Console-to-Engine Communication Failed (AzureVM Scan Engine)

tvogt · May 4, 2022, 12:50pm

Hey everyone,

I spawned a AzureVM according
Azure Scan Engines | InsightVM Documentation (rapid7.com)
and want to use the Standard Console to Engine sync.
https://docs.rapid7.com/insightvm/scan-engine-communication-methods#standard-console-to-engine

Does someone have an idea, why I’m getting this error?
2022-05-04T11:51:10 [INFO] [Thread: NSEManager] Accepted console connection from XX.XX.XX.XX:60048->YY.YY.YY.YY:40814
2022-05-04T11:51:10 [INFO] [Thread: NSC @ XX.XX.XX.XX:60048->YY.YY.YY.YY:40814] Console connection XX.XX.XX.XX:60048 encrypted using NONE with SSL_NULL_WITH_NULL_NULL
2022-05-04T11:51:10 [WARN] [Thread: NSC @ XX.XX.XX.XX:60048->YY.YY.YY.YY:40814] Failure while communicating with the console XX.XX.XX.XX:60048.
java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.rapid7.net.SSLSocket.getRemoteCertificate(Unknown Source) ~[r7shared.jar:na]
at com.rapid7.nexpose.nse.NSEManager$NSEConnection.initConnection(Unknown Source) [nse.jar:na]
at com.rapid7.nexpose.nse.NSEManager$NSEConnection.run(Unknown Source) [nse.jar:na]
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:496) ~[na:1.8.0_252]
… 3 common frames omitted

After the failed sync, also no console.xml is created at the AzureUbuntuRapid7VM.

Greetings

llannamal · November 22, 2022, 3:30am

were you able to resolve this ? I have set up the azure scan engine with inbound rules using gateway address for my scan console (my scan console has a 10.x.x.x address). I do see a traffic allowed entry when I try to define my scan engine in the admin page of the Security console. But the consoles.xml does not get created in my azure scan engine and I get a java.net.SocketTimeoutException in the nsc.log

ssd308388 · March 1, 2023, 9:49am

Has someone found the solution to this issue please ???

john_hartman · March 1, 2023, 1:47pm

The java error basically means there’s still a connection issue e.g. something blocking the traffic. I would do a traceroute from the console to the engine to see what all hops it needs to take to get to that scan engine and find out where the traffic is being dropped. It could be the local firewall on the scan engine, any firewall between, or something in Azure not letting the traffic out.