By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Storage Gateway - CHAP - Authentication Failure to Target

0

EC2 Windows instance. Volume Storage Gateway. iSCSI connects fine without CHAP. (Image of successful connection provided.) Enter image description here

When trying CHAP, I keep getting 'Authentication Failure' to target. (Error image provided.)

On the target (SG), CHAP is set with the initiator ID from the EC2 instance plus the EC2's initiator secret, as well as a target secret.

On the initiator (EC2), the target name is listed under Targets and Target Portals.

Enter image description here Enter image description here Enter image description here

I did this last week successfully in a test run in another environment. It seems simple enough to enter iSCSI settings.

Topics
StorageCompute
Tags
AWS Storage GatewayAmazon EC2
Language
English
rePost-User-9130985
asked 10 months ago266 views
2 Answers
1
Accepted Answer

Hello,

With the CHAP configuration set for the Volume on the Storage Gateway console, please try the following steps to successfully connect to your volume using CHAP Authentication from a Windows client -

  1. Open the iSCSI Initiator Properties

  2. Choose the 'Configuration' tab:

    a. Click on 'CHAP'.

    b. Enter the 'Target secret' you had configured on the Storage Gateway console here. This is the secret key that the initiator (the Windows client) uses to authenticate the target (the storage volume).

    c. Choose OK.

  3. Now, choose the 'Discovery' tab:

    a. Click on Discover Portal

    b. Enter the IP address of your Volume Gateway. Let the port be set to the default value: 3260.

    c. Click on OK.

  4. Move to the 'Targets' tab:

    a. You should now find your Volume listed as a target with the Status: Inactive

    b. Select the target you want to connect to, and click on Connect

  5. In the 'Connect To Target' dialog box that opens, select 'Advanced':

    a. The 'Advanced Settings' dialog box appears. Here, select the checkbox next to 'Enable CHAP log on'

    b. In the 'Target secret:' field, enter the 'Initiator secret' you specified for this initiator on the Storage Gateway console. This value is the secret key that the initiator (the Windows client) must know to participate in CHAP with the target.

    c. Select the checkbox next to 'Perform mutual authentication'

    d. Click OK

    e. Click on OK again in the 'Connect To Target' dialog box.

  6. With the right secret key values entered, the status of the target should now flip to 'Connected'.

For more information, please see - https://docs.aws.amazon.com/storagegateway/latest/vgw/initiator-connection-common.html#ConfiguringiSCSIClientInitiatorCHAP

I hope this helps!

Shwetha_M
answered 10 months ago
0

Hi Shwetha!

Thank you for spelling it out.

The clincher for me was 5b, " In the 'Target secret:' field, enter the 'Initiator secret'". Rather misleading of them!

rePost-User-9130985
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content