Intermittent issues with SMB over QUIC (Server 2022 Datacenter Azure Edition)

Brass Contributor

Hi, we're trying to implement SMB over QUIC using a Windows 2022 server syncing with an Azure File Share. This seems to work fine in the first place - when we bring up the server and map the drive on a client, we can connect and everything is good. However:

 

  • After a while, clients lose connection ("the network share is no longer available")
  • When mapping the drive as persistent, in many cases it does not work after reboot (but after disconnecting it and mapping it again)
  • Sometimes it works again after restarting the client's "workstation" service
  • Sometimes it works again after restarting the server's "lanmanserver" service
  • Sometimes it requires server reboot to work again
  • Sometimes it requires client reboot to work again

It behaves similarly from both the internal network (using the server's internal IP) as well as the Internet (using the server's public IP).

 

Per WAC everything seems configured correctly:

svhelden_0-1702367963514.png

 

KDC proxy is enabled and configured and known to clients:svhelden_3-1702368277643.png

 

Regularly (apparently on every connection attempt, but also if nothing is connected), server logs a QUIC error with its own IP:

svhelden_1-1702368073803.png

 

"This event commonly occurs because the server certificate mapping is not created", but the certificate mapping seems fine:

svhelden_2-1702368136751.png

 

Screenshot from the client (services.msc was used to restart the workstation service):

svhelden_0-1702368584102.png

 

Does anybody have an idea what could be wrong, or which logs to check, or which events to collect?

1 Reply

Does anyone have an idea? Already verified few more things:

 

  • Certificate (used for both, QUIC and KDC proxy) is from corporate CA and trusted by the clients
  • Ports are open (clients can reach tcp/443 and udp/443)
  • SMB signing is not required on client side
  • Group Policy for KDC proxy includes all UPN suffixes

Still, connections stop with "The specified network name is no longer available" after a while or after reboot. Then unmapping/mapping, or restarting workstation service bring it back. Reboot usually does NOT with the drive persistently mapped. Rebooting without the drive mapped, and then mapping it after reboot does usually work.