Map network drive to Azure File Storage

Written by ppolyzos

Software engineer based in Athens, Greece

38 Comments

  1. Gregg

    I have used the ‘net use’ command line version to setup the folder mapping to the Azure file storage.

    Are the account details passed securely from the local machine to Azure ?

    1. ppolyzos

      The connection between local machine and Azure is encrypted.
      If you use a program like Fiddler to monitor requests and traffic from your local machine to the outside world, you can see that the details are exchanged using NTLMSSP_AUTH.
      null

  2. Frank

    Accessing from a network where there is a domain, How do I indicate no domain or perhaps it should be local? It’s not working. Any suggestions?

    Also, I have two keys — either key should work, correct?

    1. ppolyzos

      I am not sure I quite understand the first part of your question. The credentials you are using to connect to your storage account is the Storage account name and one of the keys.

      As for the second question, the answer is yes, either key should work. It is considered as best practice, to use everywhere one of the keys, ie. the Primary, and in case any security issue happens you can use the Secondary and update the other one avoiding any service interruption.

  3. Frank

    Sorry — for my first question my default domain is “company”. So, when I enter something in the box it assumes “company\username”. I need to just get username in there but it automatically adds the “company” domain.

    So, the question is how to do indicate to the dialog that i just want “username”. I think \username (start with the backslash) does it but am not sure. I discovered this after posting the original comment.

      1. Alan

        I am not sure if this is still valid. In my case I had to specify the domain explicitly, which I could take from command line instructions (AZURE\myname).

  4. Sarah

    I have mapped network drive in windows successfully. But I am not able to open the shared drive from network:
    For example if i type \\abc.file.core.windows.net i am getting access denied error while if i do something like : Z:\, explorer is able to open this. (Z is my mapped drive name). Can you explain me reasons for this scenario?
    Secondly, i am able to create folder in this drive but when one of my applications uses this drive it is not able to create folder.
    Any help would be appreciated.
    Thanks.

    1. ppolyzos

      I don’t think accessing network drive through \\abc.file.core.windows.net is possible. Mapped network drive allows you to authorize access and use SMB for communication.
      As for the second part, it depends on the type of your application. You need to check if you have the right permissions to write files and folders in your network drive, based on the user the application is using. Have a look at your exception logs to find out more. In addition, you can try to run your app as administrator and see if this still happens.

      1. Sarah

        Thanks for the reply.
        For the second part, my application runs via a windows service with LocalSystem account and i have mapped the network drive using net use command from the same account with which user is logged in. Can there be a permission issue then? In logs i am getting only could not create folder error not the exact cause.
        P.S : I am able to create folder manually in mapped drive and also via command line. Problem occurs only when i run my application with windows service.
        Thanks

        1. ppolyzos

          I don’t think LocalSystem account has access to write files on a network drive, as a Windows service runs under Local Service with minimum privileges on the local computer.
          Have a look at this article (haven’t try it myself), it says that you can alter permissions of a certain folder using the AfterInstall event when setting up your service.
          Please let me know, if this actually works.

          1. Sarah

            This article needs me to make changes in my code which currently is not possible for me. After a little bit of searching i found out that we can use mapped drive in windows service by creating a symbolic link for that drive using command :mklink /D c:\docs \\mappeddrive\docs
            It works for me for a mapped drive shared at any system in my domain but it’s not working for Azure File Storage.

  5. Mark

    Hi there,
    This will definitely suit some use cases we have but we want to know if the file share can be made read only? Essentially, we want to make the share an archive in the cloud but will never want to create new files in it.

    Thanks,
    Mark

    1. ppolyzos

      There is a plan for Azure Active Directory integration to Azure File Service, for cases like yours, but at the moment this is not possible. You can have a look here and upvote.

      1. Huseyin

        Hi Guys,
        My aim is multiple VMs will read the configuration files or web apps from same file share or location. I am trying to install Windows Services for Apache Web Server and Tomcat Application from azure file share. I installed the services, as you guys mentioned earlier, it doesn’t work with Local System account. And I changed service account to Local Admin Account and i am still getting same error message. When I run Apache or Tomcat with command prompt from file share it works fine. is there any way to run services where their actual exe files are in file share. I presumably It is much easier implementing it on Linux System.

  6. Sid

    Is it possible to connect to \\storagename.blob.core.windows.net\container? I have the key as well. I was able to get to my container using Microsoft Azure Storage Explorer but when I want to map the network drive on my machine, I keep getting unable to connect. It does look like it tries to connect to the container but comes back to enter the credentials again and again. Also, I do see a Domain selected already i.e. my company which I can’t seem to get rid of even if I try entering a different network credentials. What am I doing wrong here? Any help would be greatly appreciated.

    Sid

      1. Sid

        Do you mean on the network credentials where I enter Storage Account name and key, do you want me to tack on “\” infront of the storage account name? I tried that but getting the same thing.

  7. Sid

    I tried that Username: \storageaccount with the key and it comes back to the same thing. I will keep trying, not sure if there is anything else I need to do.

  8. Sid

    Apparently, you can’t map to Azure Blob Storage account containers as they do not provide a SMB (Server Message Block) protocol which is a network file sharing protocol. I am going to set up a new storage account of type Storage where I can then use the file services to store all the files. I then should be able to create the network map like you have shown up here which should be pretty straightforward. Thank You!!

    Sid

    1. ppolyzos

      Indeed, mapping to Azure Blob Storage is not possible. Azure File Storage is the one that supports SMB for this kind of operation. I misunderstood that you were talking about Blob storage on your first question.

      1. Adam

        Sorry if that was a little vague. I’m aware LRS and GRS will ensure the safety of the data – but is there a way of making scheduled backups of the files to protect against issues like accidental deletion?

        Thanks.

        1. ppolyzos

          It depends on your needs.
          If you want to backup a website hosted in azure you can use App Service Backups.

          If you want to backup files hosted in your NAS, you can use Azure Cool Storage (for long-term backups, previous article), or in Azure Storage account. If you want to keep multiple versions of them you can use a tool that daily gets backup.

          Storage Account, in general, is a good solution to backup files. If I only want to have a copy of my files in case of accidental deletion I would prefer LRS as the cheapest solution. The difference between LRS and GRS, is that with GRS, if there is a failure at the primary region, Azure storage will failover to the secondary region, so that your files are immediately accessible.

          On the other side, there is also Azure Backup which is convenient for more demanding uses.

          Hope I helped you.

  9. Thomas

    I have opened outbound 445 on my Fortigate and I am trying both from the command line and Windows explorer. I am passing \username and the key. I get the error “network path not found”. What else should I be looking for?

        1. Thomas

          To what are you referring? Which solution? Did you intend to add a link? Otherwise, I was following the instructions in this post for mapping a network drive.

  10. Michael Zorbadakis

    Hi Polyzos,
    We are ruuning a windows 2012 r2 Vm on Azure and Although I am able to map the share as drive , when an application is trying to access the contents we are getting the following error:

    Cannot access the Hot Folder directory ‘\\mystorage.file.core.windows.net\main

    The service of the application runs with the same active directory credentials that we used to map the network drive.
    I have also tried to create a symbolink link and although I am able to access the content using Windows Explorers , my application still can not access .
    I have tried to use UNC and also the drive letter. Same Results.

    So It seems that windows can Access the storage but this is not happening also to our apps.

    Any ideas?

    Many thanks in advance.

    Many Thanks

    1. ppolyzos

      Although I am not sure what you mean with Hot Folder I think you refer to the issue found on this link, in the section (“Application or service cannot access mounted Azure Files drive”).
      In addition, Active Directory-based authentication currently is not supported by File storage.

      In order to access Azure File Storage you may use Client Libraries, REST API or Powershell and AzCopy is also supported in case you need to transfer large number of files.

      What I would suggest is saving your files, temporarily, in a directory where your application has access to and then create a batch job that uses AzCopy or powershell to transfer these files to Azure.
      You can have a look at this example and Search for “Synchronously copy files”.

      Hope I helped.

Leave a Comment

Your email address will not be published. Required fields are marked *