• Unable to perform Tenable scanning on ESXi hosts.
• Scanning of ESXi hosts from Tenable fails with the following error message:

"Failed to enumerate VIBs: empty key"

• Tenable performs the following API call below to list the ESXi host components. 

curl -k -X GET -H "vmware-api-session-id:<SESSION ID>" https://<VC FQDN>/api/esx/hosts/host-<HOST NUMBER/software/installed-components

• When running this command manually outside of Tenable the results show an empty list of {}

ESXi 7.0.x

ESXi 8.0.x

This issue occurs due ESXi hosts being installed from Autodeploy in a stateless manner. Auto Deploy is used to install ESXi in memory on the target host. The state information of the ESXi host is managed by Auto Deploy. 

The ESXi hosts must be installed in a stateful manner via vLCM in order for the ESXi hosts to be scanned successfully. When a host is installed in a stateful manner and booted for the first time the installation is written to local host storage. This will allow the ESXi host components to be listed successfully when scanning via Tenable. 

For more information on see how to migrate from stateless to stateful