Getting Unknown Results on ESXi Assessment

Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date

Nov 20, 2024

Problem

My ESXi assessment completes, but with a lot of unknowns. How can I fix this?

Solution

This is caused by the requirements not being met for an ESXi scan or PowerCLI not being detected on the system. First, make sure the below requirements have been met:

PowerShell installed
- VMware.VimAutomation.Core module required as cmdlets for managing vSphere are needed
  - In the assessor-cli.log, search for Warning: VMware.VimAutomation.Core might not be imported, please check . If there is an occurrence, VMware.VimAutomation.Core module needs to be installed.
- LanguageMode not configured to ConstrainedLanguage
PowerCLI 6.5.1+ installed
Assessed machine is a Microsoft Windows OS

If the above requirements have been met and the issue is still present, the next step is to confirm the hasPowerCLI.ps1 script can be successfully run. The PowerShell Execution policy can prevent the hasPowerCLI.ps1 from running do to it being unsigned. To work around this follow the below steps:

Unzip the Assessor/scripts/scripts.zip file.
Run the command below to change the Execution Policy setting for the current PowerShell session:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

If this error occurs, the Execution Policy needs to be changed at the GPO level:

After successfully setting the PowerShell Execution Policy to allow unsigned scripts, run the hasPowerCLI.ps1 script found in unzipped Assessor/scripts folder. It should return output similar to the below:
Once the hasPowerCLI.ps1 script can be executed, re-run the assessment.

The guides below may be helpful in improving the assessment results:

How to use CIS-CAT Pro Assessor v4 to assess VMWare ESXi

ESXi Certificate issues

Keywords; ESXi unknown

Content by Label

Page:

Feature Enhancement Requests for CIS Products

Center for Internet Security®

Privacy Policy