Security Console not authorized to access scan

Hi guys,

Having some strange authorization issue between Security Console and one scan engine.
What happens is if i try pausing / stopping a scan running on this scan engine, i get an scan engine not available error in the console.

But checking the logs, i see in the nsc.log
2021-09-28T09:46:04 [WARN] [Thread: http-nio-3780-exec-8=/data/scan/1216/engines] Encountered an internal server error.
java.lang.RuntimeException: CN=Rapid7 Security Console, O=Rapid7 is not authorized to access scan 2.
at com.rapid7.nexpose.nsc.NSEConnection.checkResponseCode(Unknown Source) ~[nsc.jar:na]
at com.rapid7.nexpose.nsc.NSEConnection.scanStatistics(Unknown Source) ~[nsc.jar:na]
at com.rapid7.nexpose.nsc.NSEScanManager.getEngineScanStatistics(Unknown Source) ~[nsc.jar:na]
at com.rapid7.nexpose.nsc.engine.EngineInfoService.getScanStatisticsForEngine(Unknown Source) ~[nsc.jar:na]

And corresponding log on scan engine side, nse.log
2021-09-28T09:46:04 [ERROR] [Thread: NSC @ xx.xx.xx.xx:34438->xx.xx.xx.xx:40814] Error encountered during remote operation
java.lang.RuntimeException: CN=Rapid7 Security Console, O=Rapid7 is not authorized to access scan 2.
at com.rapid7.nexpose.nse.NSEManager$NSEConnection.verifyScanAuthorization(Unknown Source) [nse.jar:na]
at com.rapid7.nexpose.nse.NSEManager$NSEConnection.doScanStatistics(Unknown Source) [nse.jar:na]
at com.rapid7.nexpose.nse.NSEManager$NSEConnection.handleRequest(Unknown Source) [nse.jar:na]
at com.rapid7.nexpose.nse.NSEManager$NSEConnection.run(Unknown Source) [nse.jar:na]
2021-09-28T09:46:04 [ERROR] [Thread: NSC @ 10.207.4.4:34438->10.207.4.7:40814] NSC FAILURE => CN=Rapid7 Security Console, O=Rapid7 is not authorized to access scan 2.

Oh, and the Security Console and scanning engine are running on different VMs

Not sure what to make of these.
Any idea?

Many thanks,
Bogdan

Hey Bogdan! Have you had successful scans with this particular scan engine in the past? My first thought whether the scan engine and the console are properly paired. We’ve got some instructions here on pairing console to engine, and there’s a part where you have to modify the consoles.xml file that’s generated to properly configure/enable the engine.

If that all looks good, I’d recommend opening a case with our Support team here: https://r7support.force.com/ They can dig deeper into your logs + environment in a secure manner and help figure out what’s going on with this scan engine.