cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Files/File Sync and Private Endpoints

nlobass
Copper Contributor

‎Nov 04 2020 12:38 AM - edited ‎Nov 04 2020 12:52 AM

‎Nov 04 2020 12:38 AM - edited ‎Nov 04 2020 12:52 AM

Azure Files/File Sync and Private Endpoints

Hello,

 

I have problems setting up Azure file sync with private endpoints that I can't find any details on. 

 

I have a very simple subnet azure network with site to site VPN. There is a DNS server deployed in Azure and I'm using Private DNS as per the recommended setup.

 

Problem 1

Azure Files with private endpoint.

 

File Sync can not see or access the shares on the Storage account when private endpoint is created for the storage account. It works fine without a private endpoint.

This is still the case when the firewall is set to All networks,

 

Problem 2

Azure File Sync with private endpoint

My on-prem server cannot communicate with the File Sync service across site to site VPN when it is set up with a private endpoint 

DNS is correct and working

The network tests fail with the following 

Discovery service connectivity result:
Result: Fail. Error: A task was canceled.
HostUri: https://xxxx.afs.azure.net:443

Management service connectivity result:
Result: Fail. Error: A task was canceled.
HostUri: https://xxxx.afs.azure.net:443

Monitoring service connectivity result:
Result: No response from monitoring agent process.
HostUri: unknown

 

I can confirm that I can access those address on port 443 and receive a response from Telnet, so DNS and firewalls etc are fine.

 

Again File Sync works fine before Private Endpoints are introduced.

 

There seem to be a lot of articles saying this is possible and supported but no documentation detailing setting these up with private endpoints. I feel like I'm missing something!!!

4,721 Views
0 Likes
1 Reply
Reply
1 Reply
Command0r

‎Nov 06 2020 04:52 AM

‎Nov 06 2020 04:52 AM

Re: Azure Files/File Sync and Private Endpoints

@nlobass, it sounds like a disconnect somewhere in between. In order for connections to your storage account to go over your network tunnel, the fully qualified domain name (FQDN) of your storage account must resolve to your private endpoint's private IP address. To complete the configuration, you must forward the storage endpoint suffix to the Azure private DNS service accessible from within your virtual network.

More about that here.

Then do another test with:

nslookup <storage-account-name>.file.core.windows.net

It must properly resolve.

0 Likes
Reply