Azure Files with ADDS Authentication - Can't connect from most on-premise devices

Question

Hi all,

We have been in a POC for Azure Files with ADDS authentication for a while, yet I still come across a lot of errors where I can't seem to get a hold of.

The environment is as follows.

3x DC (2x On-premise, 1x Azure)
Storage account with a file share
Private DNS Zone with a Private Endpoint
Site to Site VPN between on-premise and Azure
AD Connect configured
Storage account AD Domain joined

Edited DNS configurations as follows,
Added privatelink.file.core.windows.net as a new Forward Lookup zone, with a A record inside which refers to the Private IP of the private endpoint associated with the share.
For the on-premises DNS servers a Conditional forwarder of "core.windows.net", with the private ip address of the DC thats located in Azure.
For the Azure DNS server a conditional forwarder of "core.windows.net", with the Azure Private DNS address, "168.63.129.169"

The traffic seems to flow over the vpn, and other data is correctly being pushed through. But it isn't possible to mount the File share except for one server, that is the secondary DC that is located on-premise.

The subnet that resides in Azure starts with 10.192.x.x
The subnet that resides on-premise is 192.168.x.x

From the DC in Azure I can connect to the share, which seems logical because they are in the same subnet.
From 1 DC on-premise I can connect to the share, from the other DC on-premise I get the error "The specified network password is not correct" while I used the same credentials for the other DC's.

Anyone able to point me out in the right direction to fix this or maybe came across this issue while configuring the Azure Files solution? Would love to hear from you guys, thanks in advance.

Answer 1

Had this issue with WIN11, nothing in the client logs. We eventually forced the issue by including the account key in the user logon script. VERY bad form, VERY insecure, but it's all that works. Thanks M$!