Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »


Product Name

CIS-CAT Pro Assessor

Product Version

All

Date



Problem

Even after reviewing this Knowledge Base article on assessing an ESXi Benchmark , CIS-CAT Pro Assessor v4 cannot connect to your ESXi host.

Solution

Review the ‘assessor-cli.log’ which was produced after following these steps for CIS-CAT Pro Assessor v4: Diagnostic / debug information to troubleshoot CIS-CAT PRO Assessor v4 issues

or these for CIS-CAT Pro Assessor v3: Diagnostic / debug information to troubleshoot CIS-CAT PRO Assessor v3 issues

Search for errors such as these VIServer errors:

14/10/2020 16:28:40.466 INFO org.cisecurity.powershell.impl.LocalPowershell - Response: Connect-VIServer : 
10/14/2020 4:28:39 PM Connect-VIServer Error: Invalid server certificate.

or these again regarding VI errors

+ CategoryInfo          : ObjectNotFound: (:) [Connect-VIServer], ViServerConnectionException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_NameResolutionFailure,VMware.VimAutomation.Vi 
   Core.Cmdlets.Commands.ConnectVIServer

or these, server certificate is not configured properly errors

20/10/2020 19:43:10.507 INFO org.cisecurity.powershell.impl.LocalPowershell - Response:
Connect-VIServer : 
2020-10-20 19:43:09	Connect-VIServer An error occurred while making the HTTP request to 
https://192.168.101.46/sdk. This could be due to the fact that the server certificate is not configured properly with 
HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the 
server.	

Use Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect once or to add a permanent exception for this server.

Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority '192.168.234.33'.

Remediation: The certificate must be ignored for the assessment to execute. In Powershell, execute the following command:

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

Setting this option to “Ignore” should be reviewed against organizational policies.


Copyright © 2020

Center for Internet Security®


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.