Why are workstations trying to access file server port 445 on the isolated iSCSI subnet?

Question

I have iSCSI set up on an isolated set of switches in MPIO config. The file server VM uses all 4 ports on the host. 2 for iSCSI MPIO each plugged into a physically isolated switch that only has the NAS connected, and 2 bonded for LAN plugged into the server subnet switch. We have a layer 3 core switch. The firewall is ending up with traffic from all the workstations looking for the file server on the iSCSI subnet via port 445 and drops them. The workstations shouldn't even know those subnets exist let alone try to connect to hosts on them. What did I do wrong in my configuration? The iscsi ethernet ports are configured with IP and mask only, no gateway or DNS. The interfaces are configured to not register with DNS. There are no DNS entries with those IP addresses.

• Server: 10.0.0.x
• Workstation: 10.0.3.x
• iSCSI: 10.0.1.x; 10.0.2.x (physically isolated)

Answer 1

In adapter properties I removed Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks as well as IPv6. Even though the network was isolated, the file sharing service must have been sharing those IPs to clients for some reason. After making this change, there are no more dropped packets at the firewall and those services were not needed for the isolated iSCSI network.

Answer 2

The server has registered the IP addresses of the iSCSI interfaces with DNS. On the adapter properties for the iSCSI interfaces, turn that off and delete the entries from DNS.