We are evaluating what we can do to address this feedback and would very much appreciate your continued votes and suggestions on it.
One alternative to mounting the share on-premises over port 445 is Azure File Sync, which enables you to create a cache of an Azure file share on an on-premises Windows Server. Azure File Sync only sends data over the Azure Files HTTPS (using the File REST APIs). You can learn more about Azure File Sync here: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning
Please don’t hesitate to reach out if you have any additional questions!
Program Manager, Azure Files
An error occurred while saving the commentAnonymous commented
I wanted to add here:
I just spent all of my Saturday (8 hours) troubleshooting this:
Here's my scenario:
-Need to migrate flat files from Dropbox to another solution for a client. They don't have AD and they don't have a file server. This is a small 6 user shop with 120GB roughly of files.
-Everyone is working from home and I would like one set of files to be able to accessed by everyone over the cloud. Small files (max 20MB each) I'm not worried about latency.
-I would like to use Azure Files. In my head i"m thinking, hey its 2020, I should be able to spend a couple hours and get a solution up for them in Azure. Client would be happy and would save them $4,000 annually by using this solution. (Vendors to host their data want $350 per month + setup fees)
-You guys guided me along and I was able to successfully set up Azure Files.
-Ok great, now since everyone just says map the file as SMB, no problem! Went to hit connect with the Powershell script they provided.
-WRONG! Port 445 is blocked with Comcast. I have to assume 99% of home users will be blocked as well due to WannaCry vulnerability.
-No worries, everyone says. Just set up a Point to Site. This is the perfect solution for your case for a small business.
-Spent a few hours going over YT videos. Finally was able to get the P2S vpn set up. Self signed certs all set. VPN connects! Yay! ipconfig/all - I see the 172.x.x.x azure subnet listed.
-So now I'm thinking cool. Should be able to map that and I can run these SS certs on the clients machines no problem.
-445 ERROR - What the ****? I thought VPN was supposed to have a direct link to Azure.
-Bypassed my PFSense firewall and went straight Comcast modem to make sure it wasn't PFSense. Same issue.
-Plugged in a WIFI USB adapater to my workstation - Tethered it to my cell network. Ran the PS script to connect Files - WORKED LIKE A CHAMP!!
-So at this point I'm blaming the ISP. What else can I do? Someone in my other thread suggested that my VPN might have a dns or split/full tunnel issue. I couldn't find any options relating to this.
-Another suggestion was there's no Azure policy to know that VPN has to connect to the files. But since it worked with a cellular hotspot, I have to assume that all necessary things are in place.
I would absolutely love to use this solution with Microsoft. I find that there's not a lot of articles regarding troubles with 445 and Azure Files. I see a lot of YT videos and articles on how to set it up which helps. But I have to assume this has been a problem for a lot of people.
This has been kind of fun, a total crash course and also confusing. Dizzying at times with Articles that seemingly take me in circles. I kind of have to learn by doing so its been a tough road for me so far.
If anyone knows how to get around this that would be great but I'm about to sadly give up.