Setting up two-way authentication for Windows hosts

You can set up two-way authentication for Microsoft Windows hosts.

Verify that you have a working one-way authentication and that you configured a system iSCSI Challenge Handshake Authentication Protocol (CHAP) secret on the system.

To set up two-way authentication for a Windows host, complete the following steps:

Tasks on the Windows host:

  1. Go to the Control Panel.
  2. From the Control Panel, select the iSCSI Initiator option.
  3. From the iSCSI Initiator Properties panel, click the General tab.
    Note: For Windows Server 2012, select Configuration.
  4. Click Secret to see an iSCSI Initiator panel from which you can type your CHAP secret. Enter the system CHAP secret.
    Note: For Windows Server 2012, click CHAP... and then enter the system CHAP secret.
  5. Click OK.
    Notes:
    1. This setting applies to both the discovery session and normal session.
    2. The same length restrictions for CHAP secrets that apply to one-way authentication apply to two-way authentication.
    3. The CHAP secrets for the system and the host initiator cannot be the same.
  6. To set up the two-way authentication, repeat the previous steps, but in this instance, select Perform mutual authentication from the Advanced Settings panel.
    Refer to the information about setting up authentication for discovery sessions and normal sessions.

Tasks in the management GUI:

Note: For CLI directions, see the information about configuring system iSCSI authentication by using the CLI.

  1. Select Settings > Network > iSCSI.
  2. On the iSCSI Configuration page, select Modify CHAP Configuration.
  3. On the Modify CHAP Configuration page, enter a system-wide CHAP secret and select Use for iSCSI-attached hosts.
  4. Click Modify.