Windows iSCSI forward authentication

Test

Boot into a Windows XP operating system stored on an iSCSI target.

DUT configuration

No physical disks present. System configured to boot from NIC equipped with gPXE ROM.

Environment configuration

iSCSI target running IETD set up to require forward CHAP authentication. DHCP server providing network configuration and iSCSI root-path.

Result

Success is defined as reaching the Windows graphical login screen.

Detailed test procedure

Prerequisites
  • Image of installation CD (in this test, XP Professional SP 2): dd if=/dev/cdrom of=winxp.iso
  • QEMU
  • iscsitarget
Windows Setup

Create hard disk image: qemu-img create -f raw hd.img 4G

Boot setup CD in QEMU: qemu -hda hd.img -cdrom winxp.iso -boot d

Install as usual. Format as NTFS (quick) to save time, using the entire disk.

After the first reboot, allow booting from hard disk (do not press a key at the “Boot from CD” prompt).

First try at the graphical stage of setup got stuck at “Installing Devices” for at least an hour. TODO: investigate if this is due to kqemu or other environmental factors, or restart QEMU between setup stages. Restarting QEMU allows it to continue…

Enter a name (“Test” for this example), then enter the product key.

Accept the default computer name and blank administrator password.

Accept the default time configuration.

Accept the default network configuration and workgroup.

After this stage of setup completes and another reboot, setup is complete.

Click OK on the Display Settings dialog to adjust the screen resolution, then click OK to accept the change.

After some time, the first-run wizard appears; press Next.

Select “Not now” on the Windows Update page, then click Next.

Click “Skip” on the network configuration page.

Select “No” on the activation page and click Next.

Enter “Test” as the first username and click Next.

Click Finish.

At this point, you should be at the Windows desktop.

TODO: Network adapter did not acquire an address from QEMU's DHCP server; reboot allowed it to work.

iSCSI initiator setup

Download the Microsoft iSCSI initiator in the VM, then run the installer.

Select “Initiator Service” and “Software Initiator” only, then click Next.

Select “I agree”, then click Next.

Click Finish when the installation is complete.

Download http://git.etherboot.org/releases/sanbootconf/sanbootconf-latest.zip and extract it, then run install.bat.

Now setup is complete; shut down the Windows machine.

iSCSI target setup

On the iSCSI target machine, edit /etc/ietd.conf to add a target. 

Target iqn.2000-01.test.etherboot.org:iscsiboot.xp
        Lun 0 Path=/path/to/hd.img
        IncomingUser testuser userpassword
        OutgoingUser testtarget targetpassword

Ensure the iSCSI target is running. (ex. Gentoo: /etc/init.d/ietd start)

Booting with gPXE

TODO: authentication

Create a gPXE script as follows and boot it: 

#!gpxe
sanboot iscsi:my.target.dns.name::::iqn.2000-01.test.etherboot.org:iscsiboot.xp

(where my.target.dns.name is the DNS name or IP of the machine running the iSCSI target)

Windows should boot to the desktop.


Trace: windows_xp_iscsi

QR Code
QR Code soc:2009:dverkamp:notes:windows_xp_iscsi (generated for current page)