Hello everyone
I've got device:
Firmware: 4.2.6
Model : QNAP TS-459U+
I would like to connect it via iSCSI to my VMware ESXi 6.0u3, 5050593 server.
Unfortunately, when CHAP authentication is ON, in my virtualizator logs i see:
Login to iSCSI target iqn.2004-04.com.qnap:xxxxxxxxxx cc7a84 on vmhba35 @ vmk0 failed. Target returned login error of: 0201. error
I'd tried to set every easy login and pass, to avoid misstake, but no mather of anything, it just doesn't work.
When CHAP auth is off, everything work perfectly, but it's unsecure because any machine, could connect to it.
I've set ACL to denied all and allow only this server, but it seems to not working at all.
Even denied for everything, still is giving me a posibility to connect it to my pc
VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI
-
- New here
- Posts: 2
- Joined: Sat Dec 05, 2020 2:52 am
-
- New here
- Posts: 2
- Joined: Sat Dec 05, 2020 2:52 am
Re: VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI
For test, i'd used TS-351 with firmware 4.5.1.1480 and it work perfectly.
Does anyone have idea, why TS-459 got this problem??
Does anyone have idea, why TS-459 got this problem??
-
- Starting out
- Posts: 20
- Joined: Thu May 06, 2021 12:24 pm
Re: VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI
Observation: Can I ask why your iSCSI is on an L3/L2 segment that is peering? - word to the wise, iSCSI should always be Out-of-Bound (OOB). I personally wouldn't enable CHAP on ISCSI, especially as the best practice is for ISCSI to OOB of normal LAN traffic.
Recommendation: isolate your ISCSI network from LAN traffic, disable CHAP, and the problem is resolved by mitigating risk completely as the iSCSI traffic is completely isolated (OOB).
Recommendation: isolate your ISCSI network from LAN traffic, disable CHAP, and the problem is resolved by mitigating risk completely as the iSCSI traffic is completely isolated (OOB).
Sr. System Administrator
Certifications: Microsoft Certified Solutions Expert x 3, Microsoft 365 Certified: Enterprise Administrator Expert, Microsoft Certified: Azure Administrator, Office 365 Messaging Administrator, Microsoft Certified: Azure Virtual Desktop Specialty, VMware VCP 5 & 6 DCV/NV, VMware vExpert 2015-2021, CompTIA: A+, Network+, Storage+, Server+, Security+, CySA+, CASP+
Blog: https://www.G15IT.com
Lab:
(1) TS-832X - (Hybrid) - (4) 8 TB WD Red Pro in RAID 10, (4) WD Blue 1 TB SSD's in RAID 5 - QM2 Dual M.2 SSD card
(1) TS-832X - (All-Flash) - (8) 1 TB WD Blue SSD's in RAID 5 - QM2 Dual M.2 SSD card
(2) TS-230 - (2) 6 TB's RAID 1 - Backup repository for Veeam BR 9.5
(1) TS-453D - (4) 6 TB's in RAID 6 - File Server with QM2 Dual M.2 SSD card
Certifications: Microsoft Certified Solutions Expert x 3, Microsoft 365 Certified: Enterprise Administrator Expert, Microsoft Certified: Azure Administrator, Office 365 Messaging Administrator, Microsoft Certified: Azure Virtual Desktop Specialty, VMware VCP 5 & 6 DCV/NV, VMware vExpert 2015-2021, CompTIA: A+, Network+, Storage+, Server+, Security+, CySA+, CASP+
Blog: https://www.G15IT.com
Lab:
(1) TS-832X - (Hybrid) - (4) 8 TB WD Red Pro in RAID 10, (4) WD Blue 1 TB SSD's in RAID 5 - QM2 Dual M.2 SSD card
(1) TS-832X - (All-Flash) - (8) 1 TB WD Blue SSD's in RAID 5 - QM2 Dual M.2 SSD card
(2) TS-230 - (2) 6 TB's RAID 1 - Backup repository for Veeam BR 9.5
(1) TS-453D - (4) 6 TB's in RAID 6 - File Server with QM2 Dual M.2 SSD card