Win11 iscsi initiator to TS-473 iscsi connection problem

[guszernial]

I want to copy folders and files previously backed up to an iSCSI block-based LUN on my QNAP TS-473 running QTS 5.1 to a new Windows 11 Pro PC using the Windows iscsi initiator. I previously backed up some of the same folders/files from a previous Win 10 system to the same LUN on the QNAP using Windows iscsi initiator, and everything worked then, but I reset and sold that system, and no longer have access to it.

But I'm unable to connect the new Win11 PC to the QNAP using windows iSCSi initiator. Discovery through the initiator using the QNAP's IP address(es) returns nothing, entering the QNAP target IQN in iSCSI initiator for the QNAP LUN Volume/ID produces an error and no connection, etc. Somehow the Win11 PC is not seeing the QNAP.

I think(?) I'm using the correct initiator and target IQN's, and I can successfully ping the QNAP IP address(es) from the Win11 PC - both initiator and target are on the same LAN subnet. I can also successfully ping the "outside world" from the Win11 and QNAP boxes. I've looked in the QNAP Notification Center and do not see and obvious connection notifications.

I'd appreciate recommendations to diagnose and/or fix the connection problem .... or how to put the folders/files on a USB stick plugged into the QNAP itself.

Thx, Gus

[FSC830]

Copying files from QNAP to an external USB device can be done by
1. using i.e. FileStation
2. using SSH and CLI

But the preferred approach is to solve the network issue. Any Firewalls in place (QuFirewall/Windows firewall)?
AntiVirus Software at Win11?
Screenshots from NAS ans iSCSI initiator could be helpful.
Accessing the "outside world" is not important here, its an issue in internal network.

Regards

[guszernial]

Per above I did further investigation regards my connection problem. There's some progress regards opening ports, but still iscsi connection failure, as a port scan from my Ubuntu system on the LAN shows port 3260 closed, and, though ports 21/tcp (ftp) and 22/tcp (ssh) on the QNAP is open, I can connect to the QNAP, but I cannot login using the adminisrator or any other accounts on the QNAP. Here's some information:

sudo nmap -p 21 192.168.1.xx
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-11-10 08:10 PST
Nmap scan report for NAS2356FD.local (192.168.1.xx)
Host is up (0.00018s latency).

PORT STATE SERVICE
21/tcp open ftp
MAC Address: 24:5E:BE:23:56:FD (Qnap Systems)

Nmap done: 1 IP address (1 host up) scanned in 1.49 seconds

sudo nmap -p 22 192.168.1.xx
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-11-10 08:23 PST
Nmap scan report for NAS2356FD.local (192.168.1.xx)
Host is up (0.00058s latency).

PORT STATE SERVICE
22/tcp open ssh
MAC Address: 24:5E:BE:23:56:FD (Qnap Systems)

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

$ sudo ftp administrator@192.168.1.xx
Connected to 192.168.1.xx.
220 NASFTPD Turbo station 1.3.6 Server (ProFTPD) [::ffff:192.168.1.30]
550 SSL/TLS required on the control channel
ftp: Login failed
ftp>
# ssh administrator@192.168.1.xx
administrator@192.168.1.xx's password:
Permission denied, please try again.
administrator@192.168.1.xx's password:
Permission denied, please try again.
administrator@192.168.1.xx's password:
administrator@192.168.1.xx: Permission denied (publickey,password,keyboard-interactive).

------------------------------------------------ and ........
# nmap -p 3260 192.168.1.xx
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-11-10 08:31 PST
Nmap scan report for NAS2356FD.local (192.168.1.xx)
Host is up (0.00018s latency).

PORT STATE SERVICE
3260/tcp closed iscsi
MAC Address: 24:5E:BE:23:56:FD (Qnap Systems)

Nmap done: 1 IP address (1 host up) scanned in 1.51 seconds

Accordingly, I cannot connect to iSCSI LUNs on the QNAP NAS from either the Ubuntu Open-iSCSI or Win11 iSCSI initiator systems on my LAN.
Note that 192.168.1.xx is the default IP address on the QNAP NAS, and "administrator" is the account (and password) with administrator privileges to replace the initial admin account on the QNAP, which is now disabled.

At one point I tried using QuFirewall, but that seemed to close *all* ports on the QNAP. I was unable to figure out how to open the needed ports, and when I searched on the internet the documentation on QuFirewall is very limited, and when I seached further I found comments that QuFirewall is problematical, so I removed it and rebooted the QNAP.

Finally, I did try to access the Folders and Files on the iSCSI LUNs on the QNAP using File Station on the NAS, but I was only able to create an image backup, which backup only allows restoring the backup to my QNAP or another QNAP, does not seem to allow viewing or copying individual Folders and Files on the image backup on the LUN to my Ubuntu or Win11 PCs on the LAN, which is my objective here.

Recommendations to diagnose and/or fix appreciated - Gus

[FSC830]

Unfortunately I do not have a Win11 system here to check, still running Win10 at all of my systems (or Ubuntu ), iSCSI to TS-473 with QTS 5.1.2 works without issues.
No idea, what M$ did change or if something needs to be configured additionally in Win11.

2 notes to your setup:
Dont disable the origin admin account. This is the most dump advise QNAP wrote in their "security advisories". There are a lot of commands/apps which need this account.
In addition, disabling this account does not protect you in any way from malware, it prevents may be(!) some script kiddies if your NAS has an access from internet (dont do that too without VPN!).

SSH login must be allowed at a per user basis. Even if your "administrator" is a member in the admin group, he has not automatically the permission to login by SSH!
You must enable this permission for this account.

Regards

[guszernial]

Thanks "FSC830 " for the input above, and I'll follow up. Meanwhile, I'm curious as to what version of QTS you're running on your QNAP NAS? I was using QTS 4.something on mine, and upgraded to QTS 5.1.2.2533 on my QNAP .... and while iSCSI using Win11 iSCSI Initiator connected to the QNAP before the upgrade, it doesn't now. Gus

[FSC830]

I was running the TS-473A with all versions from 5.0 to now the current 5.1.2.2533 as yours. The iSCSI connection was available after each update.
The NAS is not running 24/7, its powered off during night and weekend.
But as said, no Win11 here.

Is SSH access now possible?

Regards