Troubleshooting Unauthenticated Scan Issue with Tenable Integration in vCenter Server
search cancel

Troubleshooting Unauthenticated Scan Issue with Tenable Integration in vCenter Server

book

Article ID: 388247

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Tenable's scan of an ESXi host under vCenter Server management indicates a "No" for credential check. This signifies an unauthenticated scan, meaning the scan is performed without verified credentials.

Environment

VMware vCenter Server 6.x
VMware vCenter Server 7.x
VMware vCenter Server 8.x

Cause

When Tenable runs a scan on an ESXi host managed by vCenter Server, the scan report indicates an unauthenticated scan because the Credential Check status is marked as "No."

This issue occurs because vCenter is attempting to query the AD account/user on the LocalOS, which is set as the default in the Identity Provider. Since the account is not part of the local domain, vCenter identifies it as an invalid user, causing the scan report to show the Credential Check as "No."



In /var/log/vmware/sso/vmware-identity-sts.log

YYYY-MM-DDTHH:MM:SS INFO sts[71:tomcat-http--37] [CorId=########-####-####-####-############] [com.vmware.identity.interop.ossam.LinuxNativeAuthDbAdapter] Authenticating user [username]
YYYY-MM-DDTHH:MM:SS ERROR sts[71:tomcat-http--37] [CorId=########-####-####-####-############] [com.vmware.identity.idm.server.IdentityManager] Failed to authenticate principal [username] for tenant [domain.local]
javax.security.auth.login.LoginException: User not found
        at com.vmware.identity.idm.server.provider.localos.LocalOsIdentityProvider.authenticate(LocalOsIdentityProvider.java:143) ~[vmware-identity-idm-server-7.0.0.jar:?]
        at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:3121) [vmware-identity-idm-server-7.0.0.jar:?]
        at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:10236) [vmware-identity-idm-server-7.0.0.jar:?]
        at com.vmware.identity.idm.client.CasIdmClient.authenticate(CasIdmClient.java:1302) [vmware-identity-idm-client-7.0.0.jar:?]
        at com.vmware.identity.sts.idm.impl.AuthenticatorImpl.authenticate(AuthenticatorImpl.java:91) [sts-7.0.0.jar:?]
        at com.vmware.identity.sts.auth.impl.UNTAuthenticator.authenticate(UNTAuthenticator.java:89) [sts-7.0.0.jar:?]
        at com.vmware.identity.sts.auth.impl.CompositeAuthenticator.authenticate(CompositeAuthenticator.java:54) [sts-7.0.0.jar:?]
        at com.vmware.identity.sts.auth.impl.CompositeAuthenticatorPerformanceDecorator$1.call(CompositeAuthenticatorPerformanceDecorator.java:68) [sts-7.0.0.jar:?]
        at com.vmware.identity.sts.auth.impl.CompositeAuthenticatorPerformanceDecorator$1.call(CompositeAuthenticatorPerformanceDecorator.java:65) [sts-7.0.0.jar:?]
        at com.vmware.identity.performanceSupport.PerformanceDecorator.exec(PerformanceDecorator.java:54) [vmware-identity-idm-interface-7.0.0.jar:?]
        at com.vmware.identity.sts.auth.impl.CompositeAuthenticatorPerformanceDecorator.authenticate(CompositeAuthenticatorPerformanceDecorator.java:65) [sts-7.0.0.jar:?]


YYYY-MM-DDTHH:MM:SS ERROR sts[71:tomcat-http--37] [CorId=########-####-####-####-############] [com.vmware.identity.idm.server.IdentityManager] Failed to checkUserAccountFlags principal [username] for tenant [domain.local]
YYYY-MM-DDTHH:MM:SS INFO sts[71:tomcat-http--37] [CorId=########-####-####-####-############] [com.vmware.identity.diagnostics.VmEventAppender] EventLog: source=[VMware Identity Server], tenant=[domain.local], eventid=[USER_NAME_PWD_AUTH_FAILED], level=[ERROR], category=[VMEVENT_CATEGORY_STS], text=[Failed to authenticate principal [username]. User not found], detailText=[User not found], corelationId=[########-####-####-####-############], timestamp=[1738770741356]
YYYY-MM-DDTHH:MM:SS ERROR sts[71:tomcat-http--37] [CorId=########-####-####-####-############] [com.vmware.identity.idm.server.IdentityManager] Failed to authenticate principal [username]. User not found
javax.security.auth.login.LoginException: User not found
        at com.vmware.identity.idm.server.provider.localos.LocalOsIdentityProvider.authenticate(LocalOsIdentityProvider.java:143) ~[vmware-identity-idm-server-7.0.0.jar:?]

Resolution

Set the Identity Provider (IWA, LDAP or LDAPs) to "Set as Default" to resolve this issue