Forum Discussion
Access denied on FileShare using access keys
Hi
Hi!
I created and Azure Storage account and a Fileshare in it. I have 2 VM's running Windows Server 2016 and both are in the same Region.
On VM1 i can connect to the fileshare using the Storage account username and access keys with the New-PSDrive command without any problems
On VM2 i get "access denied" when trying to connect to the fileshare the same way with the storage account username and access keys, anyone know why this would happen? i execute the exact same New-PSDrive on both servers.
Error from PowerShell:
PS C:\temp> .\MountBackup.ps1
CMDKEY: Credential added successfully.
New-PSDrive : Access is denied
At C:\temp\MountBackup.ps1:6 char:5
+ New-PSDrive -Name Z -PSProvider FileSystem -Root "\\europrod.f ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Z:PSDriveInfo) [New-PSDrive], Win32Exception
+ FullyQualifiedErrorId : CouldNotMapNetworkDrive,Microsoft.PowerShell.Commands.NewPSDriveCommand
Verify virtual network and firewall rules are configured properly on the storage account. To test if virtual network or firewall rules is causing the issue, temporarily change the setting on the storage account to Allow access from all networks. To learn more, see Configure Azure Storage firewalls and virtual networks.
Hello michaelsjodin115 ,
System error 53 or system error 67 can occur if port 445 outbound communication to an Azure Files data center is blocked. To see the summary of ISPs that allow or disallow access from port 445, go to TechNet.
To check if your firewall or ISP is blocking port 445, use the AzFileDiagnostics tool or Test-NetConnection cmdlet.
To use the Test-NetConnection cmdlet, the Azure PowerShell module must be installed, see Install Azure PowerShell module for more information. Remember to replace <your-storage-account-name> and <your-resource-group-name> with the relevant names for your storage account.
Azure PowerShell$resourceGroupName = "<your-resource-group-name>" $storageAccountName = "<your-storage-account-name>" # This command requires you to be logged into your Azure account, run Login-AzAccount if you haven't # already logged in. $storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName # The ComputerName, or host, is <storage-account>.file.core.windows.net for Azure Public Regions. # $storageAccount.Context.FileEndpoint is used because non-Public Azure regions, such as sovereign clouds # or Azure Stack deployments, will have different hosts for Azure file shares (and other storage resources). Test-NetConnection -ComputerName ([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) -Port 445If the connection was successful, you should see the following output:
Azure PowerShellComputerName : <your-storage-account-name> RemoteAddress : <storage-account-ip-address> RemotePort : 445 InterfaceAlias : <your-network-interface> SourceAddress : <your-ip-address> TcpTestSucceeded : True- This is from the machine it's not working on
PS C:\temp> Test-NetConnection -ComputerName ([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) -Port 445
ComputerName : europrod.file.core.windows.net
RemoteAddress : 5X.XXX.1XX.4X
RemotePort : 445
InterfaceAlias : Ethernet
SourceAddress : 10.1X0.X3.X
TcpTestSucceeded : True
