VMware Cloud Community
BertP
Contributor
Contributor

Connecting to iSCSI on Windows 2012 Box

I have been trying to get iSCSI set up on my network with little success.  I set up the target on a Windows 2012 box and I can get other Windows 2012 boxes to connect but not my ESXi 5.1 box.  When I try to connect, I get a login failure event (0301) and nothing happens.  Is there anything special I need to do to get this to work?

Thanks

Bert

Reply
0 Kudos
34 Replies
BenLoveday
Enthusiast
Enthusiast

Hi Bert,

Can you please provide a bit more information? Are you using any authentication on your iSCSI target?

Cheers,

Ben Loveday

Reply
0 Kudos
Sreejesh_D
Virtuoso
Virtuoso

Reply
0 Kudos
rickardnobel
Champion
Champion

Could you provide a screenshot of the properties of the target in Windows 2012, with the "Initiators" view expanded?

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
BertP
Contributor
Contributor

Not at the moment.  I set it up without authentication, then added it and then removed it after it made no difference in the result.  If it is required, I would be happy to add it again.

Bert

Reply
0 Kudos
BertP
Contributor
Contributor

Initiators1.JPG

Reply
0 Kudos
rickardnobel
Champion
Champion

If you are sure that the IQN is correct with the IQN of the ESXi host then it "should" work. You did also try exchanging the IQN with the IP address of the ESXi?

You was able to ping from the ESXi host? You have no jumbo frames configuration in some part of the network?

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
BertP
Contributor
Contributor

That's what I thought.  But, I have tried ip address, DNS Name and IQN without success.  I copied the IQN from the ESX box to the Windows box and pasted it there, so I'm sure that it is correct.  And, yes, I have pinged the Windows box successfully from the ESX box.

It definitely appears to be a permissions issue but I can't find any events or log file entries to tell me exactly what permission is missing.  As a test, I tried creating a Windows 2012 box and have it connect to the iSCSI target without adding the box to the domain first.  That failed - again with nothing to tell me why.  If the Windows box is a member of the domain, I can connect without a problem.

If you have any other suggestions, I would appreciate hearing them.  I am at a loss as to what the problem is.

Thanks

Bert

Reply
0 Kudos
rickardnobel
Champion
Champion

You are sure that the Windows Firewall was disabled?

Do you have access to the ESXi shell? Either directly from the console or from enabling SSH? There are some tests we could do that would be interesting.

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
Sreejesh_D
Virtuoso
Virtuoso

check for the events in /var/log/vmkerenel when you try to connect to the target. In general case "Login error 0301 " points to symptom Service Unavailable.

ensure that the Software iSCSI is enabled in VMware firewall and the required ports are opened in physical firewall if there are any.

VMware KB: Port and firewall requirements for NFS and SW iSCSI traffic

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=201217...

Reply
0 Kudos
BertP
Contributor
Contributor

Yes, I am sure that the firewall is open on the Windows box.  If it wasn't, other Windows boxes would not be able to connect to an iSCSI LUN, either, but they seem to be fine - as long as they are members of the domain.

Yes, I have enabled the ESXi shell, but I have to admit that I have never used it.  I am still an ESX newbie.

Bert

Reply
0 Kudos
rickardnobel
Champion
Champion

BertP wrote:

Yes, I have enabled the ESXi shell, but I have to admit that I have never used it.  I am still an ESX newbie.

Could you use the netcat (nc) command to verify that you can access the correct iSCSI TCP port on the target:

http://rickardnobel.se/troubleshoot-iscsi-tcp-connectivity-from-esxi-with-netcat

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
BertP
Contributor
Contributor

I downloaded PuTTY but when I try to connect as an SSH session, I get an error telling me that the connection was refused.

Bert

Reply
0 Kudos
rickardnobel
Champion
Champion

You could run the commands directly from the ESXi Shell (ALT + F1) at the start screen at the console.

However, more easy is to enable SSH from the DCUI (Direct Console User Interface) and then download for example the Putty SSH client and run it to logon to your ESXi host.

My VMware blog: www.rickardnobel.se
Reply
0 Kudos
Gleed
VMware Employee
VMware Employee

Enable the SSH service on the host, that's done from the vSphere client through the security configuration.   Can also be done from the host console using the DCUI.  Once SSH is enabled you can use any standard SSH client to connect to the host.

Note, once the ESXi Shell and/or SSH are enabled you will get a warning icon on your vSphere hosts in the client.  This warning is there to remind you to turn it off when you are done as security best practices typically don't advise leaving it turned on.

If you are running ESXi 5.1 here some good info on accessing and managing the ESXi shell.  vSphere 5.1 – New ESXiShellInteractiveTimeOut | VMware vSphere Blog - VMware Blogs

Reply
0 Kudos
BertP
Contributor
Contributor

SSH Server is enabled.  I also enabled shell access a while ago.  Plus, I do get the warning you mention when I first start vSphere and connect to my ESX box.  But, I stll get a "Connection refused" error.

Bert

Reply
0 Kudos
BertP
Contributor
Contributor

Secutity Settings.JPG

Reply
0 Kudos
Gleed
VMware Employee
VMware Employee

Is the host in lockdown mode?

Reply
0 Kudos
BertP
Contributor
Contributor

I am not running vCenter and I believe that lockdown is only available if you do.  Is that correct?

Bert

Reply
0 Kudos
a_p_
Leadership
Leadership

Your screenshot only shows the Firewall rules. Can you confirm you enabled SSH under "Services" (on the same screen)?

André

Reply
0 Kudos