none
Mapping Azure Files share with home ISP and VPN to Azure: Port 445 Filtered

    Question

  • Question on Cause 2: Port 445 is blocked- Alternate Solution 


    I know my home ISP AT&T blocks the port 445. I created a VPN (West Coast location) in the new Azure portal and connected to it, and tried to port query to a data storage in Central US but am getting the same port filter issue on the Azure network. I thought this would be a work-around in trying to do this at home to access my data storage. So an Azure VPN does not allow access via port 445? Any meaningful help would be appreciated.

    Reference Documentation Link: Troubleshoot Azure Files problems in Windows 

    Friday, December 1, 2017 5:26 PM

All replies

  • Work with your IT department to open port 445 outbound to Azure IP ranges.

    If your ISP could not help you open this port, you may refer the MSDN thread, which addressing similar issue.

    -----------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Friday, December 1, 2017 8:01 PM
    Moderator
  • I guarantee the ISP will not open the port because they would have to do it for everyone else. This was not a meaningful response. 

    I am connecting from my local ISP into an Azure Virtual Network through an Azure VPN. Why would this port be blocked on my Azure Virtual Network?

    • Edited by Kathleen W Saturday, December 2, 2017 1:54 AM
    Friday, December 1, 2017 8:27 PM
  • Hi Kathleen, 

    It is recommended that you first work with your IP as per the documentation. 

    If they do not/ will no open the port you could attempt the mitigation suggested in the link Pradeep provided setting up a Windows Server 2012 machine as a SSFTP. This route appears to have gotten that customer access:

    https://blogs.msdn.microsoft.com/notime/2013/06/01/how-to-setup-windows-azure-server-2012-as-an-sstp-and-l2tp-vpn-provider/ 

    I will continue to look into other options and let you know if I find any plausible workarounds. 

    -Micah

    Friday, December 1, 2017 9:37 PM
    Moderator
  • Few thoughts:

    Why do you think azure storage uses port 445?

    It appears to be using port 443 like any other secure website. ie: https://azure6.file.core.windows.net/  PRIMARY FILE SERVICE ENDPOINT

    Next:

    Your storage has a place to configure to Firewall and Access:  Firewalls and virtual networks

    Maybe you have an internal azure firewall blocking your access while connected to the VPN.

    Does this help?

    Cheers

    Friday, December 1, 2017 10:52 PM
  • I am connecting from my local ISP into an Azure Virtual Network through an Azure VPN. Why would this port be blocked on my Azure Virtual Network?
    Saturday, December 2, 2017 1:53 AM
  • Its just an idea

    https://azure.microsoft.com/en-ca/blog/announcing-preview-of-azure-storage-firewalls-and-virtual-networks/

    https://azure.microsoft.com/en-ca/blog/announcing-A-of-azure-storage-firewalls-and-virtual-networks/


    Saturday, December 2, 2017 4:43 AM
  • I'll take a look at that. I notice my classic storage account does not have Firewalls and virtual networks... option under settings but the new portal storage account does have that option. Ill tinker around with the new storage account and settings this weekend and update. Thanks for the idea! 

    Saturday, December 2, 2017 2:41 PM
  • Ok, I did some experimenting. Nothing worked. No solutions here!!

    I connected to my VPN

    PPP adapter kw-myRemoteVirtualNetwork:

       Connection-specific DNS Suffix  . :
       IPv4 Address. . . . . . . . . . . : 172.16.201.2
       Subnet Mask . . . . . . . . . . . : 255.255.255.255
       Default Gateway . . . . . . . . . :

    Then I created 

    Classic Storage: No Virtual Network or Firewall option available

    New Portal Storage: 

    Type A: Created in the same region and with setup to the network. Access set to only my VPN

    Type B: Created new Portal Storage - Access to all networks.

    Results:

    In all 3 cases my port query command was filtered which means I still cannot mount my windows drive to the Azure storage.

    C:\PortQryV2>PortQry.exe -n kwgeneralstorage.file.core.windows.net -p TCP -e 445

    Querying target system called:

     kwgeneralstorage.file.core.windows.net

    Attempting to resolve name to IP address...


    Name resolved to 52.239.177.72

    querying...

    TCP port 445 (microsoft-ds service): FILTERED

    C:\PortQryV2>PortQry.exe -n kwgeneralstoragermlocal.file.core.windows.net -p TCP -e 445

    Querying target system called:

     kwgeneralstoragermlocal.file.core.windows.net

    Attempting to resolve name to IP address...


    Name resolved to 52.239.161.40

    querying...

    TCP port 445 (microsoft-ds service): FILTERED

    C:\PortQryV2>PortQry.exe -n kwmyazuretrainingreso990.file.core.windows.net -p TCP -e 445

    Querying target system called:

     kwmyazuretrainingreso990.file.core.windows.net

    Attempting to resolve name to IP address...


    Name resolved to 52.230.240.76

    querying...

    TCP port 445 (microsoft-ds service): FILTERED
    • Edited by Kathleen W Saturday, December 2, 2017 3:12 PM
    Saturday, December 2, 2017 3:10 PM
  • Hi Kathleen, 

    Any update on this? I am curious to see if you found a work around or a way to fixing this. 

    -Micah

    Wednesday, January 3, 2018 9:35 PM
    Moderator
  • I am on Comcast (aka xfinity) and port 445 is blocked.  So I can't map a drive letter from windows 10 using the normal simple method.  However, I accidentally got it to work using this procedure:

    1) Created a ubuntu 16.04 server VM in azure using the minimum size allowed by Azure (this is very cheap to run)

    2) Installed OpenVPN server on the ubuntu server and OpenVPN client on Windows 10.  For the procedure, search for "How To Set Up an OpenVPN Server on Ubuntu 16.04".

    3) Connected to the VPN

    4) The windows drive letter now maps fine.

    I'm not saying this is a good solution, or an easy solution.  It takes a lot of time to get the OpenVPN server up and running.  I'm sure there must be a better way.  But I needed the OpenVPN server for another reason anyway.  So it's an OK solution for me for now.

    David N

    Wednesday, June 6, 2018 9:27 PM