Cannot connect to ESXi Target for Assessment
- Amanda McGown
- Nick Romanzo
- Allan Cornwell
- Chris Boldiston
Product Name
CIS-CAT Pro Assessor
Product Version
v4+
Date
Sep 15, 2021
Ā
Problem
I am trying to run an assessment on a ESXi Host - we are able to connect to the ESXi host and testing the connection works. However, we are not able to continue with the assessment thereafter. Error received is as follows: "An error occurred creating the session for xxx@x.x.x.x:22. Ensure all session configuration information is correct."
Ā
Solution
The connection string CIS uses for ESXi Assessments is validated as anĀ anyURI. This is likely why the connection will work when Testing the Connection via the GUI, but fails to execute the actual scan. The reason for this may come down to the Password being used into ESXi string. This is the example provided in the VMware ESXi Assessment | CIS-CAT Pro Assessor v4 User Guide root/qu3rty@192.168.41.60
Ā anyURIĀ has the following rules about it:
Invalid values forĀ anyURIĀ examples:
http://datypic.com#frag1#frag2 -Ā too manyĀ
#Ā charactershttp://datypic.com#f% -
ragĀ -Ā Ā%Ā character followed by something other than two hexadecimal digits
The above and more can be found at:Ā XML Schema 1.0 xsd:anyURI - Complete documentation and samples
Ensure the account has read-access to the ESXi host web UI.
If using root account, ensure the "root" account username for the ESXi host web UI exists and was not renamed.
When connecting to the host using the CIS-CAT GUI, you do not need to encapsulate special/reserved characters if they exist in the password that you are using to authenticate; however, when you use the CLI to connect, you do need to encapsulate reserved characters in double quotes
Ā
At this time we are reviewing if it is possible to circumvent these password limitations.
Keywords;
Content by Label
Ā