Last updated on March 4, 2023
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-windows
An Azure storage account and an Azure file share
A Windows Server 2019 Datacenter VM
1 Create a storage account (test-it3->testit3straccount)
A general-purpose v2 storage account provides access to all of the Azure Storage services: blobs, files, queues, and tables.
2 Create an Azure file share:
2.1 When the Azure storage account deployment is complete, select Go to resource.
2.2 Select File shares from the storage account pane.
2.3 Select + File Share.
2.4 Name the new file share qsfileshare, enter “1” for the Quota, leave Transaction optimized selected,
and select Create. The quota can be a maximum of 5 TiB (100 TiB, with large file shares enabled),
but you only need 1 GiB for this quickstart.
2.5 Create a new txt file called qsTestFile on your local machine.
2.6 Select the new file share, then on the file share location, select Upload.
2.7 Browse to the location where you created your .txt file > select qsTestFile.txt > select Upload.
So far, you’ve created an Azure storage account and a file share with one file in it in Azure.
Next you’ll create the Azure VM with Windows Server 2019 Datacenter to represent the on-premises server in this quickstart.
1 ARM Deployed VM
ARM template documentation | Microsoft Docs
1.2 Map the Azure file share to a Windows drive
1.3 In the Azure portal, navigate to the qsfileshare fileshare and select Connect.
1.4 Select a drive letter then copy the contents of the second box and paste it in Notepad.
1.5 In the VM, open PowerShell and paste in the contents of the Notepad,
then press enter to run the command. It should map the drive.
NOTE: Skipped: Create a share snapshot, Browse a share snapshot, Restore from a snapshot for qsTestFile.txt
2 Use a share snapshot in Windows
2.1 Mount the Azure file share with File Explorer
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
2.2 Navigate to This PC on the left-hand side of the window. This will change the menus available in the ribbon. Under the Computer menu, select Map network drive.
2.3 Select the drive letter and enter the UNC path, the UNC path format is
\testit3straccount.file.core.windows.net\qsfileshare
(same as in the ps1 script from portal)
2.4 Use the storage account name prepended with in the script as the username and a storage account key (this is the shared access key) as the password
Shared access keys are more critical if they get in the wrong hands, SAS is a better option for many cases or clients.
VM
#20.11.2022
if access denied, check and verify that the vnet->subnet where the vm is attached has access on the storage account networking blade?
#20.11.2022
Test Robocopy and verify update to the storage account
Now we want to cp the files from c\Scrips\Data to the share Z:\ and also create a folder.
When we are done with that we want to view the files in portal.
cp files
cp files and make dir
view in portal testit3straccount->File Shares->qsfileshare
For IAM: Azure AD enable Identity-based autenthication for user, f_key etc
There is also an HTTPS endpoint for the account
https://testit3straccount.file.core.windows.net/qsfileshare
Test restart VM and share/file persistent as in script:
# […]
# Mount the drive
New-PSDrive -Name Z -PSProvider FileSystem -Root “\\testit3straccount.file.core.windows.net\qsfileshare” -Persist
Login and verify
So we need to reconnect:
Use the shared access key:
And we are good to go
How to not reconnect on boot?
$connectTestResult = Test-NetConnection -ComputerName testit3straccount.file.core.windows.net -Port 445
if ($connectTestResult.TcpTestSucceeded) {
# Save the password so the drive will persist on reboot
cmd.exe /C “cmdkey /add:`”testit3straccount.file.core.windows.net`” /user:`”localhost\testit3straccount`” /pass:`”shared-access-key`””
# Mount the drive
New-PSDrive -Name Z -PSProvider FileSystem -Root “\\testit3straccount.file.core.windows.net\qsfileshare” -Persist
} else {
Write-Error -Message “Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port.”
}
But how to stop the manual task of reconnect?
How to delete a share
Press disconnect on share in vm, delete the share in the portal and regedit to delete the drive letter in explorer.
Mapped network drive is disconnected – Windows Server | Microsoft Docs
- In Registry Editor, locate the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 - Right-click the mapped drive that you want to remove. For example, right-click ##Server_Name#Share_Name, and then click Delete.
Restart VM and the drive letter is gone
Now create the share again, upload a file, press connect and get the script.
On the vm run the script as admin, go to this pc->right click->Map network drive
And the share is back.
Reconnect and not give Shared access key every time:
NigelWhite-7905 avatar image NigelWhite-7905 · Jun 08 2020 at 9:11 PM
@ManuPhilip Thanks for this, however I think this shows attaching the storage share using the storage key rather than the authenticated user on the client machine. I think I need native AAD authentication which is apparently on the roadmap.
UPDATE 2022
REM NOTE: /sec /secfix could be problematic between Azure VM and Azure Storage Account File Share (but do you need them?), i.e access denied.
REM NOTE: Check if you can edit in the container with your user, mainly the security on a folder
Drives B and A is not good to use either, Use K for example
If you use a service or function user that will always be running on the VM and is the admin user of the share:
And enter the credentials
It could be that you dont see the share after restart or at all, maybe just drive K with a question marks, that is ok, just got the:
\\ <storageAccountName>.file.core.windows.net\<fileShareName>
If you are mounting for yourself and rights are in place, just press connect and you should be right in the share if you have proper access.
