I am setting up a new vSphere environment using 6.7. I have built the first ESX server and need to connect to an NFS mount to use as a datastore. The NFS share is on a NetApp running in Cluster mode, 9.1. We have an existing vSphere 6.0 environment that someone else set up that also uses the same NetApp for NFS datastores.
I created a new volume in the netapp, created a new export policy, added a
rule to the export policy that allows the client IP (the ESX in this case),
Unix style permissions, gives it read/write and superuser access. I have
checked the existing export policy for vCenter and it appears the same. From
the ESX command line, I can ping the netapp NFS interface (vmkping
192.168.X.X, zero packet loss). When I try to create the NFS share, it
fails saying "The NFS server has denied access".
From the NetApp command line, I tried the following
check-access -vserver -volume -client-ip
192.168.X.X -auth none -proto nfs3 -access-type read-write
This says access denied, but when I check a known working export, it also
says denied. Changing the auth type to "sys" shows policies that allow the proper access. I can find no way to change the auth type on the ESX side.
Also from the NetApp, I tried pinging to the ESX, but that does not respond. I turned the firewall off on the esx, but it still does not respond. I can ping from the netapp to other known working nfs IPs.
I've been reading through lots of things but cannot seem to find a solution or further troubleshooting.
Any assistance would be appreciated.
Best Answer
Fixed the problem. The problem was that when I created the vmkernel port, the IP Storage service is not listed, so I tried the Provisioning IP stack. That didn't work because it's not correct. So the ESXi sent the NFS request on the management interface instead of the vmkernel I designated for NFS and something in the network actually routed it. So the NetApp saw the request from a different IP than the export allowed.
So for ESX 6.7, the correct way to set up a vmkernel port is to put it on a standard switch separate from management (I did this part correct initially) and set the vmkernel port to the Default TCP/IP stack and do not select any services.