/
Cannot connect to ESXi Target for Assessment

Cannot connect to ESXi Target for Assessment


Product Name

CIS-CAT Pro Assessor

Product Version

v4+

Date

Sep 15, 2021



Ā 

Problem

I am trying to run an assessment on a ESXi Host - we are able to connect to the ESXi host and testing the connection works. However, we are not able to continue with the assessment thereafter. Error received is as follows: "An error occurred creating the session for xxx@x.x.x.x:22. Ensure all session configuration information is correct."

Ā 

Solution

The connection string CIS uses for ESXi Assessments is validated as anĀ anyURI. This is likely why the connection will work when Testing the Connection via the GUI, but fails to execute the actual scan. The reason for this may come down to the Password being used into ESXi string. This is the example provided in the VMware ESXi Assessment | CIS-CAT Pro Assessor v4 User Guide root/qu3rty@192.168.41.60

Ā anyURIĀ has the following rules about it:

Invalid values forĀ anyURIĀ examples:

The above and more can be found at:Ā XML Schema 1.0 xsd:anyURI - Complete documentation and samples

Ensure the account has read-access to the ESXi host web UI.

If using root account, ensure the "root" account username for the ESXi host web UI exists and was not renamed.

When connecting to the host using the CIS-CAT GUI, you do not need to encapsulate special/reserved characters if they exist in the password that you are using to authenticate; however, when you use the CLI to connect, you do need to encapsulate reserved characters in double quotes

Ā 

At this time we are reviewing if it is possible to circumvent these password limitations.

Keywords;

Content by Label


Copyright Ā© 2020

Center for Internet SecurityĀ®


Ā 

Related content