Azure File Shares - Identity Based Access API Error

Question

Hi all,

Currently getting the below error when trying to apply step 2 for Identity Based Access - Set Share-level permissions.

Step 1 has been complete and has been configured through AD DS.

I have tried adding the below API versions to the URL as per another post I saw somewhere but with no luck:

?api-version=2023-01-01

?api-version=2023-05-01

?api-version=2023-01-05

Has anyone else had this/been able to resolve?

Look forward to your responses!

Thanks,

Answer 1

Hello Jay McDonald,

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer. Accepted answers show up at the top, resulting in improved discoverability for others.

Issue: Azure File Shares - Identity Based Access API Error

Error Message: Failed to update storage account

Solution:

Customer resolved this doing the below:

Sina's reply helped with step 1 - I decided to recreate the link between my storage account on AD & the storage account by deleting the original account created and recreating it.

I don't believe this solved it but every step helps - I tried again but got the same error.

I tried enabling this through alternative methods again - https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-assign-share-level-permissions?tabs=azure-cli

This failed with no error message in either Powershell or Azure CLI but kept giving me the same error when trying on the portal.

Doing some googling I found a similar issue someone had with their API on key vaults. This recommended running az upgrade in Azure CLI - I ran this and tried adding permissions again through Azure CLI and this worked. Bit of a strange one so hopefully this helps anyone else getting similar errors in future.

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Answer 2

Hi Jay McDonald,

Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

The API version when trying to set share-level permissions for Azure File Shares. The error message indicates that the June 2021 API version is not available in your region and suggests using the January 2023 API version.I Suggest few steps you can try to resolve this issue:

Verify API Version: Ensure you are using the correct API version in your request. The error message suggests using the January 2023 API version (?api-version=2023-01-01).

Check Region Availability: Confirm that the API version you are trying to use is available in your region. Some API versions might not be supported in all regions.

Update Storage Account: If the issue persists, try updating your storage account to a newer version that supports the required API version. You can do this through the Azure portal or using Azure CLI/PowerShell.

Recreate Storage Account: As a last resort, you might consider recreating the storage account and configuring it again. This has helped some users resolve similar issues
**
For reference:**
https://learn.microsoft.com/en-us/answers/questions/2125705/cant-enable-identity-based-access-on-a-file-share

For more detailed you can refer to the Azure Files identity-based authentication troubleshooting guide

Hope this helps. Do let us know if you have any further queries.

Answer 3

Hello Jay McDonald,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that your Azure File Shares is having Identity Based Access API Error.

I have seen above that @Keshavulu Dasari has provided several steps to resolve the issue but the issue persist.

Let's focus on detailed steps for updating the API version on the storage account and use the solution that's more applicable to your scenario.

To update the API Version on the Storage Account:

If you would like to use Azure Portal:

• Navigate to your storage account in the Azure Portal.
• Go to the Configuration section.
• Check the Minimum TLS version and ensure it is set to the latest version.
• Save the changes.

If you like using Azure CLI:

• Open your command-line interface.
• Run the following command to update the API version:

az storage account update --name <storage-account-name> --resource-group <resource-group-name> --set properties.minimumTlsVersion=TLS1_2

Replace <storage-account-name> and <resource-group-name> with your actual storage account name and resource group name.

Thirdly, if you would like using PowerShell:

• Open PowerShell.
• Run the following command to update the API version:

Set-AzStorageAccount -ResourceGroupName <resource-group-name> -Name <storage-account-name> -MinimumTlsVersion TLS1_2

Replace <storage-account-name> and <resource-group-name> with your actual storage account name and resource group name.

NOTE:

Make sure that the share-level permissions are correctly configured. Refer to the Azure Files identity-based authentication troubleshooting guide - https://learn.microsoft.com/en-us/troubleshoot/azure/azure-storage/files/security/files-troubleshoot-smb-authentication) for detailed steps

If Kerberos authentication is not applicable, check that you are using the correct authentication method for your scenario and verify that the storage account is configured for the appropriate identity-based access method.

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.