在 Windows 中排查 Azure 文件存储问题 (SMB)Troubleshoot Azure Files problems in Windows (SMB)

本文列出了从 Windows 客户端连接时与 Azure 文件相关的常见问题,This article lists common problems that are related to Azure Files when you connect from Windows clients. 并提供了这些问题的可能原因和解决方法。It also provides possible causes and resolutions for these problems. 除了本文中的疑难解答步骤之外,还可以使用 AzFileDiagnostics,以确保 Windows 客户端环境满足正确的先决条件。In addition to the troubleshooting steps in this article, you can also use AzFileDiagnostics to ensure that the Windows client environment has correct prerequisites. AzFileDiagnostics 会自动检测本文中提及的大多数症状,并帮助设置环境,以实现最佳性能。AzFileDiagnostics automates detection of most of the symptoms mentioned in this article and helps set up your environment to get optimal performance.

装载 Azure 文件共享时出现错误 5Error 5 when you mount an Azure file share

尝试装载文件共享时,可能会收到以下错误:When you try to mount a file share, you might receive the following error:

  • 发生系统错误 5。System error 5 has occurred. 访问被拒绝。Access is denied.

原因 1:通信通道未加密Cause 1: Unencrypted communication channel

出于安全原因,如果信道未加密,且未从 Azure 文件共享所在的数据中心尝试连接,则到 Azure 文件共享的连接将受阻。For security reasons, connections to Azure file shares are blocked if the communication channel isn't encrypted and if the connection attempt isn't made from the same datacenter where the Azure file shares reside. 如果在存储帐户中启用需要安全传输设置,则还可以阻止同一数据中心中未加密的连接。Unencrypted connections within the same datacenter can also be blocked if the Secure transfer required setting is enabled on the storage account. 仅当用户的客户端 OS 支持 SMB 加密时,才提供加密的信道。An encrypted communication channel is provided only if the user's client OS supports SMB encryption.

Windows 8、Windows Server 2012 及更高版本的每个系统协商包括支持加密的 SMB 3.0 的请求。Windows 8, Windows Server 2012, and later versions of each system negotiate requests that include SMB 3.0, which supports encryption.

原因 1 的解决方案Solution for cause 1

  1. 从支持 SMB 加密的客户端(Windows 8、Windows Server 2012 或更高版本)进行连接,或者从用于 Azure 文件共享的 Azure 存储帐户所在数据中心内的虚拟机进行连接。Connect from a client that supports SMB encryption (Windows 8, Windows Server 2012 or later) or connect from a virtual machine in the same datacenter as the Azure storage account that is used for the Azure file share.
  2. 如果客户端不支持 SMB 加密,请验证是否已在存储帐户上禁用需要安全传输设置。Verify the Secure transfer required setting is disabled on the storage account if the client does not support SMB encryption.

原因 2:在存储帐户上启用了虚拟网络或防火墙规则Cause 2: Virtual network or firewall rules are enabled on the storage account

如果在存储帐户上配置了虚拟网络 (VNET) 和防火墙规则,则将拒绝访问网络流量,除非允许客户端 IP 地址或虚拟网络访问。If virtual network (VNET) and firewall rules are configured on the storage account, network traffic will be denied access unless the client IP address or virtual network is allowed access.

原因 2 的解决方案Solution for cause 2

验证是否已在存储帐户上正确配置虚拟网络和防火墙规则。Verify virtual network and firewall rules are configured properly on the storage account. 若要测试虚拟网络或防火墙规则是否导致此问题,请将存储帐户上的设置临时更改为“允许来自所有网络的访问”。To test if virtual network or firewall rules is causing the issue, temporarily change the setting on the storage account to Allow access from all networks. 若要了解详细信息,请参阅配置 Azure 存储防火墙和虚拟网络To learn more, see Configure Azure Storage firewalls and virtual networks.

尝试装载或卸载 Azure 文件共享时发生错误 53、错误 67 或错误 87Error 53, Error 67, or Error 87 when you mount or unmount an Azure file share

尝试从本地或其他数据中心装载文件共享时,可能会看到以下错误消息:When you try to mount a file share from on-premises or from a different datacenter, you might receive the following errors:

  • 发生系统错误 53。System error 53 has occurred. 找不到网络路径。The network path was not found.
  • 发生系统错误 67。System error 67 has occurred. 找不到网络名称。The network name cannot be found.
  • 发生系统错误 87。System error 87 has occurred. 参数不正确。The parameter is incorrect.

原因 1:端口 445 被阻止Cause 1: Port 445 is blocked

如果端口 445 到 Azure 文件数据中心的出站通信受阻,可能会发生系统错误 53 或 67。System error 53 or system error 67 can occur if port 445 outbound communication to an Azure Files datacenter is blocked. 如需大致了解允许或禁止从端口 445 进行访问的 ISP,请访问 TechNetTo see the summary of ISPs that allow or disallow access from port 445, go to TechNet.

若要检查防火墙或 ISP 是否阻止端口 445,请使用 AzFileDiagnostics 工具或 Test-NetConnection cmdlet。To check if your firewall or ISP is blocking port 445, use the AzFileDiagnostics tool or Test-NetConnection cmdlet.

若要使用 Test-NetConnection cmdlet,则必须安装 Azure PowerShell 模块。有关详细信息,请参阅安装 Azure PowerShell 模块To use the Test-NetConnection cmdlet, the Azure PowerShell module must be installed, see Install Azure PowerShell module for more information. 记得将 <your-storage-account-name><your-resource-group-name> 替换为存储帐户的相应名称。Remember to replace <your-storage-account-name> and <your-resource-group-name> with the relevant names for your storage account.

$resourceGroupName = "<your-resource-group-name>"
$storageAccountName = "<your-storage-account-name>"

# This command requires you to be logged into your Azure account, run Login-AzAccount -Environment AzureChinaCloud if you haven't
# already logged in.
$storageAccount = Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName

# The ComputerName, or host, is <storage-account>.file.core.chinacloudapi.cn for Azure China Regions.
Test-NetConnection -ComputerName ([System.Uri]::new($storageAccount.Context.FileEndPoint).Host) -Port 445

如果连接成功,则会看到以下输出:If the connection was successful, you should see the following output:

ComputerName     : <your-storage-account-name>
RemoteAddress    : <storage-account-ip-address>
RemotePort       : 445
InterfaceAlias   : <your-network-interface>
SourceAddress    : <your-ip-address>
TcpTestSucceeded : True


以上命令返回存储帐户的当前 IP 地址。The above command returns the current IP address of the storage account. 此 IP 地址不一定保持不变,可能会随时更改。This IP address is not guaranteed to remain the same, and may change at any time. 请勿将此 IP 地址硬编码到任何脚本中或某个防火墙配置中。Do not hardcode this IP address into any scripts, or into a firewall configuration.

原因 1 的解决方案Solution for cause 1

解决方案 1 - 在 ISP/IT 管理员的帮助下取消阻止端口 445Solution 1 - Unblock port 445 with help of your ISP/IT Admin

与 IT 部门或 ISP 配合,向 Azure IP 范围开放端口 445 出站通信。Work with your IT department or ISP to open port 445 outbound to Azure IP ranges.

解决方案 2 - 使用基于 REST API 的工具,例如存储资源管理器/PowershellSolution 2 - Use REST API based tools like Storage Explorer/Powershell

除了 SMB,Azure 文件存储还支持 REST。Azure Files also supports REST in addition to SMB. REST 访问通过端口 443(标准 TCP)工作。REST access works over port 443 (standard tcp). 使用 REST API 编写的各种工具可实现丰富的 UI 体验。There are various tools that are written using REST API which enable rich UI experience. 存储资源管理器是其中之一。Storage Explorer is one of them. 下载并安装存储资源管理器,然后连接到 Azure 文件支持的文件共享。Download and Install Storage Explorer and connect to your file share backed by Azure Files. 也可使用 PowerShell,此工具也使用 REST API。You can also use PowerShell which also user REST API.

原因 2:NTLMv1 已启用Cause 2: NTLMv1 is enabled

如果客户端上已启用 NTLMv1 通信,可能会出现系统错误 53 或 87。System error 53 or system error 87 can occur if NTLMv1 communication is enabled on the client. Azure 文件仅支持 NTLMv2 身份验证。Azure Files supports only NTLMv2 authentication. 启用 NTLMv1 将创建安全级别较低的客户端。Having NTLMv1 enabled creates a less-secure client. 因此,Azure 文件的通信受阻。Therefore, communication is blocked for Azure Files.

若要确定错误是否由此造成,请验证以下注册表子项的值是否设置为 3:To determine whether this is the cause of the error, verify that the following registry subkey is set to a value of 3:

HKLM\SYSTEM\CurrentControlSet\Control\Lsa > LmCompatibilityLevelHKLM\SYSTEM\CurrentControlSet\Control\Lsa > LmCompatibilityLevel

有关详细信息,请参阅 TechNet 上的 LmCompatibilityLevel 主题。For more information, see the LmCompatibilityLevel topic on TechNet.

原因 2 的解决方案Solution for cause 2

在以下注册表子项中,将 LmCompatibilityLevel 值还原为默认值 3:Revert the LmCompatibilityLevel value to the default value of 3 in the following registry subkey:


错误 1816 - 处理此命令的配额不够Error 1816 - Not enough quota is available to process this command


达到并发开放句柄数的上限时,会发生错误 1816。这些句柄是为 Azure 文件共享上的文件或目录启用的。Error 1816 happens when you reach the upper limit of concurrent open handles that are allowed for a file or directory on the Azure file share. 有关详细信息,请参阅 Azure 文件规模目标For more information, see Azure Files scale targets.


关闭一些句柄,减少并发打开句柄的数量,再重试。Reduce the number of concurrent open handles by closing some handles, and then retry. 有关详细信息,请参阅 Azure 存储性能和可伸缩性核对清单For more information, see Azure Storage performance and scalability checklist.

若要查看文件共享、目录或文件的打开句柄,请使用 Get-AzStorageFileHandle PowerShell cmdlet。To view open handles for a file share, directory or file, use the Get-AzStorageFileHandle PowerShell cmdlet.

若要关闭文件共享、目录或文件的打开句柄,请使用 Close-AzStorageFileHandle PowerShell cmdlet。To close open handles for a file share, directory or file, use the Close-AzStorageFileHandle PowerShell cmdlet.


Get-AzStorageFileHandle 和 Close-AzStorageFileHandle cmdlet 包括在 Az PowerShell 模块 2.4 或更高版本中。The Get-AzStorageFileHandle and Close-AzStorageFileHandle cmdlets are included in Az PowerShell module version 2.4 or later. 若要安装最新 Az PowerShell 模块,请参阅安装 Azure PowerShell 模块To install the latest Az PowerShell module, see Install the Azure PowerShell module.

尝试访问或删除 Azure 文件共享时出现错误“无访问权限”Error "No access" when you try to access or delete an Azure File Share

尝试访问或删除门户中的 Azure 文件共享时,可能会收到以下错误:When you try to access or delete an Azure file share in the portal, you may receive the following error:

无访问权限No access
错误代码:403Error code: 403

原因 1:在存储帐户上启用了虚拟网络或防火墙规则Cause 1: Virtual network or firewall rules are enabled on the storage account

原因 1 的解决方案Solution for cause 1

验证是否已在存储帐户上正确配置虚拟网络和防火墙规则。Verify virtual network and firewall rules are configured properly on the storage account. 若要测试虚拟网络或防火墙规则是否导致此问题,请将存储帐户上的设置临时更改为“允许来自所有网络的访问”。To test if virtual network or firewall rules is causing the issue, temporarily change the setting on the storage account to Allow access from all networks. 若要了解详细信息,请参阅配置 Azure 存储防火墙和虚拟网络To learn more, see Configure Azure Storage firewalls and virtual networks.

原因 2:你的用户帐户无权访问该存储帐户Cause 2: Your user account does not have access to the storage account

原因 2 的解决方案Solution for cause 2

浏览到Azure文件共享所在的存储帐户,单击“访问控制(IAM)”,确保你的用户帐户有权访问该存储帐户。Browse to the storage account where the Azure file share is located, click Access control (IAM) and verify your user account has access to the storage account. 若要了解详细信息,请参阅如何使用 Azure 基于角色的访问控制 (Azure RBAC) 来保护存储帐户To learn more, see How to secure your storage account with Azure role-based access control (Azure RBAC).

无法删除 Azure 文件共享中的文件或目录Unable to delete a file or directory in an Azure file share

文件共享的主要目的之一是,多个用户和应用程序可以同时与该共享中的文件和目录进行交互。One of the key purposes of a file share is that multiple users and applications may simultaneously interact with files and directories in the share. 为了帮助进行此交互,文件共享提供了几种对文件和目录访问进行协调的方式。To assist with this interaction, file shares provide several ways of mediating access to files and directories.

通过 SMB 从已装载的 Azure 文件共享打开文件时,应用程序/操作系统会请求文件句柄,该句柄是对文件的引用。When you open a file from a mounted Azure file share over SMB, your application/operating system request a file handle, which is a reference to the file. 除了别的之外,你的应用程序会在请求文件句柄时指定文件共享模式,该模式指定你对文件的访问的独占性级别(由 Azure 文件存储强制实施):Among other things, your application specifies a file sharing mode when it requests a file handle, which specifies the level of exclusivity of your access to the file enforced by Azure Files:

  • None:你具有独占访问权限。None: you have exclusive access.
  • Read:在你打开文件时,其他人可以读取该文件。Read: others may read the file while you have it open.
  • Write:在你打开文件时,其他人可以写入到该文件。Write: others may write to the file while you have it open.
  • ReadWriteReadWrite 共享模式的组合。ReadWrite: a combination of both the Read and Write sharing modes.
  • Delete:在你打开文件时,其他人可以删除该文件。Delete: others may delete the file while you have it open.

尽管作为无状态协议,FileREST 协议没有文件句柄的概念,但它确实提供了类似的机制来协调对你的脚本、应用程序或服务可能会使用的文件和文件夹的访问:文件租约。Although as a stateless protocol, the FileREST protocol does not have a concept of file handles, it does provide a similar mechanism to mediate access to files and folders that your script, application, or service may use: file leases. 当文件被租用时,会将其视为等效于文件共享模式为 None 的文件句柄。When a file is leased, it is treated as equivalent to a file handle with a file sharing mode of None.

尽管文件句柄和租约的作用很重要,但有时文件句柄和租约可能会被孤立。Although file handles and leases serve an important purpose, sometimes file handles and leases may be orphaned. 发生这种情况时,可能会导致修改或删除文件时出现问题。When this happens, this can cause problems modifying or deleting files. 你可能会看到类似于以下内容的错误消息:You may see error messages like:

  • 进程无法访问该文件,因为它正在被另一个进程使用。The process cannot access the file because it is being used by another process.
  • 操作无法完成,因为此文件已在其他程序中打开。The action can't be completed because the file is open in another program.
  • 该文档已由另一个用户锁定以进行编辑。The document is locked for editing by another user.
  • SMB 客户端已将指定的资源标记为要删除。The specified resource is marked for deletion by an SMB client.

此问题的解决方法取决于这种情况是由孤立的文件句柄还是由孤立的文件租约所导致。The resolution to this issue depends on whether this is being caused by an orphaned file handle or lease.

原因 1Cause 1

文件句柄正在阻止修改或删除文件/目录。A file handle is preventing a file/directory from being modified or deleted. 可以使用 Get-AzStorageFileHandle PowerShell cmdlet 查看打开的句柄。You can use the Get-AzStorageFileHandle PowerShell cmdlet to view open handles.

如果所有 SMB 客户端均已关闭其在某个文件/目录上打开的句柄,并且问题仍然存在,那么你可以强制关闭文件句柄。If all SMB clients have closed their open handles on a file/directory and the issue continues to occur, you can force close a file handle.

解决方案 1Solution 1

若要强制文件句柄关闭,请使用 Close-AzStorageFileHandle PowerShell cmdlet。To force a file handle to be closed, use the Close-AzStorageFileHandle PowerShell cmdlet.


Get-AzStorageFileHandle 和 Close-AzStorageFileHandle cmdlet 包括在 Az PowerShell 模块 2.4 或更高版本中。The Get-AzStorageFileHandle and Close-AzStorageFileHandle cmdlets are included in Az PowerShell module version 2.4 or later. 若要安装最新 Az PowerShell 模块,请参阅安装 Azure PowerShell 模块To install the latest Az PowerShell module, see Install the Azure PowerShell module.

原因 2Cause 2

文件租约正在阻止修改或删除文件。A file lease is prevent a file from being modified or deleted. 你可以使用以下 PowerShell 检查文件是否具有文件租约(将 <resource-group><storage-account><file-share><path-to-file> 替换为适用于你的环境的值):You can check if a file has a file lease with the following PowerShell, replacing <resource-group>, <storage-account>, <file-share>, and <path-to-file> with the appropriate values for your environment:

# Set variables 
$resourceGroupName = "<resource-group>"
$storageAccountName = "<storage-account>"
$fileShareName = "<file-share>"
$fileForLease = "<path-to-file>"

# Get reference to storage account
$storageAccount = Get-AzStorageAccount `
        -ResourceGroupName $resourceGroupName `
        -Name $storageAccountName

# Get reference to file
$file = Get-AzStorageFile `
        -Context $storageAccount.Context `
        -ShareName $fileShareName `
        -Path $fileForLease

$fileClient = $file.ShareFileClient

# Check if the file has a file lease

如果文件具有租约,则返回的对象应包含以下属性:If a file has a lease, the returned object should contain the following properties:

LeaseDuration         : Infinite
LeaseState            : Leased
LeaseStatus           : Locked

解决方案 2Solution 2

若要从文件删除租约,可以释放租约或中断租约。To remove a lease from a file, you can release the lease or break the lease. 若要释放租约,你需要该租约的 LeaseId,这是在创建租约时设置的。To release the lease, you need the LeaseId of the lease, which you set when you create the lease. 无需 LeaseId 即可中断租约。You do not need the LeaseId to break the lease.

下面的示例演示如何为“原因 2”中所示的文件中断租约(此示例将使用“原因 2”中的 PowerShell 变量继续):The following example shows how to break the lease for the file indicated in cause 2 (this example continues with the PowerShell variables from cause 2):

$leaseClient = [Azure.Storage.Files.Shares.Specialized.ShareLeaseClient]::new($fileClient)
$leaseClient.Break() | Out-Null

在 Windows 中将文件复制到 Azure 文件以及从中复制文件时速度缓慢Slow file copying to and from Azure Files in Windows

尝试将文件传输到 Azure 文件服务时,可能会发现速度缓慢。You might see slow performance when you try to transfer files to the Azure File service.

  • 如果你没有特定的 I/O 大小下限要求,我们建议使用 1 MiB 的 I/O 大小以获得最佳性能。If you don't have a specific minimum I/O size requirement, we recommend that you use 1 MiB as the I/O size for optimal performance.
  • 如果知道通过写入要扩展的最终文件大小,并且软件在文件的未写入结尾包含零时未出现兼容性问题,请提前设置文件大小,而不是让每次写入都成为扩展写入。If you know the final size of a file that you are extending with writes, and your software doesn't have compatibility problems when the unwritten tail on the file contains zeros, then set the file size in advance instead of making every write an extending write.
  • 使用正确的复制方法:Use the right copy method:
    • 为两个文件共享之间的任何传输使用 AzCopyUse AzCopy for any transfer between two file shares.
    • 在本地计算机上的文件共享之间使用 RobocopyUse Robocopy between file shares on an on-premises computer.

Windows 8.1 或 Windows Server 2012 R2 的注意事项Considerations for Windows 8.1 or Windows Server 2012 R2

对于运行 Windows 8.1 或 Windows Server 2012 R2 的客户端,请确保已安装修补程序 KB3114025For clients that are running Windows 8.1 or Windows Server 2012 R2, make sure that the KB3114025 hotfix is installed. 此修补程序可提升创建和关闭句柄的性能。This hotfix improves the performance of create and close handles.

可运行以下脚本,检查是否已安装此修补程序:You can run the following script to check whether the hotfix has been installed:

reg query HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\Policies

如果安装了修补程序,会显示以下输出:If hotfix is installed, the following output is displayed:

HKEY_Local_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\Policies {96c345ef-3cac-477b-8fcd-bea1a564241c} REG_DWORD 0x1


自 2015 年 12 月起,Azure 市场中的 Windows Server 2012 R2 映像将默认安装修补程序 KB3114025。Windows Server 2012 R2 images in Azure Marketplace have hotfix KB3114025 installed by default, starting in December 2015.

“我的电脑”或“这台电脑”中没有带驱动器号的文件夹No folder with a drive letter in "My Computer" or "This PC"

如果使用 net use 以管理员身份映射 Azure 文件共享,共享似乎会丢失。If you map an Azure file share as an administrator by using net use, the share appears to be missing.


默认情况下,Windows 文件资源管理器不以管理员身份运行。By default, Windows File Explorer does not run as an administrator. 如果通过管理命令提示符运行 net use,可以管理员身份映射网络驱动器。If you run net use from an administrative command prompt, you map the network drive as an administrator. 由于映射的驱动器以用户为中心,如果不同用户帐户下已装载这些驱动器,则已登录的用户帐户将不显示它们。Because mapped drives are user-centric, the user account that is logged in does not display the drives if they are mounted under a different user account.


从非管理员命令行中装载共享。Mount the share from a non-administrator command line. 或者,可按照 此 TechNet 主题配置 EnableLinkedConnections 注册表值。Alternatively, you can follow this TechNet topic to configure the EnableLinkedConnections registry value.

如果存储帐户包含正斜杠,则 net use 命令失败Net use command fails if the storage account contains a forward slash


net use 命令会将正斜杠 (/) 解释为命令行选项。The net use command interprets a forward slash (/) as a command-line option. 如果用户帐户名称以正斜杠开头,则驱动器映射失败。If your user account name starts with a forward slash, the drive mapping fails.


若要解决此问题,可完成以下任意步骤:You can use either of the following steps to work around the problem:

  • 运行以下 PowerShell 命令:Run the following PowerShell command:

    New-SmbMapping -LocalPath y: -RemotePath \\server\share -UserName accountName -Password "password can contain / and \ etc"

    在批处理文件中,可以按如下方式运行命令:From a batch file, you can run the command this way:

    Echo new-smbMapping ... | powershell -command -

  • 用双引号将密钥括起来,可以解决此问题(除非正斜杠是首个字符)。Put double quotation marks around the key to work around this problem--unless the forward slash is the first character. 如果是,可以使用交互模式并单独输入密码,也可以生成密钥来获取不以正斜杠开头的密钥。If it is, either use the interactive mode and enter your password separately or regenerate your keys to get a key that doesn't start with a forward slash.

应用程序或服务无法访问装载的 Azure 文件驱动器Application or service cannot access a mounted Azure Files drive


每个用户都装载了驱动器。Drives are mounted per user. 如果运行应用程序或服务的用户帐户与装载驱动器的用户帐户不同,应用程序将检测不到驱动器。If your application or service is running under a different user account than the one that mounted the drive, the application will not see the drive.


使用以下任一解决方案:Use one of the following solutions:

  • 从包含应用程序的同一用户帐户装载驱动器。Mount the drive from the same user account that contains the application. 可以使用 PsExec 等工具。You can use a tool such as PsExec.

  • 在 net use 命令的用户名和密码参数中传递存储帐户名称和密钥。Pass the storage account name and key in the user name and password parameters of the net use command.

  • 使用 cmdkey 命令将凭据添加到凭据管理器中。Use the cmdkey command to add the credentials into Credential Manager. 通过交互式登录或使用 runas,在服务帐户上下文中从命令行执行此操作。Perform this from a command line under the service account context, either through an interactive login or by using runas.

    cmdkey /add:<storage-account-name>.file.core.chinacloudapi.cn /user:AZURE\<storage-account-name> /pass:<storage-account-key>

  • 不使用映射驱动器号直接映射共享。Map the share directly without using a mapped drive letter. 某些应用程序可能无法正确地重新连接到驱动器号,因此使用完整的 UNC 路径可能会更可靠。Some applications may not reconnect to the drive letter properly, so using the full UNC path may be more reliable.

    net use * \\storage-account-name.file.core.chinacloudapi.cn\share

按照这些说明操作后,对系统/网络服务帐户运行 net use 时,可能会看到以下错误消息:“发生系统错误 1312。After you follow these instructions, you might receive the following error message when you run net use for the system/network service account: "System error 1312 has occurred. 如果为系统/网络服务帐户运行A specified logon session does not exist. 可能已被终止。”It may already have been terminated." 若发生此情况,请确保传递到 net use 的用户名包括域信息(例如“[storage account name].file.core.chinacloudapi.cn”)。If this occurs, make sure that the username that is passed to net use includes domain information (for example: "[storage account name].file.core.chinacloudapi.cn").

出现错误“要将该文件复制到的目标不支持加密”Error "You are copying a file to a destination that does not support encryption"

通过网络复制文件时,文件在源计算机上被解密,以明文形式传输,并在目标位置上被重新加密。When a file is copied over the network, the file is decrypted on the source computer, transmitted in plaintext, and re-encrypted at the destination. 不过,尝试复制加密文件时,可能会看到以下错误消息:“要将该文件复制到的目标不支持加密。”However, you might see the following error when you're trying to copy an encrypted file: "You are copying the file to a destination that does not support encryption."


如果使用的是加密文件系统 (EFS),可能会出现此问题。This problem can occur if you are using Encrypting File System (EFS). 可将 BitLocker 加密的文件复制到 Azure 文件。BitLocker-encrypted files can be copied to Azure Files. 不过,Azure 文件不支持 NTFS EFS。However, Azure Files does not support NTFS EFS.


必须先将文件解密,才能通过网络进行复制。To copy a file over the network, you must first decrypt it. 使用下列方法之一:Use one of the following methods:

  • 运行 copy /d 命令。Use the copy /d command. 这样,可以将加密文件作为解密文件保存到目标位置。It allows the encrypted files to be saved as decrypted files at the destination.
  • 设置以下注册表项:Set the following registry key:
    • Path = HKLM\Software\Policies\Microsoft\Windows\SystemPath = HKLM\Software\Policies\Microsoft\Windows\System
    • Value type = DWORDValue type = DWORD
    • 名称 = CopyFileAllowDecryptedRemoteDestinationName = CopyFileAllowDecryptedRemoteDestination
    • 值 = 1Value = 1

请注意,设置注册表项会影响对网络共享进行的所有复制操作。Be aware that setting the registry key affects all copy operations that are made to network shares.

文件和文件夹的枚举速度变慢Slow enumeration of files and folders


如果客户端计算机上用于大型目录的缓存不足,则可能会出现此问题。This problem can occur if there is no enough cache on client machine for large directories.


若要解决此问题,请调整 DirectoryCacheEntrySizeMax 注册表值以允许在客户端计算机上缓存较大的目录列表:To resolve this problem, adjusting the DirectoryCacheEntrySizeMax registry value to allow caching of larger directory listings in the client machine:

  • 位置:HKLM\System\CCS\Services\Lanmanworkstation\ParametersLocation: HKLM\System\CCS\Services\Lanmanworkstation\Parameters
  • 值名称:DirectoryCacheEntrySizeMaxValue mane: DirectoryCacheEntrySizeMax
  • 值类型:DWORDValue type:DWORD

例如,可将其设置为 0x100000,并查看性能是否有所提高。For example, you can set it to 0x100000 and see if the performance become better.

需要帮助?Need help? 请联系支持人员。Contact support.

如果仍需帮助,请联系支持人员,以快速解决问题。If you still need help, contact support to get your problem resolved quickly.