Skip to content

Unable to register on-premises server to Azure File Sync (Unexpected Error) – here’s the solution.

Published by basseldamra on April 16, 2019

Hi Everyone,

If you didn’t hear yet about Azure File Sync service then you should read about it, it’s an amazing way to replicate or extend your on-premises file server to the cloud. it can be used as a centralized hub if have many branches and on-premises servers will act as caches for frequently used data, this feature is called Cloud Tiering, or just as a regular file server backup.

You can read more in the below articles

https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning

https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-deployment-guide?tabs=azure-portal

But in this post I’m addressing the below issue which I faced during the deployment of the Azure File Sync.

The issue:

Well, while deploying the Azure File Sync you have to install the Azure File Sync Agent on your on-premises server then sign in with your Azure credentials to register the server to your Storage Sync Service


but the problem occurs after entering your Azure Credentials, the below error will appear

The solution:

This is actually related to TLS 1.0 being disabled on your file server, enable the TLS 1.0 and registration should be complete successfully.

How to enable TLS 1.0?

Open the Registry Editor and point to the below path

HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client

Change the value to ffffffff

Retry sign in via the Agent the the below should appear, which means you’re good to continue you’re deployment

Should I keep TLS 1.0 enabled?

Actually you don’t have to keep the TLS 1.0 enabled as it is just used to register the server to the Storage Sync Service, after that the replication is happening via the Storage Shared Access Signature (SAS).

Server registration uses your Azure credentials to create a trust relationship between the Storage Sync Service and your Windows Server, however subsequently the server creates and uses its own identity that is valid as long as the server stays registered and the current Shared Access Signature token (Storage SAS) is valid. A new SAS token cannot be issued to the server once the server is unregistered, thus removing the server’s ability to access your Azure file shares, stopping any sync.

So feel free to re-disable the TLS 1.0 as the sync will not be affected.

I hope this was helpful and let me know what do you think in the comments section.

Spread the love
Published inAzure Storage

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *