Table of Contents
Introduction
Azure File Sync helps you save on storage capacity by centralizing your data and then install a sync agent on Windows Server on-premises or in Azure (IaaS VM) to provide fast local access to your files in Azure. Your local server and Azure are constantly syncing, so you have one centralized location for your files with multi-site access powered by fast local caches and cloud tiering.
I was recently upgrading the Azure file sync agent on one of my servers. And when I attempt to register the server with the Storage Sync Service by signing to Azure, I received the following error.
Cannot find object or property. (Exception from HRESULT: 0x80092004)
The issue
I recently had a problem where I could not get Azure File Sync (AFS) agent to register with Azure. The issue I had is the following:
After I launched the server registration UI wizard, and Sign in with my account to Azure successfully.
I selected my Azure subscription, the resource group, and the desired Storage Sync Service as shown in the figure below.
After I click Register, the UI threw an error with the following message:
Cannot find object or property. (Exception from HRESULT: 0x80092004)
Troubleshooting
After digging in the logs, I found the following error message under the ‘System’ event logs – Event ID: 36871
A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
This error message appeared twice at the same time.
This gave me an indication there is something wrong with TLS. TLS is a secure protocol for communication, and TLS 1.2 support has recently been made a mandate across Microsoft products. What that means is that wherever a product leverages TLS, TLS 1.2 should be supported. You can read more about Transport Layer Security (TLS) here.
And last year, the Azure File Sync team announced that they are removing support for TLS 1.0 and 1.1 in August 2020. All supported Azure File Sync agent versions already use TLS 1.2 by default. And Azure File Sync service regions added after May 1, 2020, will only support TLS 1.2 and they’ll remove TLS 1.0 and 1.1 support from existing Azure regions in August 2020. In my case, I deployed a new Azure File Sync service and we are in 2021.
A quick look to verify if TLS 1.2 is enabled on this server, I ran the following PowerShell command:
Get-Item 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client'
Get-Item 'HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server'We can see that TLS 1.2 is enabled on this server as shown in the figure below (Enabled: 1). The Azure File Sync agent should work as documented by Microsoft here.
So what is the issue?
Resolution
I reached out to the AFS team and they investigated this issue. The Error 0x80092004 is equal to CRYPT_E_NOT_FOUND.
It’s more than likely, the registry is referencing a certificate that no longer exists on this server.
To resolve this issue open a PowerShell console in admin mode and run the following two commands:
Remove-ItemProperty HKLM:\SOFTWARE\Microsoft\Azure\StorageSync\ServerSetting -Name ServerSetting.Server=Localhost -Force
Import-Module "C:\Program Files\Azure\StorageSyncAgent\StorageSync.Management.ServerCmdlets.dll"
Reset-StorageSyncServer
The first command will remove the Server settings from the registry and the second command will perform an offline-only removal of the server’s trust relationship with the Storage Sync Service and all server endpoints. The changes will not be communicated to the AFS service. This server is not registered with the sync service and does not have any resources in the cloud, so it’s safe to perform offline removal.
Enter [Y] to confirm. The default is Yes!
Last but not least, open File Explorer, and then go to the Storage Sync Agent installation directory (the default location is C:\Program Files\Azure\StorageSyncAgent).
Run ServerRegistration.exe, and complete the wizard to register the server with a Storage Sync Service.
The registration should successfully be completed now without any error as shown in the figure below.
Hope this helps someone out there!
Thanks to Jeff in the AFS team for his help in getting to the bottom of this.
Summary
Azure File Sync extends on-premises file servers into Azure by providing cloud benefits while maintaining performance and compatibility with your existing applications and infrastructure. Azure Files and Azure File Sync give you the ability to share files without the need to deploy the underlying server infrastructure which provides several benefits when building an Azure-based PaaS application.
- Learn more on how Azure Backup Integrates with Azure File Sync – Part I
- Learn more on how Azure Backup Integrates with Azure File Sync – Part II
Do you want to learn more about Azure Storage including Azure Blobs and Azure File Shares? Make sure to check my recently published online course here: Azure Storage Essential Training.
__
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.
-Charbel Nemnom-
