Question : Problem: WTF's up with my iSCSI network config ???

Experts:

I just purchased an EMC AX4-5i dual-SP SAN appliance; two racks, one for SAS drives and the other with SATA drives. I'm just setting up the appliance and I'm stuck, hoping you all can help me figure something out.

If you look at the attached file you'll notice my vanilla setup: 1 server with 3 NICs connected to a pair of GigE switches configured in a meshed network connecting a pair of SP units, each with two iSCSI ports of their own.

The problem I'm having is that on the server i can only ping one of two switches and only two of four iSCSI ports

C:\Program Files\Support Tools>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : galapagos
   Primary Dns Suffix  . . . . . . . : xxx.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : xxx.local


Ethernet adapter 192.168.253.98:

   Connection-specific DNS Suffix  . : xxx.local
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
   Physical Address. . . . . . . . . : 00-04-23-AB-6A-0B
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.253.98
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter 192.168.253.99:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter #2
   Physical Address. . . . . . . . . : 00-04-23-AB-6A-0C
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.253.99
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter 192.168.10.25:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
   Physical Address. . . . . . . . . : 00-50-8B-EB-15-1C
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.25
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.1
   DNS Servers . . . . . . . . . . . : 192.168.10.13
                                       192.168.10.25
   Primary WINS Server . . . . . . . : 192.168.10.13
   Secondary WINS Server . . . . . . : 192.168.10.25

C:\Program Files\Support Tools>ping 192.168.253.199

Pinging 192.168.253.199 with 32 bytes of data:

Reply from 192.168.253.199: bytes=32 time=3ms TTL=64
Reply from 192.168.253.199: bytes=32 time=2ms TTL=64
Reply from 192.168.253.199: bytes=32 time=1ms TTL=64
Reply from 192.168.253.199: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.253.199:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 3ms, Average = 2ms

C:\Program Files\Support Tools>ping 192.168.253.198

Pinging 192.168.253.198 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.253.198:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Program Files\Support Tools>ping 192.168.253.200

Pinging 192.168.253.200 with 32 bytes of data:

Reply from 192.168.253.200: bytes=32 time<1ms TTL=64
Reply from 192.168.253.200: bytes=32 time<1ms TTL=64
Reply from 192.168.253.200: bytes=32 time<1ms TTL=64
Reply from 192.168.253.200: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.253.200:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Program Files\Support Tools>ping 192.168.253.201

Pinging 192.168.253.201 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.253.201:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Program Files\Support Tools>ping 192.168.253.202

Pinging 192.168.253.202 with 32 bytes of data:

Reply from 192.168.253.202: bytes=32 time=1ms TTL=64
Reply from 192.168.253.202: bytes=32 time<1ms TTL=64
Reply from 192.168.253.202: bytes=32 time<1ms TTL=64
Reply from 192.168.253.202: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.253.202:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Program Files\Support Tools>ping 192.168.253.203

Pinging 192.168.253.203 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.253.203:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Program Files\Support Tools>

So before I go any further and start configuring iSCSI initiators or LUNs, etc...I wanted to clear up this networking mystery


Thanks,
juckyt

Answer : Problem: WTF's up with my iSCSI network config ???

To enable group policies for users logging on to your TS, but are in another OU, you'll need the "Loopback" feature.
1. Create a new GPO in your Terminal Server OU, named, for example "Loopback"; check "deactivate userdefined configuration" (I'm not sure about the English name of that entry) in properties. Edit the GPO and enable: Computer Configuration - Administrative Templates - group policies - Activate Loopback mode for group policies (or similar; as I said, I don't use an English version, so check out the explanation tab if unsure). Set the mode to replace.
2. Now you can create additional GPO(s) for your users in this OU. If possible, check "deactivate computer configuration" in those. Important: Do *not* use the "Loopback" GPO to configure other settings! These GPOs will now only apply if the users logon to a terminal server session.
Note that you do (or "may") *not* need to put the users in (or below) the TS OU. New GPOs in that OU will be applied to *all* users logging on using Terminal Services, even though those users are not in/below the TS OU.
To include only your "other OU" user (and, more important, exclude Administrators!), use the security group filtering. I'd recommend to do the following: For every GPO, create a global security group named, for example, GPol<GPO name> (*G*lobal *Pol*icy group for GPO <name>). Make your "other OU" users member of this group. In the security settings for the GPO, remove the "Apply Policy" and the "Read Policy" permissions for the default "Authenticated Users", add them for the proper security group instead.
You can (and should) of course test this with a stand-alone workstation in a test OU, before you apply it to your production environment.

Loopback Processing of Group Policy
http://support.microsoft.com/?kbid=231287

How to Apply Group Policy Objects to Terminal Services Servers
http://support.microsoft.com/?kbid=260370

Step-by-Step Guide to Understanding the Group Policy Feature Set
http://www.microsoft.com/windows2000/techinfo/planning/management/groupsteps.asp
Random Solutions  
 
programming4us programming4us