5 min Create and configure an Azure Files mount on VM 2 with robocopy (update)

https://docs.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-windows

An Azure storage account and an Azure file share
A Windows Server 2019 Datacenter VM

1 Create a storage account (test-it3->testit3straccount)
A general-purpose v2 storage account provides access to all of the Azure Storage services: blobs, files, queues, and tables.
2 Create an Azure file share:
2.1 When the Azure storage account deployment is complete, select Go to resource.
2.2 Select File shares from the storage account pane.
2.3 Select + File Share.
2.4 Name the new file share qsfileshare, enter “1” for the Quota, leave Transaction optimized selected,
and select Create. The quota can be a maximum of 5 TiB (100 TiB, with large file shares enabled),
but you only need 1 GiB for this quickstart.
2.5 Create a new txt file called qsTestFile on your local machine.
2.6 Select the new file share, then on the file share location, select Upload.
2.7 Browse to the location where you created your .txt file > select qsTestFile.txt > select Upload.

So far, you’ve created an Azure storage account and a file share with one file in it in Azure.
Next you’ll create the Azure VM with Windows Server 2019 Datacenter to represent the on-premises server in this quickstart.

1 ARM Deployed VM

ARM template documentation | Microsoft Docs


1.2 Map the Azure file share to a Windows drive
1.3 In the Azure portal, navigate to the qsfileshare fileshare and select Connect.
1.4 Select a drive letter then copy the contents of the second box and paste it in Notepad.
1.5 In the VM, open PowerShell and paste in the contents of the Notepad,
then press enter to run the command. It should map the drive.

NOTE: Skipped: Create a share snapshot, Browse a share snapshot, Restore from a snapshot for qsTestFile.txt

2 Use a share snapshot in Windows
2.1 Mount the Azure file share with File Explorer

https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

2.2 Navigate to This PC on the left-hand side of the window. This will change the menus available in the ribbon. Under the Computer menu, select Map network drive.
2.3 Select the drive letter and enter the UNC path, the UNC path format is

\testit3straccount.file.core.windows.net\qsfileshare

(same as in the ps1 script from portal)
2.4 Use the storage account name prepended with in the script as the username and a storage account key (this is the shared access key) as the password

Shared access keys are more critical if they get in the wrong hands, SAS is a better option for many cases or clients.

VM

#20.11.2022

if access denied, check and verify that the vnet->subnet where the vm is attached has access on the storage account networking blade?

#20.11.2022

Test Robocopy and verify update to the storage account

Now we want to cp the files from c\Scrips\Data to the share Z:\ and also create a folder.

When we are done with that we want to view the files in portal.

cp files

cp files and make dir

view in portal testit3straccount->File Shares->qsfileshare

For IAM: Azure AD enable Identity-based autenthication for user, f_key etc

There is also an HTTPS endpoint for the account

https://testit3straccount.file.core.windows.net/qsfileshare

Test restart VM and share/file persistent as in script:

# […]
# Mount the drive
New-PSDrive -Name Z -PSProvider FileSystem -Root “\\testit3straccount.file.core.windows.net\qsfileshare” -Persist

Login and verify

So we need to reconnect:

Use the shared access key:

And we are good to go

How to not reconnect on boot?

$connectTestResult = Test-NetConnection -ComputerName testit3straccount.file.core.windows.net -Port 445
if ($connectTestResult.TcpTestSucceeded) {
# Save the password so the drive will persist on reboot
cmd.exe /C “cmdkey /add:`”testit3straccount.file.core.windows.net`” /user:`”localhost\testit3straccount`” /pass:`”shared-access-key`””
# Mount the drive
New-PSDrive -Name Z -PSProvider FileSystem -Root “\\testit3straccount.file.core.windows.net\qsfileshare” -Persist
} else {
Write-Error -Message “Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port.”
}

But how to stop the manual task of reconnect?

How to delete a share

Press disconnect on share in vm, delete the share in the portal and regedit to delete the drive letter in explorer.

Mapped network drive is disconnected – Windows Server | Microsoft Docs

  1. In Registry Editor, locate the following registry subkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
  2. Right-click the mapped drive that you want to remove. For example, right-click ##Server_Name#Share_Name, and then click Delete.

Restart VM and the drive letter is gone

Now create the share again, upload a file, press connect and get the script.

On the vm run the script as admin, go to this pc->right click->Map network drive

And the share is back.

Reconnect and not give Shared access key every time:

NigelWhite-7905 avatar image NigelWhite-7905 ยท Jun 08 2020 at 9:11 PM
@ManuPhilip Thanks for this, however I think this shows attaching the storage share using the storage key rather than the authenticated user on the client machine. I think I need native AAD authentication which is apparently on the roadmap.

UPDATE 2022

REM NOTE: /sec /secfix could be problematic between Azure VM and Azure Storage Account File Share (but do you need them?), i.e access denied.
REM NOTE: Check if you can edit in the container with your user, mainly the security on a folder

Drives B and A is not good to use either, Use K for example

If you use a service or function user that will always be running on the VM and is the admin user of the share:

And enter the credentials

It could be that you dont see the share after restart or at all, maybe just drive K with a question marks, that is ok, just got the:

\\ <storageAccountName>.file.core.windows.net\<fileShareName>

If you are mounting for yourself and rights are in place, just press connect and you should be right in the share if you have proper access.

Scroll to Top