How config CX4-240 Windows 7 iscsi with chap dual auth?

Well... until it gets approved, the obvious work-around would be to paste a screenshot of my text

Firstly, I am obligated to say that Windows 7 is an unsupported OS when connecting to the iSCSI interfaces on the SP.  Now, normally I would say unsupported and working are two different concepts, and if you are willing to try and accept this then sure go for it, but there are just too many unsupported factors to consider that immediately come to mind.

Some things to think about with Windows 7 connectivity to the CX4 iSCSI ports on the SP's, are:

1) How you will handle multiple paths from the SP's as there isn't a native MPIO solution on Windows 7 and you won't be able to install PowerPath?

2) Also related to handling multiple paths from the SP's, EMC does *not* support (iSCSI) MCS (Multiple Connections per Session) to the CX/VNX SP ports (or a Symmetrix/VMAX for that matter), and would be the only other strategy in lieu of the other two mentioned above.

MCS (Multiple Connections per Session) is a way of allowing the iSCSI service handle the multiple paths as configured via the iSCSI Software Initiator.  However, to an EMC CX or VNX SP port, that is unsupported.  MCS is *only* supported with a VNXe or iSCSI connectivity via the data movers of an NS unified platform (both which are fundamentally the same technology).  As for a VNX (not VNXe), iSCSI via the data movers is only supported via an RPQ.

So, if you still want to pursue and work-through it I can't necessarily stop you (or "forbid you" as Kevin from Shark Tank would say, hehe).  You may have a chance with MCS, but if that doesn't work (again unsupported vs working), then your only option would be to present a single path from SP A *or* B but that has obvious risks.

Now, let us temporarily ignore the unsupported OS, and talk about troubleshooting CHAP.  Typically when I implement CHAP (not often requested), I first verify connectivity without the added layer of authentication.  Only once I verify initial connectivity, then I implement CHAP.  I would suggest the same.

If you do happen to still pursue it despite the comments above, I would like to leave with you the Host Connectivity Guide for Windows which has a section about iSCSI connectivity:

https://support.emc.com/search/?resource=DOC_LIB&ThisExactPhrase=host%20connectivity%20guide%20windows&SearchWithin=true&adv=y

Hmmm.... I just replied and I guess I need a moderator to approve.

Was your question answered correctly? If so, please remember to mark your question Answered when you get the correct answer and award points to the person providing the answer. This helps others searching for a similar issue.

glen

Im not 100% sure how to clear any CHAP configuration from the array.

We have 4 Windows 7 nodes which currently talk to the CX3 array. Multipathing seems to be working using the Windows packages, at least when I “manage” the host I see both luns but only had to format one device in the OS.

The boxes only have a single Gig-E port allocated to the iSCSI switch, and all traffic on that switch is dedicated to iSCSI.

Im not sure how to get to the KB documents, not sure I have permissions or know where to look.

We are using “Clariion open” and “active/passive – mode1” for all our luns.

We need the iscsi because some of the Windows 7 nodes will be VM’s and I don’t think there is a way to attach a FC lun directly to a VM.

The desktop systems are used as a beta-testing environment and the VM environment will be the live production system running on Windows 7.

Ron

I would suggest first trying to connect the host to the array without CHAP.

Also see KB 71615 - this is a list of all the articles about using iSCSI on the EMC arrays (there are no articles for Windows 7 or 8 as they are not supported).

See KB 41172 - this shows what EMC considers Best Practice for connecting hosts using iSCSI.

CHAP can be one way or two way. Once you determine if you can get basic connection, you should see the host logged in to the array in "Storage System Connectivity Status" on the left side of Unisphere, but the host name will not be seen, only the IQN. If you're not using the EMC Host Agent, you can manually register the host in Unisphere. A Windows host would be registered as:

Initiator Type: CLARiiON Open

Failover Mode: Active/Passive

What active/passive means is that you need some kind of failover software (EMC PowerPath will not run on Windows 7/8) as a LUN will be presented and seen on both the SPA and SPB side, but only one side is the active side (the SP that owns the LUN). Without failover software, Windows will see two LUNs for the one LUN on the array. You can get around this by only connecting to one SP port to the SP that owns the LUN. For example, if you have a LUN owned by SPA, then connect the host iSCSI NIC to one of the ports on the SPA side. See KB 34447 for information on setting up the Microsoft iSCSI Initiators correctly.

How many NIC's are in your W7 hosts? We recommend that you have at least two NIC's - one is the LAN and one for iSCSI. These should be on separate subnets. You should not have a gateway address set for iSCSI as Windows has issues with multi-honing.

If you plan on using the EMC Host Agent software (used to register the host on the array), you need at least version 1.1 (release 31).

glen

No, because the information is inaccurate. Telling me that it doesn’t work isn’t going to fly.

We have iSCSI currently working in native windows multipath mode on Windows 7 connected to a CX3 array, but can’t replicate the config on the CX4 array for some reason.

Differences between the configs:

1) CX3 (works) vs CX4 (not working)

2) Non-chap (cx3) vs Chap (CX4)

Ron

I need to use iSCSI because the luns are mapped to multiple Windows 7 boxes at the same time.

VMware won’t allow me to attach a single lun to multiple hosts, so I have to use iscsi to get around that limitation.

Im running a clustered database application on multiple nodes.

It’s distributed processing app.

Ron

Are these Windows 7 hosts VM? If so you should not need to connect them directly.

If these are standalone hosts you should only connect one path to the SP port that is the same SP port as the LUN - right click on the LUN and select Properties - that should tell you what the Default SP Owner is, connect to that SP port. Make sure that the Current SP Owner and the Default SP Owner are the same.

In Unisphere, on the left side, locate the CHAP Management, click on that - you should see what you have setup and for which hosts - just select the line and delete - make sure you don't have Mirrorview setup using iSCSI as that automatically setup up CHAP for it's connections - don't delete those. Do the same in the Microsoft iSCSI Initiator in Control Panel.

When you setup the iSCSI Initiator on the hosts, in Discovery, make sure you use the IP address of the iSCSI NIC on the host - click on the Advanced button, and select the two drop downs - select the MS iSCSI initiator on the top drop down and the specific IP on the second drop down for the iSCSI IP address.

For the KB Artilces go to support.emc.com - in the Search box, put in the KB article number - 71615 for example - KB article will have blue start as an icon.

Facts, limitations, and recommended settings when using CLARiiON iSCSI

glen

usao wrote: VMware won’t allow me to attach a single lun to multiple hosts, so I have to use iscsi to get around that limitation.

VMware has a way of sharing virtual disks; almost always in the context of running for instance a virtualized MSCS Cluster.  Look into SCSI Bus Sharing.  There are two options: Virtual and Physical (latter lets you share on VM's also on different ESXi servers, the former only on the same ESXi server).

Multipathing seems to be working using the Windows packages, at least when I “manage” the host I see both luns but only had to format one device in the OS.

Now, when you say I see "both luns", I'm pretty sure you are seeing multiple copies of the same LUN (which represent one image per path).  When you format and assign a drive letter to one of those images, you are only accessing that LUN via a single path.  Again, as I had noted above, in lieu of multi-pathing solutions: native MPIO (doesn't exist) or PowerPath (can't install) your only option is MCS via the iSCSI Software Initiator; however, EMC doesn't support that to the iSCSI ports of the Storage Processors and only iSCSI LUNs via the data movers.

Im running a clustered database application on multiple nodes.

Windows 7?

No, im afraid no progress.

Has anything changed?

glen

Yes, although im not able to get Windows to “authenticate” to the CX4 for some reason.

At first I though it was due to Chap, but I went into the profile and deleted the “Target” profile, so my understanding is that it shouldn’t challenge. However, it is doing so.

Ron

Have you tried just connecting the hosts without CHAP just to see if you can get a connection? The main issue will be the multiple disks that will show up in Disk Manager without failover software. You could manually change the failover mode on the array for the host path to 0 (zero), this would only allow the host to see the LUN on the SP that the LUN is owned by.

glen