I've tried by IP, using two machines on different subnets that both could ping the DSS (and vice versa), and FQDN.
I probably disabled the dynamic discovery in VMWare (is it by default? I never checked, since I install by kickstart script and use static discovery there), but I cannot see how that would be the cause the MS discovery authentication failure.
See if you can telnet to the port and get an answer.
There isnt anything on the DSS side that would block it. In fact DSS will broadcast the LUN on each IP assigned to it.
You can try to remove the target and re-add it. This will not remove data, just don't delete the Volume.
I suspect something is blocking traffic in between the initiator and the LUN.
It's been a while since I've been struggling with this issue, but now that I'm trying to backup VMs using SAN access directly (using vStorage API), I'm running into this issue again.
What I am trying to do: access any DSS target using Microsoft's native (Win 2k8 R2) iSCSI initiator.
Even without CHAP and any IP restrictions, I get "Authentication Failure", no matter on what IP or from what machine I try to connect.
DSS is listening on port 3260, and I have a VMWare ESX 4.1 connected to one of the targets.
The problem solely exists when using Microsoft Initiator.
I'm stumped - this should be easy. What am I overlooking here?
Are there any requirements for the Initiator name?
Just to make sure that we are on the same page here, that the Windows 2008 server is NOT a virtual machine and the target that you are trying to connect is not being used by any other initiator.
If you can ping from the Windows 2008 server to the DSS being the same subnet and no VLAN and maybe try to directly connect the Windows 2008 directly to the DSS server to rule out any network issues from the Windows to the DSS side.
Also check the Windows event logs as well to see if there is any errors coming up.
The 2008 R2 machine is a physical one and has an IP in the same subnet as the DSS server.
Actually, I tried two subnets, one in the default LAN and one in the iSCSI VLAN.
The iSCSI target on the DSS is a newly created one, but the error occurs already when connecting to the target portal on port 3260.
In both attempts, I was able to ping the DSS server.
Unfortunately, the windows logs do not reveal any more information.
The weird thing is: I remember having had the same issue a year or 2 ago, but about a year ago I once succesfully connected a Windows machine to a newly created target...
I simply can't think of any iSCSI setting I've changed since then...
I will make one last attempt before calling for your help: I will shutdown the ESX, reboot the DSS machine so it runs the latest updates and no connections are running and try to connect.
If the cert issue (weird: removing the root from the trusted authorities in my personal store gets me to the login, but no further?) has been fixed, I will download some logs.
Make sure after rebooting the ESX server to use the reset function for the iSCSI Targets in Location
MAINTENANCE -> connections -> Function: iSCSI connection reset.
Genius
Posting Permissions
Reply With Quote