Product Name
CIS-CAT Pro Assessor
Product Version
All
Date
Problem
Even after reviewing this Knowledge Base article on assessing an ESXi Benchmark , CIS-CAT Pro Assessor v4 cannot connect to your ESXi host.
Solution
Review the ‘assessor-cli.log’ which was produced after following these steps for CIS-CAT Pro Assessor v4: Diagnostic / debug information to troubleshoot CIS-CAT PRO Assessor v4 issues
or these for CIS-CAT Pro Assessor v3: Diagnostic / debug information to troubleshoot CIS-CAT PRO Assessor v3 issues
Search for errors such as these VIServer errors:
14/10/2020 16:28:40.466 INFO org.cisecurity.powershell.impl.LocalPowershell - Response: Connect-VIServer : 10/14/2020 4:28:39 PM Connect-VIServer Error: Invalid server certificate.
or these again regarding VI errors
+ CategoryInfo : ObjectNotFound: (:) [Connect-VIServer], ViServerConnectionException + FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_NameResolutionFailure,VMware.VimAutomation.Vi Core.Cmdlets.Commands.ConnectVIServer
or these, server certificate is not configured properly errors
20/10/2020 19:43:10.507 INFO org.cisecurity.powershell.impl.LocalPowershell - Response: Connect-VIServer : 2020-10-20 19:43:09 Connect-VIServer An error occurred while making the HTTP request to https://192.168.101.46/sdk. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
Use Set-PowerCLIConfiguration
to set the value for the InvalidCertificateAction
option to Prompt if you'd like to connect once or to add a permanent exception for this server.
Additional Information: Could not establish trust relationship for the SSL/TLS secure channel with authority '192.168.234.33'.
Remediation: The certificate must be ignored for the assessment to execute. In Powershell, execute the following command:
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
Setting this option to “Ignore” should be reviewed against organizational policies.
0 Comments