I have set up an Azure Files share with Azure AD Kerberos as the authentication source.
I get the error below when running the connection script (Active Directory authentication) on an end user's PC.
The PC is Azure AD-joined, with the user logging in with an Azure AD account.
Users need to be able to access the Azure Files share when they are not on the local domain.
New-PSDrive : The system cannot contact a domain controller to service the authentication request. Please try again later
At C:\Users\testuser\Desktop\connect-files-share.ps1:4 char:5 +
New-PSDrive -Name Z -PSProvider FileSystem -Root "\storage ... ++ CategoryInfo : InvalidOperation: (Z:PSDriveInfo) [New-PSDrive], Win32Exception + FullyQualifiedErrorId : CouldNotMapNetworkDrive,Microsoft.PowerShell.Commands.NewPSDriveCommand
The Azure website states: "Azure AD Kerberos authentication allows users to connect to Azure Files over the internet without requiring a line-of-sight to domain controllers."
This article resolved the issue (creating the registry key):
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal#configure-the-clients-to-retrieve-kerberos-tickets