Product Name
CIS-CAT Pro Assessor
Product Version
All
Date
Problem
If CCPA V4 cannot connect to your ESXi host
Review the ‘assessor-cli.log’ for errors such as these VIServer errors:
14/10/2020 16:28:40.466 INFO org.cisecurity.powershell.impl.LocalPowershell - Response: Connect-VIServer : 10/14/2020 4:28:39 PM Connect-VIServer Error: Invalid server certificate.
or these again regarding VI errors
+ CategoryInfo : ObjectNotFound: (:) [Connect-VIServer], ViServerConnectionException + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_NameResolutionFailure,VMware.VimAutomation.Vi Core.Cmdlets.Commands.ConnectVIServer
or these, server certificate is not configured properly
20/10/2020 19:43:10.507 INFO org.cisecurity.powershell.impl.LocalPowershell - Response: Connect-VIServer : 2020-10-20 19:43:09 Connect-VIServer An error occurred while making the HTTP request to https://192.168.101.46/sdk. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.
Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority '192.168.234.33'.
Remediation: the certificate must be ignored for the assessment to execute. In Powershell, execute the following command:
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
Setting this option to “Ignore” should be reviewed against organizational policies.)
Solution
Describe how someone would solve the problem in a short step guide
simple self contained steps
add illustrations as needed
stick to 3-5 steps
Highlight important information
Add Comment