iSCSI setup with Openfiler and Windows Server 2008
I wasn’t very happy with the quality of my last video. I had fun making it, just didn’t like the way Youtube compressed it.
I’m experimenting with trying to host my own videos locally and we’ll see how this turns out. Hopefully the screen text will be much sharper.
The big picture is that I’m wanting to play with the failover and nlb capabilities of Windows Server 2008. I currently have my Hyper-V box online, as well as a domain controller for the march.local domain. I also have a 2nd physical box that I dumped every spare IDE drive I could find lying around into, and installed an opersoure iSCSI Target called OpenFiler. This is really my first time playing with iSCSI or a linux based SMB file server, so it’s been a unique learning experience.
I had already installed Openfiler, and after a little tinkering, I got kerberos authentication working and joined the box to the domain. At that point I brought up my 3rd Windows 2008 server and got an itch to play with Windows Deployment Services. It was the one thing I didn’t experiment with live while studying for the Windows 2008 Server exams. As I was walking through the wizard it prompted me for a place to store all of my images, and rather than creating another .VHD file to store them on a 2nd drive locally, I opted to go for the iSCSI option.
So here is a quick video on setting up iSCSI.
So since setting up iSCSI, I’ve got WDS working. I was able to use a boot.wim to PXE boot a Virtual machine with an attached Legacy adapter and install Windows 2008. After I got the new OS up and running, configured and patched. I was able to then create a capture image on the WDS server, run SYSPREP on the base OS, and PXE boot the capture image to create a new Install image to be used for future deployments. With that said, I will not be deploying using the image I just created.
It was a painfully slow process pulling the image from the iSCSI storage. No doubt because I have 3 Virtual machines all attached to the same physical network adapter, which is also being used to direct the iSCSI traffic. *UPDATE HERE* I may try putting Netmon on the Parent OS and see if I can monitor the network traffic and see exactly how bad the bottle neck is. It also may have something to do with the legacy network adapter booting at fast ethernet speeds, and not properly negotiating it’s duplex settings, since the physical network is all gigabit. I’m not completely clear on how a Virtual Switch would handle that. Getting the network properly segmented is definitely on my to-do list. I have 4 physical adapters in the box, so if I had another switch, or even a layer 2 switch, I would be able to properly subnet my network out.
So, for the future builds, it’s much easier to just run SYSPREP with the shutdown command, and then copy and rename the .VHD file 5 more times. 
Oh, and one last note on Windows Deployment Services. I had my server set to only accept known clients, which means you have to pre-stage the machines in Active Directory. The directions to do this are:
To prestage client computers
- Open Active Directory Users and Computers.
- In the console tree, right-click the applicable organizational unit that will contain the new client computer.
Where?- Active Directory Users and Computers/Applicable domain/Applicable organizational unit
- Click New, and then click Computer.
- Type the client computer name, click Next, and then click This is a managed computer.
- In the text entry field, type the client computer’s globally unique identifier (GUID), and then click Next.
- Click one of the following options to specify which server or servers will support this client computer:
- Any available Remote Installation Services (RIS) server
Selecting this option specifies that this client computer can be serviced by any RIS server. - The following RIS server
Selecting this option designates a specific server to service this client computer.
- Any available Remote Installation Services (RIS) server
Yeah, ummmmm, no next button here......
Ouch…. Next time I need to hide the clock on the server so that people don’t notice that I was recording this at 11pm on a Friday night.
Jim,
Thank you very much for your efforts in doing this video. This is really helpful. I did exactly as you showed in the video but i am unable to discover my target from iscsi initiator…after adding my openfiler server information and CHAP authentication for discovery, when i go to the targets tab i do not see my target discovered….the list is empty.
Any inputs in resolving this issue would be much appreciated…
Are you able to discover your target with NO Authentication?
I would start there and then add layers of security one at a time to see where your problem is occuring.
Also, make sure that you use a different Username and Different Password for each portion of the CHAP Authentication.
@Jim
Jim,
Thank you so much for your inputs.
I beleive the problem was with the Network ACL Authentication.
My initiator machine has two NIC cards, so i added both the IP addresses and set it to “allow” in openfiler. Initiator was still unable to discover the target.
Again i changed the ACL with a 24 bit subnet mask to allow all machines in the subnet and it worked!!!! Initiator was able to discover the target.
I have no idea on why it did not work the first time.
Also do you think “Multipath I/O” Feature is required on win 2008 server to establish iscsi connection?
Thank you once again.
Gopi.
Jim,
One more question,
do you think having a 64 bit openfiler target and a 32bit openfilter target will make any difference?
Thanks,
Gopi.
@tgopinath
Multipath would only be required if you had multiple paths to your storage.
i.e. Multiple nics on your machince connecting to a clustered Openfiler instance.
As for the network ACL issue, you should really be running your iSCSI stuff on a seperate netowork from you regular traffic. So the NIC used to connect to the iSCSI box should be on a different subnet at a minimum, but prefereably on a dedicated switch.
If both NICs are on the same subnet, the binding order in the Advanced Network properties determines which interface the traffic will originate from.
Thank you very much for your responses.
I was able to successfully connect two or more initiators to this openfiler share. let us say I create a folder/ file named “test” using the initiator share from machine 1. i’m unable to see the folder on accessing the share from initiator in Machine 2.
Is it because the ext3 filesystem or the iscsi is not a shared type that can be accessed on two initiators at the same time?
@tgopinath
Two nodes should not be sharing the same volume, UNLESS they are clustered.
Which will not currently work in Windows 2008 Server, but should work in earlier versions of Windows.
http://resume.jimmarch.com/2009/03/windows-server-2008-clustering-openfiler-iscsi-fail/
The reason is that iSCSI is block level storage, and unlike normal SMB file transfers, only 1 node can control the resource at any given time. This is handled by the cluster service in a clustered environment.
On another note, Openfiler DOES support NFS and CIFS filesharing. So if you are looking to share FILES between nodes, that is something to look into. iSCSI can be used to share STORAGE between nodes, but that is for clustering purposes.
I messed with openfiler for hours and couldn’t get it to work…couldn’t ever find any real helpful info out there either. Your video was PERFECT! Thanks for the great info!