序 KB3114025。Windows Server 2012 R2 images in Azure Marketplace have hotfix KB3114025 installed by default, starting in December 2015.

"我的电脑" 或 "这台电脑" 中没有驱动器号的文件夹No folder with a drive letter in "My Computer" or "This PC"

如果使用 net use 以管理员身份映射 Azure 文件共享,共享似乎会丢失。If you map an Azure file share as an administrator by using net use, the share appears to be missing.

原因Cause

默认情况下,Windows 文件资源管理器不以管理员身份运行。By default, Windows File Explorer does not run as an administrator. 如果通过管理命令提示符运行 net use,可以管理员身份映射网络驱动器。If you run net use from an administrative command prompt, you map the network drive as an administrator. 由于映射的驱动器以用户为中心,如果不同用户帐户下已装载这些驱动器,则已登录的用户帐户将不显示它们。Because mapped drives are user-centric, the user account that is logged in does not display the drives if they are mounted under a different user account.

解决方案Solution

从非管理员命令行中装载共享。Mount the share from a non-administrator command line. 此外,可按照 TechNet 主题配置 EnableLinkedConnections 注册表值。Alternatively, you can follow this TechNet topic to configure the EnableLinkedConnections registry value.

如果存储帐户包含正斜杠,则 net use 命令失败Net use command fails if the storage account contains a forward slash

原因Cause

net use 命令会将正斜杠 (/) 解释为命令行选项。The net use command interprets a forward slash (/) as a command-line option. 如果用户帐户名称以正斜杠开头,则驱动器映射失败。If your user account name starts with a forward slash, the drive mapping fails.

解决方案Solution

若要解决此问题,可完成以下任意步骤:You can use either of the following steps to work around the problem:

  • 运行以下 PowerShell 命令:Run the following PowerShell command:

    New-SmbMapping -LocalPath y: -RemotePath \\server\share -UserName accountName -Password "password can contain / and \ etc"

    在批处理文件中,可以按如下方式运行命令:From a batch file, you can run the command this way:

    Echo new-smbMapping ... | powershell -command –

  • 用双引号将密钥括起来,可以解决此问题(除非正斜杠是首个字符)。Put double quotation marks around the key to work around this problem--unless the forward slash is the first character. 如果是,可以使用交互模式并单独输入密码,也可以生成密钥来获取不以正斜杠开头的密钥。If it is, either use the interactive mode and enter your password separately or regenerate your keys to get a key that doesn't start with a forward slash.

应用程序或服务无法访问装载的 Azure 文件驱动器Application or service cannot access a mounted Azure Files drive

原因Cause

每个用户都装载了驱动器。Drives are mounted per user. 如果运行应用程序或服务的用户帐户与装载驱动器的用户帐户不同,应用程序将检测不到驱动器。If your application or service is running under a different user account than the one that mounted the drive, the application will not see the drive.

解决方案Solution

使用以下解决方案之一:Use one of the following solutions:

  • 从包含应用程序的同一用户帐户装载驱动器。Mount the drive from the same user account that contains the application. 可以使用 PsExec 等工具。You can use a tool such as PsExec.

  • 在 net use 命令的用户名和密码参数中传递存储帐户名称和密钥。Pass the storage account name and key in the user name and password parameters of the net use command.

  • 使用 cmdkey 命令将凭据添加到凭据管理器中。Use the cmdkey command to add the credentials into Credential Manager. 从命令行在服务帐户上下文中通过交互式登录或使用运行方式执行此操作。Perform this from a command line under the service account context, either through an interactive login or by using runas.

    cmdkey /add:<storage-account-name>.file.core.windows.net /user:AZURE\<storage-account-name> /pass:<storage-account-key>

  • 不使用映射驱动器号直接映射共享。Map the share directly without using a mapped drive letter. 某些应用程序可能无法正确地重新连接到驱动器号,因此使用完整的 UNC 路径可能会更可靠。Some applications may not reconnect to the drive letter properly, so using the full UNC path may be more reliable.

    net use * \\storage-account-name.file.core.windows.net\share

按照这些说明操作后,对系统/网络服务帐户运行 net use 时,可能会看到以下错误消息:“发生系统错误 1312。After you follow these instructions, you might receive the following error message when you run net use for the system/network service account: "System error 1312 has occurred. 如果为系统/网络服务帐户运行A specified logon session does not exist. 可能已被终止。”It may already have been terminated." 如果发生这种情况,请确保传递到 net use 的用户名包括域信息(例如,“[存储帐户名称].file.core.windows.net”)。If this occurs, make sure that the username that is passed to net use includes domain information (for example: "[storage account name].file.core.windows.net").

出现错误“要将该文件复制到的目标不支持加密”Error "You are copying a file to a destination that does not support encryption"

通过网络复制文件时,文件在源计算机上被解密,以明文形式传输,并在目标位置上被重新加密。When a file is copied over the network, the file is decrypted on the source computer, transmitted in plaintext, and re-encrypted at the destination. 不过,尝试复制加密文件时,可能会看到以下错误消息:“要将该文件复制到的目标不支持加密。”However, you might see the following error when you're trying to copy an encrypted file: "You are copying the file to a destination that does not support encryption."

原因Cause

如果使用的是加密文件系统 (EFS),可能会出现此问题。This problem can occur if you are using Encrypting File System (EFS). 可将 BitLocker 加密的文件复制到 Azure 文件。BitLocker-encrypted files can be copied to Azure Files. 不过,Azure 文件不支持 NTFS EFS。However, Azure Files does not support NTFS EFS.

解决方法Workaround

必须先将文件解密,才能通过网络进行复制。To copy a file over the network, you must first decrypt it. 使用以下方法之一:Use one of the following methods:

  • 运行 copy /d 命令。Use the copy /d command. 这样,可以将加密文件作为解密文件保存到目标位置。It allows the encrypted files to be saved as decrypted files at the destination.
  • 设置以下注册表项:Set the following registry key:
    • Path = HKLM\Software\Policies\Microsoft\Windows\SystemPath = HKLM\Software\Policies\Microsoft\Windows\System
    • Value type = DWORDValue type = DWORD
    • 名称 = CopyFileAllowDecryptedRemoteDestinationName = CopyFileAllowDecryptedRemoteDestination
    • 值 = 1Value = 1

请注意,设置注册表项会影响对网络共享进行的所有复制操作。Be aware that setting the registry key affects all copy operations that are made to network shares.

文件和文件夹的枚举速度变慢Slow enumeration of files and folders

原因Cause

如果客户端计算机上用于大型目录的缓存不足,则可能会出现此问题。This problem can occur if there is no enough cache on client machine for large directories.

解决方案Solution

若要解决此问题,请调整 DirectoryCacheEntrySizeMax 注册表值以允许在客户端计算机上缓存较大的目录列表:To resolve this problem, adjusting the DirectoryCacheEntrySizeMax registry value to allow caching of larger directory listings in the client machine:

  • 位置:HKLM\System\CCS\Services\Lanmanworkstation\ParametersLocation: HKLM\System\CCS\Services\Lanmanworkstation\Parameters
  • 值名称:DirectoryCacheEntrySizeMaxValue mane: DirectoryCacheEntrySizeMax
  • 值类型:DWORDValue type:DWORD

例如,可将其设置为 0x100000,并查看性能是否有所提高。For example, you can set it to 0x100000 and see if the performance become better.

为 Azure 文件启用 Azure Active Directory 域服务(AAD DS)身份验证时出错 AadDsTenantNotFound 找不到租户 Id 为 aad-id 的活动租户Error AadDsTenantNotFound in enabling Azure Active Directory Domain Service (AAD DS) authentication for Azure Files "Unable to locate active tenants with tenant Id aad-tenant-id"

原因Cause

当你尝试为存储帐户上的Azure 文件启用 Azure Active Directory 域服务(AAD ds)身份验证时,如果未在关联订阅的 aad 租户上创建aad 域服务(aad ds) ,则会发生错误 AadDsTenantNotFound。Error AadDsTenantNotFound happens when you try to enable Azure Active Directory Domain Service (AAD DS) authentication for Azure Files on a storage account where AAD Domain Service(AAD DS) is not created on the AAD tenant of the associated subscription.

解决方案Solution

在部署存储帐户的订阅的 AAD 租户上启用 AAD DS。Enable AAD DS on the AAD tenant of the subscription that your storage account is deployed to. 需要 AAD 租户的管理员权限才能创建托管域。You need administrator privileges of the AAD tenant to create a managed domain. 如果你不是 Azure AD 租户的管理员,请与管理员联系并按照分步指南操作,以使用 Azure 门户启用 Azure Active Directory 域服务If you aren't the administrator of the Azure AD tenant, contact the administrator and follow the step-by-step guidance to Enable Azure Active Directory Domain Services using the Azure portal.

从浏览器访问使用 Azure 文件存储的 Web 应用程序时出现错误 ConditionHeadersNotSupportedError ConditionHeadersNotSupported from a Web Application using Azure Files from Browser

通过使用条件标头的应用程序(如 web 浏览器)访问 Azure 文件中托管的内容时,会发生 ConditionHeadersNotSupported 错误。The ConditionHeadersNotSupported error occurs when accessing content hosted in Azure Files through an application that makes use of conditional headers, such as a web browser, access fails. 错误指出不支持条件标头。The error states that condition headers are not supported.

Azure 文件条件标头错误

原因Cause

尚不支持条件标头。Conditional headers are not yet supported. 实现它们的应用程序将需要在每次访问文件时请求完整的文件。Applications implementing them will need to request the full file every time the file is accessed.

解决方法Workaround

上传新文件时,cache-control 属性默认为“no-cache”。When a new file is uploaded, the cache-control property by default is “no-cache”. 若要强制应用程序每次请求文件,需要将文件的 cache-control 属性从“no-cache”更新为“no-cache, no-store, must-revalidate”。To force the application to request the file every time, the file's cache-control property needs to be updated from “no-cache” to “no-cache, no-store, must-revalidate”. 这可以使用 Azure 存储资源管理器来实现。This can be achieved using Azure Storage Explorer.

Azure 文件条件标头的存储资源管理器内容缓存修改

出现错误 "系统错误1359。Error 'System error 1359 has occurred. 在启用 Azure Active Directory 域服务(AAD DS)身份验证的情况对文件共享的 SMB 访问接收到的内部错误An internal error' received over SMB access to file shares with Azure Active Directory Domain Service (AAD DS) authentication enabled

原因Cause

出现错误 "系统错误1359。Error 'System error 1359 has occurred. 当你尝试使用 AAD ds 身份验证(以数字字符开头的域 DNS 名称)连接到你的文件共享时,将发生内部错误。An internal error' happens when you try to connect to your file share with AAD DS authentication enabled against an AAD DS with domain DNS name starting with a numeric character. 例如,如果 AAD DS 域 DNS 名称为 "1domain",则在尝试使用 AAD 凭据装载文件共享时,会收到此错误。For example, if your AAD DS Domain DNS name is "1domain", you will get this error when attempting to mount the file share using AAD credentials.

解决方案Solution

目前,可以考虑使用适用于以下规则的新域 DNS 名称重新部署 AAD DS:Currently, you can consider redeploying your AAD DS using a new domain DNS name that applies with the rules below:

  • 名称不能以数字字符开头。Names cannot begin with a numeric character.
  • 名称长度必须介于3到63个字符之间。Names must be from 3 to 63 characters long.

需要帮助?Need help? 联系支持人员。Contact support.

如果仍需帮助,请联系支持人员,以快速解决问题。If you still need help, contact support to get your problem resolved quickly.