cancel
Showing results for 
Search instead for 
Did you mean: 

Azure file share port 445 blocked

FIXED
GavB
Dabbler
Posts: 11
Thanks: 5
Registered: ‎31-05-2022

Azure file share port 445 blocked

I recently changed jobs and my new company uses Windows Azure file share for network drives.  I tested it when I was staying near the office on BT Wifi (in the hotel) it worked fine but when I got home I connected the laptop to my LAN and the drives just would not connect.

I have been around the loop with both IT support and Plusnet support, the latter of which was unable to resolve the issue and suggested I try posting on here.

The issue is getting access to port 445 which is what Microsoft Azure uses for SMB traffic.

Plusnet tech support suggested checking my firewall settings in my account, this was already set to OFF.

I opened port 445 on my router, along with ports 500 and 4500, to no avail.  I put the laptop in the DMZ and exposed the host (so that my router firewall wasn't doing anything at all) which should open all ports, but still no joy.

After reading other articles on this forum I tried a disconnect of my router for 10-15 minutes to force an IP change, in case that was an issue, but it didn't help.

I have tried changing the DNS from the standard PlusNet DNS to both Google and Cloudflare (8.8.8.8 and 1.1.1.1) DNS to see if the DNS server was the issue, that didn't fix it.  The site can be resolved with the Plusnet DNS, I can do a traceroute and see it go through the Plusnet DNS to Microsoft, but because port 445 isn't open, it falls over.

 

If I hotspot my phone (with o2) I can connect no problem, but I have a data cap and this is not a good long term solution.

I tried (with permission) connecting to my neighbour's Sky broadband.  I was expecting to have to set up port forwarding but it just worked, though looking into the default Sky router there is no firewall enabled.

I'm at a loss as to what else I can try, so any help would be appreciated.

Note I am not using the Plusnet router, I have a Fritz!Box router.

26 REPLIES 26
MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: Azure file share port 445 blocked

Sounds like it could be a repeat of this problem https://community.plus.net/t5/Fibre-Broadband/Unable-to-access-any-Microsoft-sites/td-p/1771295/page...

After reading other articles on this forum I tried a disconnect of my router for 10-15 minutes to force an IP change, in case that was an issue, but it didn't help.

@GavB did your IP actually change ?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

GavB
Dabbler
Posts: 11
Thanks: 5
Registered: ‎31-05-2022

Re: Azure file share port 445 blocked

Yes that's the forum post I was alluding to.

Yes I got a new IP in a completely different range, but unfortunately it didn't fix the issue.

 

Thanks for your response @MisterW 

MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: Azure file share port 445 blocked

@GavB  I dont think this is a port issue, as you discovered when testing via the Sky connection, there should be no need to open ports. AFAICS your testing has just about eliminated it anyway.

My guess is that this is still an IP restriction, despite your having changed the IP. I'm not an Azure expert but searching on the net seems to imply that Azure access can be limited by both IP range and geolocation. If geolocation is being used in your case then its well known that some out of date geolocation databases erroneously locate some PlusNet IP ranges as not UK!

Can your IT support get any further information from logs as to why you cant connect ?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

GavB
Dabbler
Posts: 11
Thanks: 5
Registered: ‎31-05-2022

Re: Azure file share port 445 blocked

Thanks, I did wonder this which is why I changed the DNS and forced an IP change.

If you run $connectTestResult = Test-NetConnection -ComputerName "bpguksstorage.file.core.windows.net" -Port 445 in PowerShell it will tell you if the access is working or not, I'm currently on the Sky broadband and it works without giving me any issues (so no logs) but if I connect to my Plusnet broadband and do the same thing it times out:

WARNING: Name resolution of bpguksstorage.file.core.windows.net failed

I don't think it's a port issue either as running a port checker on port 445 shows it closed on Plunset but also closed when I hotspot my phone, yet when I hotpsot my phone it works, though my local IT support check if port 445 is open and when it's not they throw their hands up and say that it's not anything they can resolve from their end.  I think it's more likely what you suggested as other colleagues (with different ISPs) have been having similar issues so I imagine it's something wider.

MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: Azure file share port 445 blocked

@GavB That test works fine for me on my PlusNet connection

For info, I'm using the standard PlusNet Hub 2 router, my IP is in the 146.198.x.x subnet but I'm using the OpenDNS servers ( 208.67.222.222 & 208.67.220.220 ).

though my local IT support check if port 445 is open and when it's not they throw their hands up and say that it's not anything they can resolve from their end.

They obviously dont understand that opening ports is ONLY necessary for unsolicited incoming traffic.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

GavB
Dabbler
Posts: 11
Thanks: 5
Registered: ‎31-05-2022

Re: Azure file share port 445 blocked

Curioser and curioser, I'm on 51.9.x.x at the moment.

Champnet
Aspiring Hero
Posts: 2,587
Thanks: 971
Fixes: 11
Registered: ‎25-07-2007

Re: Azure file share port 445 blocked

@GavB That test works fine for me on my PlusNet connection

I'm using a Netgear router, and using the Plusnet DNS servers 212.159.6.10 & 212.159.6.9. 

I'm on a fixed IP 212.159.x.x address so it might be worth asking if they'll let you try one .

 

@MisterW  wrote: "They obviously dont understand that opening ports is ONLY necessary for unsolicited incoming traffic"

In a Corporate IT System the router has to have all the ports fully configured both incoming and outgoing, so either the IT contact didn't know that home / small business grade router ports have all outgoing ports open, or he/she  just forgot.......

GavB
Dabbler
Posts: 11
Thanks: 5
Registered: ‎31-05-2022

Re: Azure file share port 445 blocked

@Champnet thanks for that, I just had another dig around in the router settings to see if there was anything I missed but no joy.  I don't have a Plusnet router and don't really want one, I don't think that would change anything anyway so it's nice to know it works on a Netgear.  I have an old fibre modem and v4 HomeHub from BT I could try but I don't know if it will work given Plusnet uses actual login credentials and BT (at the time) didn't.

Yes perhaps a fixed/different IP would help, fixed would be better if that is the issue as I don't want to get a power cut and then I can't access anything because the DSL connection has dropped - which seemed to be what resolved it in the thread mentioned earlier.

MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: Azure file share port 445 blocked

@GavB  can you try the Test-NetConnection with the -InformationLevel "Detailed" parameter ?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Dan_the_Van
Aspiring Hero
Posts: 2,484
Thanks: 1,117
Fixes: 73
Registered: ‎25-06-2007

Re: Azure file share port 445 blocked

I've always found the 'telnet' and 'netstat' commands useful to test connections. telnet may need to be enabled on your PC

Using power shell or a cmd prompt

PS C:\> telnet "bpguksstorage.file.core.windows.net" 445

This should open up a window with no text.

In a second power shell or cmd prompt windows run netstat, you will need to look for the IP Address

C:\>netstat -n |findstr 51.141.129.72
TCP 192.168.10.113:50784 51.141.129.72:445 ESTABLISHED

netstat should indicate the attempted connection status being one of

CLOSE_WAIT
CLOSED
ESTABLISHED
FIN_WAIT_1
FIN_WAIT_2
LAST_ACK
LISTEN
SYN_RECEIVED
SYN_SEND
TIMED_WAIT

HTH 

Dan.

I have a static IP Address 80.229.nnn.nnn

Edit: using netstat and the command  Test-NetConnection -ComputerName "bpguksstorage.file.core.windows.net" -Port 445

gives this result

TCP    192.168.10.113:50963   51.141.129.72:445      TIME_WAIT

GavB
Dabbler
Posts: 11
Thanks: 5
Registered: ‎31-05-2022

Re: Azure file share port 445 blocked

I tried  $connectTestResult = Test-NetConnection -ComputerName "bpguksstorage.file.core.windows.net" -Port 445 -InformationLevel "Detailed"

but unfortunately I just got the same back:
WARNING: TCP connect to (51.141.129.72 : 445) failed
WARNING: Ping to 51.141.129.72 failed with status: TimedOut

Though running it again without the detailed I now get this:

ComputerName : bpguksstorage.file.core.windows.net
RemoteAddress : 51.141.129.72
RemotePort : 445
InterfaceAlias : Ethernet
SourceAddress : 192.168.1.123
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False

 

I don't have telnet but running netstat -n |findstr 51.141.129.72 I get the following:

TCP 192.168.1.123:56316 51.141.129.72:445 SYN_SENT

GavB
Dabbler
Posts: 11
Thanks: 5
Registered: ‎31-05-2022

Re: Azure file share port 445 blocked

Running netstat whilst running the Test-NetConnection in Powershell gave this:

 

TCP 192.168.1.123:56406 51.141.129.72:microsoft-ds SYN_SENT
TCP 192.168.1.123:56407 51.141.129.72:microsoft-ds SYN_SENT

MisterW
Superuser
Superuser
Posts: 14,575
Thanks: 5,411
Fixes: 385
Registered: ‎30-07-2007

Re: Azure file share port 445 blocked

but unfortunately I just got the same back:
WARNING: TCP connect to (51.141.129.72 : 445) failed
WARNING: Ping to 51.141.129.72 failed with status: TimedOut

but still useful. That implies that its been able to resolve the URL , in contradiction to its earlier error!

The TCP connect failure would be consistent with an IP block

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Dan_the_Van
Aspiring Hero
Posts: 2,484
Thanks: 1,117
Fixes: 73
Registered: ‎25-06-2007

Re: Azure file share port 445 blocked

A matter of interest does this work?

Test-NetConnection -ComputerName "bpguksstorage.file.core.windows.net" -Port 80

Might prove if it's a IP issue

Dan