Solved

Windows iSCSI Initiator Connection problem

Posted on 2011-09-08
15
4,780 Views
Last Modified: 2012-10-31
Hi,
I am trying to configure iSCSI Initiator on Win2K8/SP2 STD Server on a HP Proliant DL380 G5 h/w with iOmega StorCenter ix4-200D as a target iSCSI device. I have enabled CHAP mutual authentication on iOmega, but I am not getting the connection. I have anotehr similar setup in our second location with a DELL server and the connection is fine there.

I am almost always getting the error msg: "Initiator CHAP secret is Invalid. Maximum size is 16 bytes and the minimum is 12 bytes..." I am using the same CHAP secret that is on the working site.

Where I'm going wrong with this? Is HP the cause?

Thanks, Sharad
0
Comment
Question by:raisharad
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36506310
Do you possibly have any other requirements in authentication, such as IP address restriction, or IQN?
0
 

Author Comment

by:raisharad
ID: 36506475
No, nothing of that sort.
I even tried disabling CHAP on iOmega, but no help. I get Authentication Failure on iSCSI Initiator.
For some reason, I don't see "Configuration" tab on my iSCSI initiator. Here is what I see on both servers (incl. DELL which is working though)


Sharad iSCSI Initiator
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 36506580
Double-check the initator names are correct on the storage and host. When you disabled CHAP, did you disable it on the array as well?
0
 

Author Comment

by:raisharad
ID: 36507173
I even copied and pasted the names but to no help. Yes, I did disable CHAP on both storage and host. Thanks,
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36507540
CHAP Secret between 12 and 16 characters?
0
 

Author Comment

by:raisharad
ID: 36510152
I treid these secrets and none of them worked:
The2ndiSCSIdev
qazwsxedcrfvtgb

Thanks,
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36513560
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36515063
Does the iOmega unit have a software kit to install that might include a helper/wizard for connectivity, maybe even MPIO settings?  I'm not familiar with the iOmega unit specifically, but many other iSCSI target devices have their own special package to optimize/simplify or enhance the standard initiator.  Example:  Equallogic's HIT KIT includes a discovery piece that includes options for specifying the CHAP credentials, independantly of MS.
0
 

Author Comment

by:raisharad
ID: 36529315
Hi BobintheNoc,
No iOmega does not provide any such tool or utility, but the only difference between the working DELL and HP servers is that HP has HP Network Configuration Utility in the Control Panel, pls see the image. I never used it before but wondering if I need it for iSCSI Initiator. However, I tried checking the iSCSI box and it asks for License that I have to buy from HP.
Please advice,
Thanks, Hp Network Config Utility
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36533790
0
 
LVL 7

Accepted Solution

by:
BobintheNoc earned 250 total points
ID: 36533946
Are you, by chance, running the HP NIC Teaming Utility?  If so, break/dissolve the teaming functions so that you can run directly.  Typically, with teaming on, you'd see, for two nic interfaces that are teamed, three actual network connections--one representing the team, with all services bound, and the two literal NICs with virtually no services bound.

Teaming, while potentially functional, doesn't necessarily agree with Microsoft's iScsi initiator.  Instead, use MPIO if you need the redundancy/performance, which may be conditional upon the 'iScsi' licensing for the HP NIC.  Also, the iScsi offloading supported by the nc373 won't be accessible or useable for the tcp offloading onto the nic unless you license it.  This can impact performance since tcp checksums would have to be calc'd by the system's cpu.

In the event that you get NOWHERE with this, you might try using a broadcom reference driver and take the HP driver out of the picture.  I think the 373 is broadcom based---verify and use at your own risk.

Lastly, if you're certain you've got your iniator config'd to NOT use Chap, and whatnot, perhaps consider adding in another brand of multiport nic, perhaps an Intel quad port server card that's listed as supported or has the iScsi logo/certification.

0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36533964
Sounds like you've covered the bases, but just in case since it was asked but not answered:  On the target side, did you disable or verify the status of any IP restriction or IQN restriction?

Perhaps you can generate a configuration file to see that the gui reflects the actual:
To generate an iSCSI configuration report
1.Open Microsoft iSCSI Initiator, and then click the Configuration tab.

2.Click Report.

3.Enter the file name, and then click Save.
0
 

Author Comment

by:raisharad
ID: 36537667
Thanks for your tenacity BobintheNOC,
It appears from your response that I have hit the wall and should take a totally different direction than wasting any more time on getting the current setup to work.

I will still give you some points as you did give me some helpful pointers in your last comments.

Thanks,
Sharad
0
 

Author Closing Comment

by:raisharad
ID: 36537676
I need a totally different approach to the problem...
0
 
LVL 7

Expert Comment

by:BobintheNoc
ID: 36547353
Usually the same personality traits that allow most us to enjoy computing also make it difficult to make the 'cut your losses' decision.  I find myself down the path of "I WILL figure this out" and can spent countless hours on a problem that any 'business' minded person would realize as not worth the effort.

Sometimes, there's an defect or funky configuration that may not be resolveable, even by the folks who designed/built a component.  Those are usually the most annoying--try and try, do everything conceivable and it turns out to be a defect in hardware.

How many workstations in my career have I struggled with for a problem, and then, in the end, decided to simply format and reinstall OS--which'd often correct or resolve the initial problem.

Bottom line, when you go down a path of REASONABLE effort, and have covered your bases in core troubleshooting, it's VERY ACCEPTABLE to throw in a towel and replace/rebuild.  As a consultant, I've learned, over time and trial, that a client would rather have me buy a new $100 Wifi network card rather than spend $300 in troubleshooting time to still end up with a non-functional device.  Of course, I feel guilty in those instances, and don't bill them for full time, but to avoid it, I often offer the scenario in advance.  Same goes with virus/malware recovery on a heavily infected system--sure, I can crawl the machine, reg line by reg line, examine all files, objects, etc, and spend several hours to MAYBE come to a safe conclusion--OR I can definitely format, rebuild, repatch and redeploy in a KNOWN 2 hours.  Heck, sometimes, it's almost cheaper to buy a new business class PC at $400-500 rather than even take the chance.  Were it my OWN PC, of course I'd rebuild, repair since I don't charge myself for my own services, but is it the effective solution for the client?

Sure hope you get that iSCSI connection going.  Have you tried HP support or HP Support Forums?

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now