iSCSICLI command reference

iSCSICLI is the command line interface for the Microsoft iSCSI Software Initiator (2K, 2K3, XP) and inbox in Vista, Server 2008.  Note that: iSCSI Software initiator is included by default in the Server Core Installation option of Windows Server 2008.

iSCSICLI can be used to configure, login to iSCSI target devices.   It's assumed that the IT admin has already created an iSCSI target following the steps provided by their array vendor with the appropriate management tools.  It can be used manually or in command line scripts. To get basic information on iscsicli commands enter the command iscsicli /?. A number of commands have many possible parameters; however, in most cases a * can be used for a parameter to indicate that the default value for that parameter should be used. Hexadecimal numbers specified must be preceded by 0x, which is the ‘C’ programming language notation to indicate that the number is in hexadecimal. iSCSICLI commands are not case sensitive.

There are several sets of commands:

Manually Configured Targets

These commands handle the management of the manually configured targets. A target can be manually configured for one of two reasons. If a target cannot be discovered by any dynamic discovery mechanism then it may be statically configured. Also, a target may be statically defined such that default values for those properties that cannot be discovered dynamically can be persisted. A static target may be configured as hidden in which case it is not reported unless it is also discovered by another discovery mechanism.

AddTarget <TargetName> <TargetAlias> <TargetPortalAddress>

<TargetPortalSocket> <Target flags>

<Persist> <Login Flags> <Header Digest> <Data Digest>

<Max Connections> <DefaultTime2Wait>

<DefaultTime2Retain> <Username> <Password> <AuthType>

<Mapping Count> <Target Lun> <OS Bus> <Os Target>

<OS Lun> ...

This command will manually configure a target and optionally persist that target.

TargetName is the name of the target.

TargetAlias is the alias for the target. By specifying a value of *, the target would have no alias defined.

TargetPortalAddress is the IP or DNS address of the target portal.

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

Target Flags specify flags that modify how the target is managed by the iSCSI initiator service. See below for definitions of target flags.

Persist indicates whether the target should be persisted and available after the service is restarted. By specifying T or t, the target is persisted; otherwise the target is not persisted.

Login Flags is a set of flags that affect behavior of iSCSI login to the target portal. See below for the definitions of the login flags.

Header Digest is non-zero to indicate that the initiator should enable header digest when logging into the target portal. By specifying * for this parameter, the digest is setting is determined by the initiator kernel mode driver.

Data Digest is non-zero to indicate that the initiator should enable data digest when logging into the target portal. By specifying * for this parameter, the digest is setting is determined by the initiator kernel mode driver..

Maximum Connections specifies the maximum number of connections for the discovery session to use when performing the SendTargets operation. By specifying * for this parameter, the kernel mode initiator driver chooses the value for maximum connections.

DefaultTime2Wait is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

DefaultTime2Retain is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

AuthType is the type of authentication to use when logging into the target. See below for definitions of the authentication types.

MappingCount specifies the count of target mappings that the initiator should use to login to the target. Following the mapping count are that number of sets of target LUN, OS Bus, OS target and OS LUN values which comprise the actual mappings.

<Target Lun> is the LUN value the target uses to expose the LUN.

It must be in the form 0x0123456789abcdef

<OS Bus> is the bus number the OS should use to surface the LUN

<OS Target> is the target number the OS should use to surface the LUN

<OS LUN> is the LUN number the OS should use to surface the LUN

QAddTarget <TargetName> <TargetPortalAddress>

This command will manually configure a target and optionally persist that target.

TargetName is the name of the target.

TargetPortalAddress is the IP or DNS address of the target portal.

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

RemoveTarget <TargetName>

This command will remove a target from the list of persisted targets.

TargetName is the name of the target.

Target Portals

These commands handle the management of target portals used for discovery by the iSCSI initiator service.

AddTargetPortal <TargetPortalAddress> <TargetPortalSocket>

<Initiator Instance Name> <Initiator Port Number>

<Security Flags>

<Login Flags> <Header Digest> <Data Digest>

<Maximum Connections> <DefaultTime2Wait>

<DefaultTime2Retain> <Username> <Password> <AuthType>

This command will add a target portal to the list of persisted target portals. The iSCSI initiator service will perform a SendTargets operation to each target portal in the list whenever the service starts and whenever a full refresh of the target list is requested.

TargetPortalAddress is the IP or DNS address of the target portal.

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

Initiator Instance Name is the name of the initiator via which the SendTargets operation is performed. If not specified then the initiator used is selected by the iSCSI initiator service.

Initiator Port Number is the physical port number on the initiator via which the SendTargets operation is performed. If not specified then the kernel mode initiator driver chooses the initiator port used.

Security Flags is a set of flags that describe the type of IPSEC to use when establishing a TCP connection to the target portal. See below for the definitions of the security flags.

Login Flags is a set of flags that affect behavior of iSCSI login to the target portal. See below for the definitions of the login flags.

Header Digest is non-zero to indicate that the initiator should enable header digest when logging into the target portal. By specifying * for this parameter, the digest is setting is determined by the initiator kernel mode driver.

Data Digest is non-zero to indicate that the initiator should enable data digest when logging into the target portal. By specifying * for this parameter, the digest is setting is determined by the initiator kernel mode driver.

Maximum Connections specifies the maximum number of connections for the discovery session to use when performing the SendTargets operation. By specifying * for this parameter, the kernel mode initiator driver chooses the value for maximum connections.

DefaultTime2Wait is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

DefaultTime2Retain is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

AuthType is the type of authentication to use when logging into the target. See below for definitions of the authentication types.

QAddTargetPortal <TargetPortalAddress>

[CHAP Username] [CHAP Password]

This command will add a target portal to the list of persisted target portals. The iSCSI initiator service will perform a SendTargets operation to each target portal in the list whenever the service starts and whenever a full refresh of the target list is requested. If [CHAP Username] and [CHAP Password] are specified then one way CHAP is required.

TargetPortalAddress is the IP or DNS address of the target portal.

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

CHAP Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

CHAP Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

RemoveTargetPortal <TargetPortalAddress> <TargetPortalSocket>

<Initiator Name> <Initiator Port Number>

This command will remove a target portal from the list of persisted target portals. The iSCSI initiator service will perform a SendTargets operation to each target portal in the list whenever the service starts and whenever a full refresh of the target list is requested. Note that the command does not purge the targets discovered via this target portal from the list of targets maintained by the service.

TargetPortalAddress is the IP or DNS address of the target portal

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

Initiator Name is the name of the initiator via which the SendTargets operation is performed. If not specified then the initiator used is selected by the iSCSI initiator service.

Initiator Port Number is the physical port number on the initiator via which the SendTargets operation is performed. If not specified then the kernel mode initiator driver chooses the initiator port used.

RefreshTargetPortal <TargetPortalAddress> <TargetPortalSocket>

<Initiator Name> <Initiator Port Number>

This command will perform a SendTargets operation to the target portal and include the discovered targets into the list of targets maintained by the service. It does not add the target portal to the persistent list.

TargetPortalAddress is the IP or DNS address of the target portal

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

Initiator Name is the name of the initiator via which the SendTargets operation is performed. If not specified then the initiator used is selected by the iSCSI initiator service.

Initiator Port Number is the physical port number on the initiator via which the SendTargets operation is performed. If not specified then the kernel mode initiator driver chooses the initiator port used.

ListTargetPortals

This command will display the list of persisted target portals that the iSCSI initiator service will use for discovery.

iSNS

These commands configure the list of iSNS servers used for discovery purposes by the iSCSI initiator service.

AddiSNSServer <iSNS Server Address>

This command will add the IP address or DNS name of an iSNS server to the list of iSNS servers that the iSCSI initiator service queries to discover targets. The service will then register itself with the iSNS server, also register for SCN (State Change Notification), and query the iSNS server for the list of available targets. The iSNS server address or name is persisted by the service and it will refresh the list of targets from that iSNS server whenever the service starts up and whenever a full refresh of the target list is requested.

RemoveiSNSServer <iSNS Server Address>

This command will remove the IP address or DNS name of the iSNS server from the persisted list of iSNS servers that the iSCSI initiator service maintains for discovery purposes. Note that the command does not purge the targets discovered via this iSNS server from the list of targets maintained by the service.

RefreshiSNSServer <iSNS Server Address>

This command will refresh the list of targets discovered from the specified iSNS server. The iSNS server IP address or DNS name is not persisted and the iSCSI initiator service does not verify whether the iSNS server address or name had previously been persisted or not.

ListiSNSServers

This routine will display the list of iSNS server addresses that are persisted by the iSCSI Initiator service.

Target Operations

TargetInfo <TargetName> [Discovery Mechanism]

This command will return information about the target specified by TargetName. The iSCSI initiator service maintains a separate set of information about every target organized by each mechanism by which it was discovered. This means that each instance of a target can have different information such as target portal groups. Discovery Mechanism is an optional parameter and if not specified then only the list of discovery mechanisms for the target are displayed. If Discovery Mechanism is specified then information about the target instance discovered by that mechanism is displayed.

LoginTarget <TargetName> <ReportToPNP>

<TargetPortalAddress> <TargetPortalSocket>

<Initiator Instance Name> <Port number> <Security Flags>

<Login Flags> <Header Digest> <Data Digest>

<Max Connections> <DefaultTime2Wait>

<DefaultTime2Retain> <Username> <Password> <AuthType> <Key>

<Mapping Count> <Target Lun> <OS Bus> <Os Target>

<OS Lun> ...

This command will login to a target

TargetName is the name of the target.

ReportToPNP is a flag that indicates to the initiator whether or not it should expose the LUN to the port driver so that it can be exposed to the operating system as a storage device. This in turn would enable the volume to be mounted, formatted, and a drive letter assigned, etc. If the value is T or t then the LUN is exposed as a device. If anything else then the LUN is not exposed and the only operations that can be performed to the target are SCSI Inquiry, SCSI Report LUNS and SCSI Read Capacity, and only via the iSCSI discovery service, since the operating system is not aware of the existence of the device.

TargetPortalAddress is the IP or DNS address of the target portal

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

Initiator Instance Name is the name of the initiator via which the login operation is performed. If not specified then the initiator used is selected by the iSCSI initiator service.

Initiator Port Number is the physical port number on the initiator via which the login operation is performed. If not specified then the kernel mode initiator driver chooses the initiator port used.

Security Flags is a set of flags that describe the type of IPSEC to use when establishing a TCP connection to the target portal. See below for the definitions of the security flags.

Login Flags is a set of flags that affect behavior of iSCSI login to the target. See below for the definitions of the login flags.

Header Digest is non-zero to indicate that the initiator should enable header digest when logging into the target portal. By specifying * for this parameter, the digest setting is determined by the initiator kernel mode driver.

Data Digest is non-zero to indicate that the initiator should enable data digest when logging into the target portal. By specifying * for this parameter, the digest setting is determined by the initiator kernel mode driver.

MaximumConnections specifies the maximum number of connections for the discovery session to use when performing the SendTargets operation. By specifying * for this parameter, the kernel mode initiator driver chooses the value for maximum connections.

DefaultTime2Wait is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

DefaultTime2Retain is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

AuthType is the type of authentication to use when logging into the target. See below for definitions of the authentication types.

Key is the IPSEC preshared key to used to establish the TCP connection if IPSEC is needed.

MappingCount specifies the count of target mappings that the initiator should use when logging into the target. Following the mapping count are that number of sets of target LUN, OS Bus, OS target and OS LUN values which comprise the actual mappings. See below for more information on the MappingCount parameters

<Target Lun> is the LUN value the target uses to expose the LUN.

It must be in the form 0x0123456789abcdef

<OS Bus> is the bus number the OS should use to surface the LUN

<OS Target> is the target number the OS should use to surface the LUN

<OS LUN> is the LUN number the OS should use to surface the LUN

QLoginTarget <TargetName> [CHAP Username] [CHAP Password]

This command will login to a target using default values for most parameters. If only <TargetName> is specified then no CHAP authentication is attempted. If both [CHAP Username] and [CHAP Password] are specified then one way CHAP is required for authentication.

TargetName is the name of the target.

CHAP Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

CHAP Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

LogoutTarget <SessionId>

This command will attempt to logout of a target which was logged in via the session specified by SessionId. The iSCSI initiator service will not logout of a session if any devices exposed by it are currently in use. If the command fails then consult the system eventlog for additional information about the component that is using the device.

PersistentLoginTarget <TargetName> <ReportToPNP>

<TargetPortalAddress> <TargetPortalSocket>

<Initiator Instance Name> <Port number> <Security Flags>

<Login Flags> <Header Digest> <Data Digest>

<Max Connections> <DefaultTime2Wait>

<DefaultTime2Retain> <Username> <Password> <AuthType> <Key>

<Mapping Count> <Target Lun> <OS Bus> <Os Target>

<OS Lun> ...

This command will establish a persistent login to a target. A persistent login is the set of information required by an initiator to login to the target each time the initiator device is started, typically at system startup. . This command does not initiate a login to this target until after the system is rebooted. Use the LoginTarget command if this target is needed before rebooting.

TargetName is the name of the target.

ReportToPNP is a flag that indicates to the initiator whether or not it should expose the LUN to the port driver so that it can be exposed to the operating system as a storage device. This in turn would enable the volume to be mounted, formatted, and a drive letter assigned, etc. If the value is T or t then the LUN is exposed as a device. If anything else then the LUN is not exposed and the only operations that can be performed to the target are SCSI Inquiry, SCSI Report LUNS and SCSI Read Capacity, and only via the iSCSI discovery service, since the operating system is not aware of the existence of the device.

TargetPortalAddress is the IP or DNS address of the target portal

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

Initiator Instance Name is the name of the initiator via which the login operation is performed. If not specified then the initiator used is selected by the iSCSI initiator service.

Initiator Port Number is the physical port number on the initiator via which the login operation is performed. If not specified then the kernel mode initiator driver chooses the initiator port used.

Security Flags is a set of flags that describe the type of IPSEC to use when establishing a TCP connection to the target portal. See below for the definitions of the security flags.

Login Flags is a set of flags that affect behavior of iSCSI login to the target. See below for the definitions of the login flags.

Header Digest is non-zero to indicate that the initiator should enable header digest when logging into the target portal. By specifying * for this parameter, the digest setting is determined by the initiator kernel mode driver.

Data Digest is non-zero to indicate that the initiator should enable data digest when logging into the target portal. By specifying * for this parameter, the digest setting is determined by the initiator kernel mode driver.

MaximumConnections specifies the maximum number of connections for the discovery session to use when performing the SendTargets operation. By specifying * for this parameter, the kernel mode initiator driver chooses the value for maximum connections.

DefaultTime2Wait is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses its own value.

DefaultTime2Retain is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses its own value.

Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

AuthType is the type of authentication to use when logging into the target. See below for definitions of the authentication types.

Key is the IPSEC preshared key to used to establish the TCP connection if IPSEC is needed.

MappingCount specifies the count of target mappings that the initiator should use when logging into the target. Following the mapping count are that number of sets of target LUN, OS Bus, OS target and OS LUN values which comprise the actual mappings. See below for more information on the MappingCount parameters

<Target Lun> is the LUN value the target uses to expose the LUN.

It must be in the form 0x0123456789abcdef

<OS Bus> is the bus number the OS should use to surface the LUN

<OS Target> is the target number the OS should use to surface the LUN

<OS LUN> is the LUN number the OS should use to surface the LUN

ListPersistentTargets

This command will display the list of persistent targets configured for all initiators.

RemovePersistentTarget <Initiator Name> <TargetName>

<Initiator Port Number>

<Target Portal Address>

<Target Portal Socket>

This command will remove a target from the list of persistent targets.

Initiator Name is the name of the initiator that is configured to persistently login to the target.

TargetName is the name of the target.

Initiator Port Number is the physical port number on the initiator via which the SendTargets operation is performed. If not specified then the kernel mode initiator driver chooses the initiator port used.

TargetPortalAddress is the IP or DNS address of the target portal

TargetPortalSocket is the TCP port number of the target portal. Typically this is 3260, which is the well-known port number defined for use by iSCSI.

AddConnection <SessionId> <Initiator Instance Name>

<Initiator Port Number> <Target Portal Address>

<Target Portal Socket> <Security Flags>

<Login Flags> <Header Digest> <Data Digest>

<Max Connections> <DefaultTime2Wait>

<DefaultTime2Retain> <Username> <Password> <AuthType> <Key>

This command will add a connection to an existing session. Note that the Microsoft iSCSI software initiator kernel mode driver does not support adding a connection to a session.

SessionId is the identifier that represents an active session to a target

Initiator Instance Name is the name of the initiator via which the add connection operation is performed. If not specified then the initiator used is selected by the iSCSI initiator service.

Initiator Port Number is the physical port number on the initiator via which the add connection operation is performed. If not specified then the kernel mode initiator driver chooses the initiator port used.

TargetPortalAddress is the IP address or DNS name of the target portal.

TargetPortalSocket is the TCP socket or port number of the target portal. Typically this is 3260.

Security Flags is a set of flags that describe the type of IPSEC to use when establishing a TCP connection to the target portal. See below for the definitions of the security flags.

Login Flags is a set of flags that affect behavior of iSCSI login to the target. See below for the definitions of the login flags.

Header Digest is non-zero to indicate that the initiator should enable header digest when logging into the target portal. By specifying * for this parameter, the digest setting is determined by the initiator kernel mode driver.

Data Digest is non-zero to indicate that the initiator should enable data digest when logging into the target portal. By specifying * for this parameter, the digest setting is determined by the initiator kernel mode driver.

MaximumConnections specifies the maximum number of connections for the discovery session to use when performing the SendTargets operation. By specifying * for this parameter, the kernel mode initiator driver chooses the value for maximum connections.

DefaultTime2Wait is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

DefaultTime2Retain is the value that the initiator should use to negotiate when logging into the target. By specifying * for this parameter, the kernel mode initiator driver chooses a value.

Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

AuthType is the type of authentication to use when logging into the target. See below for definitions of the authentication types.

Key is the IPSEC preshared key to used to establish the TCP connection if IPSEC is needed.

QAddConnection <SessionId> <Initiator Instance Name>

<Target Portal Address>

[CHAP Username] [CHAP Password]

This command will add a connection to an existing session. If [CHAP Username] and [CHAP Password] are specified then one way CHAP is required. Note that the Microsoft iSCSI software initiator kernel mode driver does not support adding a connection to a session.

SessionId is the identifier that represents an active session to a target

Initiator Instance Name is the name of the initiator via which the add connection operation is performed. If not specified then the initiator used is selected by the iSCSI initiator service.

TargetPortalAddress is the IP address or DNS name of the target portal.

TargetPortalSocket is the TCP socket or port number of the target portal. Typically this is 3260.

CHAP Username is the string that should be used as the CHAP username when logging into the target. By specifying * for this parameter, the iSCSI initiator service will use the initiator node name as the CHAP username.

CHAP Password is the string that should be used as the target’s CHAP secret when logging into the target. The initiator will use this secret to compute a hash value based on the challenge sent by the target.

RemoveConnection <SessionId> <ConnectionId>

This command will remove the connection represented by ConnectionId from the session represented by SessionId. Note that the last connection cannot be removed from a session; the session should be logged out instead.

SCSI Commands

These commands perform SCSI operations and report SCSI information

ScsiInquiry <SessionId> <LUN> <EvpdCmddt> <PageCode> [Length]

This command sends a SCSI INQUIRY command to a LUN on a target.

SessionId is the identifier that represents an active session to a target.

LUN is the Target LUN number to which the INQUIRY is sent.

EvpdCmddt is the parameter to use for the INQUIRY command.

PageCode is the page code to specify for the INQUIRY command.

Length is the allocation length to specify for the INQUIRY command. This parameter is optional. Default value is 0xFF. Maximum value is 8KB.

ReadCapacity <SessionId> <LUN>

This command will send a SCSI READ CAPACITY command to a LUN on a target.

SessionId is the identifier that represents an active session to a target.

LUN is the Target LUN number to which the READ CAPACITY is sent.

ReportLUNs <SessionId>

This command will send a SCSI REPORT LUNS command to a target.

SessionId is the identifier that represents a session to a target.

ReportTargetMappings

This command will display the set of target mappings assigned to all of the LUNs that all of the initiators have logged in to.

IPSEC Commands

TunnelAddr <Initiator Name> <InitiatorPort> <Destination Address>

<Tunnel Address> <Persist>

This command establishes a tunnel mode outer address that is used for tunnel mode IPSEC operations.

Initiator Name is the name of the initiator for which the tunnel mode outer address is configured. If * is specified as the value for this parameter then all initiators are configured with this address.

Initiator Port Number is the physical port number on the initiator for which the tunnel mode outer address is configured. If * is specified as the value for this parameter then all ports are configured with this address.

Destination Address is the destination IP address to associate with the tunnel address.

Tunnel Address is the tunnel IP address to associate with the destination address

Persist is a flag that indicates whether or not to persist the configuration of the tunnel mode address. If this parameter is T or t then the address is persisted.

GroupKey <Key> <Persist>

This command establishes a group preshared key which is the preshared key to use for IPSEC negotiation when a specific preshared key is not available.

Key is the group preshared key

Persist is a flag that indicates whether or not to persist the configuration of the group preshared key. If this parameter is T or t then the key is persisted.

PSKey <Initiator Name> <initiator Port> <Security Flags>

<Id Type> <Id> <Key> <persist>

This command establishes a preshared key to be associated with a specific IKE payload ID.

Initiator Name is the name of the initiator for which the tunnel mode outer address is configured. If * is specified as the value for this parameter then all initiators are configured with this address.

Initiator Port Number is the physical port number on the initiator for which the tunnel mode outer address is configured. If * is specified as the value for this parameter then all ports are configured with this address.

Security Flags is a set of flags that describe the type of IPSEC to use when establishing a TCP connection to the target portal. See below for the definitions of the security flags.

IdType is the type of IKE ID payload. It can be a fully qualified domain name (2) or an IP version 4 address (1).

Id is the IKE ID payload.

Key is the preshared key.

Persist is a flag that indicates whether or not to persist the configuration of the tunnel mode address. If this parameter is T or t then the address is persisted.

Volume Binding Commands

BindPersistentVolumes

BindPersistentDevices

This command will cause the iSCSI Initiator service to determine which disk volumes are currently exposed by the active iSCSI sessions for all initiators and then persist that list. The next time the iSCSI Initiator service starts it will wait for all of those volumes to be mounted (or a timeout occurs) before completing its service startup. If there is a service configured to automatically start at system startup that depends upon data on an iSCSI disk volume, then this command should be performed and the service be made dependent upon the MSiSCSI service.

ReportPersistentDevices

This command will display the list of volumes and devices that are currently persistently bound by the iSCSI initiator. If a volume in the list is currently mounted then the drive letter and mount point is shown. If not mounted then the device interface name is shown. For a device the device interface name is shown.

AddPersistentDevice <Device or Volume Path>

This command will add a new volume or to the list of persistently bound volumes.

<Device or Volume Path> is the drive letter or mount point for the volume to persistently bind or the device interface name for a device. If the volume or device is already bound or the volume or device is not composed of devices exposed by iSCSI then an error is returned.

RemovePersistentDevice <Device or Volume Path>

This command will remove a volume or device from the list of persistently bound volumes and devices.

<Device or Volume Path> is the drive letter or mount point for the volume to persistently bind or the device interface name for a device.

ClearPersistentDevices

This command will remove all volumes from the list of persistently bound volumes.

Miscellaneous Commands

ListInitiators

This command will display the list of initiator instance names that are running and operating with the iSCSI initiator service.

NodeName <node name>

This command allows the default iSCSI node name for the initiator to be changed. Node Name specifies the new node name. Note that the format of the new node name is not verified to be a valid iqn or eui name. If * is specified for Node Name then the node name reverts to the default node name that is generated by the service based on the computer name.

SessionList

This command displays the list of active sessions for all initiators. Note that a session that has no connections is not connected to the target and is in a retry state.

CHAPSecret <CHAP secret>

This command specifies the initiator CHAP secret used for mutual CHAP authentication when the initiator authenticates the target. If the parameter specified is *, then an empty initiator CHAP secret is set. If the parameter starts with 0x then the secret is assumed to be a hex string.

VersionInfo

This command will display the file version for all of the files that compose the iSCSI initiator package.

Mappings Values

A number of commands can specify a set of mappings. If no mappings are to be specified then the Mapping Count should be 0 with no further parameters. If Mapping Count is not zero then a set of 4 mapping parameters for each mapping is expected to follow the mapping count. The mapping parameters are:

Target LUN is the LUN number at the target

OS Bus is the bus number on the initiator to assign to the LUN. All mappings in a single command must specify the same OS Bus value.

OS Target is the target number on the initiator to assign to the LUN. All mappings in a single command must specify the same OS Target value.

OS LUN is the LUN number on the initiator to assign to the LUN. All mappings in a single command must specify different OS LUN values.

Target Flag Values

ISCSI_TARGET_FLAG_HIDE_STATIC_TARGET 0x00000002

If this flag is set then the manually configured target is not reported unless the target is discovered by another mechanism.

ISCSI_TARGET_FLAG_MERGE_TARGET_INFORMATION 0x00000004

If this flag is set then the target information passed will be merged with any target information already statically configured for the target

Security Flags Values

Security Flags specify the IPSEC information to use when the initiator establishes a TCP connection to the target. These flags are identical to the definitions for the iSNS Security Bitmap. By specifying * for this parameter, the value used is 0. Otherwise, the value specified should be a combination of one or more of the values for these flags.

Tunnel Mode Preferred 0x00000040

Transport Mode Preferred 0x00000020

PFS (Perfect Forward Secrecy) Enable 0x00000010

Negotiate via Aggressive Mode 0x00000008

Negotiate via Main mode 0x00000004

IPSEC/IKE Enabled 0x00000002

Valid Flags 0x00000001

Login Flags Values

Login Flags specify information about how the iSCSI Initiator service should login to the target. By specifying * for this parameter, the value used is 0. Otherwise, the value specified should be a combination of one or more of the values for these flags.

ISCSI_LOGIN_FLAG_REQUIRE_IPSEC 0x00000001

If this flag is specified then the iSCSI initiator service will not allow a connection to the target unless that connection is protected via IPSEC.

ISCSI_LOGIN_FLAG_MULTIPATH_ENABLED 0x00000002

If this flag is set then the iSCSI Initiator service will not validate whether there is already an active session to the target being logged into. Without this flag the iSCSI initiator service will not allow more than one session to be logged in or attempting to login to a target at one time.

Authentication Types Values

The Authentication Types specify what type of authentication to perform when logging into a target.

ISCSI_NO_AUTH_TYPE 0

If this value is used then no authentication is performed.

ISCSI_CHAP_AUTH_TYPE 1

If this value is used then one-way CHAP is performed (target authenticates initiator). The target CHAP secret must be specified.

ISCSI_MUTUAL_CHAP_AUTH_TYPE 2

If this value is used then mutual CHAP is performed (target authenticates initiator and initiator authenticates target). The target CHAP secret must be specified and the initiator CHAP secret must also have been set.

For More Information, see our User's Guide:

http://www.microsoft.com/downloads/details.aspx?FamilyID=12cb3c1a-15d6-4585-b385-befd1319f825&DisplayLang=en

 

Suzanne Morgan
Microsoft Corporation
Senior Program Manager Lead - Storage Networking Interconnects, iSCSI, FC, MPIO, Core Storage
Windows Core OS Division