Question
Why should NetBios filtering impact SMB3 / the ability to connect to port 445?
Context
Some users (including myself) were having issues accessing file shares hosted in Azure Files from their home connections, receiving the below error.
Windows cannot access \myStorageAccount.file.core.windows.net\my-share\
Check the spelling of the name. Otherwise, there might be a problem with your network. To try to identify and resolve network problems, click Diagnose.
Error code: 0x80070035
The network path was not found
Running an online port test against myStorageAccount.file.core.windows.net
showed port 445 as open.
Running Test-NetConnection -ComputerName 'myStorageAccountName.file.core.windows.net' -port 445
from my local machine would fail; despite my local device's firewall software not blocking the connection.
Eventually I found the cause to be the NetBios filter
on my router; with this enabled, connections to port 445 on Azure Files shares failed; with it disabled all worked.
My router's documentation also mentions that this filter impacts SMB:
NetBIOS filter enabled
For security reasons, the NetBIOS filter in the FRITZ!Box is on by default. It blocks NetBIOS packets, which are usually not required for communication in the internet. Disable this filter only if you are using applications that have to exchange NetBIOS packets with the internet. This is the case, for instance, for SMB access to the Strato HiDrive.
I'm unsure if this is down to some bug in the router's filter logic, or if there is something more going on.
Should it be relevant, we have RBAC filtering enabled (e.g. my account has the Storage File Data SMB Share Elevated Contributor
role assigned), and have AD ACLS enabled on our file share (as described in this John Savill video)... though I would assume that those shouldn't come into play for the simple port test?