Storage Gateway - CHAP - Authentication Failure to Target

Hello,

With the CHAP configuration set for the Volume on the Storage Gateway console, please try the following steps to successfully connect to your volume using CHAP Authentication from a Windows client -

1. Open the iSCSI Initiator Properties

2. Choose the 'Configuration' tab:

   a. Click on 'CHAP'.

   b. Enter the 'Target secret' you had configured on the Storage Gateway console here. This is the secret key that the initiator (the Windows client) uses to authenticate the target (the storage volume).

   c. Choose OK.

3. Now, choose the 'Discovery' tab:

   a. Click on Discover Portal

   b. Enter the IP address of your Volume Gateway. Let the port be set to the default value: 3260.

   c. Click on OK.

4. Move to the 'Targets' tab:

   a. You should now find your Volume listed as a target with the Status: Inactive

   b. Select the target you want to connect to, and click on Connect

5. In the 'Connect To Target' dialog box that opens, select 'Advanced':

   a. The 'Advanced Settings' dialog box appears. Here, select the checkbox next to 'Enable CHAP log on'

   b. In the 'Target secret:' field, enter the 'Initiator secret' you specified for this initiator on the Storage Gateway console. This value is the secret key that the initiator (the Windows client) must know to participate in CHAP with the target.

   c. Select the checkbox next to 'Perform mutual authentication'

   d. Click OK

   e. Click on OK again in the 'Connect To Target' dialog box.

6. With the right secret key values entered, the status of the target should now flip to 'Connected'.

For more information, please see - https://docs.aws.amazon.com/storagegateway/latest/vgw/initiator-connection-common.html#ConfiguringiSCSIClientInitiatorCHAP

I hope this helps!