Share via

Issue with Global Secure access

Koh Shi Jie 40 Reputation points
2025-12-08T08:28:26.64+00:00

Hi,

I have setup a global secure access to access my SMB file server but the SMB file server is access using FQDN not ip address. i have tried to setup but unable to access using FQDN. Can i get some help. And also maybe a teams call to look at my configurations

Windows for business | Windows 365 Business
0 comments
Answer accepted by question author
  1. Jason Nguyen Tran 4,870 Reputation points Independent Advisor
    2025-12-08T09:18:47.2233333+00:00

    Hi Koh Shi Jie,

    When using Global Secure Access (GSA) with SMB, name resolution becomes critical, because the client must be able to resolve the FQDN through the Private DNS resolver or your internal DNS infrastructure configured in GSA. If SMB works over IP but fails over FQDN, it usually means the DNS settings in your GSA Endpoint or Traffic Forwarding Profile are not correctly configured or the domain suffix isn’t being passed through the tunnel.

    Please check that your server’s FQDN exists in your internal DNS zone and that your GSA profile includes:

    The correct internal DNS servers

    Split-tunnel or full-tunnel rules allowing port 445 over GSA

    The FQDN added to your Private Access Application object

    If these settings look correct but FQDN resolution still fails, you can run the following test from the client machine while connected to GSA:

    nslookup <your-FQDN>

    Share the result with me and I’ll advise you step-by-step I can walk you through the configuration in detail here.

    If this helps point you in the right direction, please consider clicking “Accept Answer” so I know it resolved your concern 😊. Thank you!

    Jason.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Nguyen Tran 4,870 Reputation points Independent Advisor
    2025-12-09T09:47:56.5633333+00:00

    Hi Koh Shi Jie,

    I hope everything is going well. Have you managed to fix the problem on your side or anythings else I can help with? If the solution worked for you, please consider selecting “Accept Answer” to help others find it more easily. Much appreciated!

    1 person found this answer helpful.
    0 comments
  2. Q&A Assist
    2025-12-08T08:28:36.5133333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To troubleshoot the issue with accessing your SMB file server using its Fully Qualified Domain Name (FQDN) through Global Secure Access, consider the following steps:

    1. Check DNS Configuration: Ensure that the DNS records for your SMB file server are correctly set up and that the FQDN resolves to the correct IP address.
    2. Use Advanced Diagnostics: In the Global Secure Access client, use the Advanced Diagnostics feature to check if the FQDN is listed under Private access rules. This can help confirm that your application is configured correctly.
    3. Verify Traffic: After starting traffic collection in the Advanced Diagnostics, navigate to the SMB share using the FQDN. Check if the destination FQDN appears in the diagnostics report and ensure that the channel is set to Private Access and the action is Tunnel.
    4. Check Application Logs: Review the application logs to confirm that the sign-in is recognized from an IP address that matches an egress IP of your private network.
    5. Disable QUIC and IPv6: Ensure that QUIC, IPv6, and encrypted DNS are disabled as they can interfere with the connection.

    If these steps do not resolve your issue, consider collecting logs from the Global Secure Access client and submitting a support ticket to Microsoft for further assistance.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.