Intermittent issues with SMB over QUIC (Server 2022 Datacenter Azure Edition)
Hi, we're trying to implement SMB over QUIC using a Windows 2022 server syncing with an Azure File Share. This seems to work fine in the first place - when we bring up the server and map the drive on a client, we can connect and everything is good. However: After a while, clients lose connection ("the network share is no longer available") When mapping the drive as persistent, in many cases it does not work after reboot (but after disconnecting it and mapping it again) Sometimes it works again after restarting the client's "workstation" service Sometimes it works again after restarting the server's "lanmanserver" service Sometimes it requires server reboot to work again Sometimes it requires client reboot to work again It behaves similarly from both the internal network (using the server's internal IP) as well as the Internet (using the server's public IP). Per WAC everything seems configured correctly: KDC proxy is enabled and configured and known to clients: Regularly (apparently on every connection attempt, but also if nothing is connected), server logs a QUIC error with its own IP: "This event commonly occurs because the server certificate mapping is not created", but the certificate mapping seems fine: Screenshot from the client (services.msc was used to restart the workstation service): Does anybody have an idea what could be wrong, or which logs to check, or which events to collect?API Management Policy to perform Azure Storage File Shares operations
API Management Policy to perform Azure Storage File Shares operations We can use APIM policy to perform operations like create, update, delete and get on Azure Storage File Shares. To do this, we need to insert an inbound policy to the API operation configurations in Design mode. Steps to add inbound policy to create a file in File Shares – Go to the API Management Service, select APIs from APIs blade. Then select any of your API from the ALL APIs list. This will populate the related API Operations. Select POST (create Resource) from the API operations list like referred in the screenshot below- Click on the </> sign to enter Edit mode and insert the new policy like in the below screenshot. Copy the below policy definition and paste in between the <inbound ></inbound> tags. Update the highlighted values with your Storage account details and save. Please make sure all the required headers are in the same format as below. <inbound> <base /> <!-- Initialize context variables with property values. --> <set-variable name="storageAccount" value="NameOfYourStorageAccount" /> <set-variable name="x-request-body" value="@(context.Request.Body.As<string>())" /> <set-variable name="x-request-body-length" value="@{ return (string)context.Request.Headers.GetValueOrDefault("Content-Length","0"); }" /> <send-request mode="new" response-variable-name="tokenstate" timeout="2" ignore-error="true"> <set-url>@{ return string.Format("https://{0}.file.core.windows.net/NamOfYourFileShares/FileNamewithextension?SASToken ",(string)context.Variables["storageAccount"]); }</set-url> <set-method>PUT</set-method> <set-header name="x-ms-type" exists-action="override"> <value>file</value> </set-header> <set-header name="x-ms-file-permission" exists-action="override"> <value>inherit</value> </set-header> <set-header name="x-ms-file-attributes" exists-action="override"> <value>none</value> </set-header> <set-header name="x-ms-file-creation-time" exists-action="override"> <value>now</value> </set-header> <set-header name="x-ms-file-last-write-time" exists-action="override"> <value>now</value> </set-header> <set-header name="x-ms-content-length" exists-action="override"> <value>65336</value> </set-header> </send-request> </inbound> After saving the policy, go to the Test tab of API. Select that updated API operation and click on send. If all the updated parameters are authenticated, you will receive 200 OK and the trace will show 201 (Created) response code. The new created file can be viewed in the File Shares – In case, we want to do the error handling we can add the on-error section to track the error responses as well. We need to add this block after outbound closing tag. This will give use information about the related errors. Reference link for APIM error handling- https://docs.microsoft.com/en-us/azure/api-management/api-management-error-handling-policies <on-error> <set-header name="ErrorSource" exists-action="override"> <value>@(context.LastError.Source)</value> </set-header> <set-header name="ErrorReason" exists-action="override"> <value>@(context.LastError.Reason)</value> </set-header> <set-header name="ErrorMessage" exists-action="override"> <value>@(context.LastError.Message)</value> </set-header> <set-header name="ErrorScope" exists-action="override"> <value>@(context.LastError.Scope)</value> </set-header> <set-header name="ErrorSection" exists-action="override"> <value>@(context.LastError.Section)</value> </set-header> <set-header name="ErrorPath" exists-action="override"> <value>@(context.LastError.Path)</value> </set-header> <set-header name="ErrorPolicyId" exists-action="override"> <value>@(context.LastError.PolicyId)</value> </set-header> <set-header name="ErrorStatusCode" exists-action="override"> <value>@(context.Response.StatusCode.ToString())</value> </set-header> <base /> </on-error> Similarly, we can perform other operations like update and get by updating the required headers into the policy. Reference link for File Share operation APIs - https://docs.microsoft.com/en-us/rest/api/storageservices/operations-on-files
