ScanCentral DAST API Issue

I have finished running the configuration tool, added the API URL into SSC and enabled ScanCentral DAST and I get the following on the ScanCentral tab: 

SSC and the DAST API are on two separate VMs and nothing is blocking the connection between the two as far as I know. I think the the problem is on the VM that's running the DAST api but I'm not sure where to start. In my limited research so far I did try pulling up http://<ScanCentral_DAST_API_URL>:85/swagger/index.html but it's not loading and I'm getting a connection timed out error. The Docker container is running so I'm not sure what the issue could be.   

Any help is greatly appreciated

  • In my limited research so far I did try pulling up http://<ScanCentral_DAST_API_URL>:85/swagger/index.html but it's not loading and I'm getting a connection timed out error.

    Is port 85 being blocked from your client to the VM? If so, this could be the issue. You mentioned you are unable to access the swagger page. You have to be able to access the DAST API via the defined port from the client you are accessing SSC with as well.

    Have you tried accessing the URL the DAST API VM or Docker Host?

  • Thanks, port 85 is open externally. I'll have to check internally. It looks like the problem might be the communication between host and VM though

  • Also I was looking through the container logs and saw this error. Is this trying to connect to the DB I specified in the Config Tool? And if not where can I find the settings file to check and make sure everything is correct?

  • Yes sir. The database it is trying to connect to is the one defined in the SC DAST Config tool. That would be the reason behind your not being able to connect - service not running because it is unable to connect to the database. Verify the SQL Server name can be resolved from within the container. May need to define by IP address instead.

  • Do I need to run the config tool again or is there a settings file that was created I can check to verify and adjust SQL info? I'm getting the same error trying to run: docker attach <container>

    ERROR | 2022-07-27 16:28:50.2065 | DAST.Web.API.Program | Stopped program because of exception Microsoft.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establish
    ing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider,
    error: 40 - Could not open a connection to SQL Server)
    ---> System.ComponentModel.Win32Exception (53): The network path was not found.
    at Microsoft.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
    at Microsoft.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
    at Microsoft.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integra
    tedSecurity, Boolean withFailover, SqlAuthenticationMethod authType)
    at Microsoft.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailo
    ver)
    at Microsoft.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions
    , SqlCredential credential, TimeoutTimer timeout)
    at Microsoft.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boole
    an redirectedUserInstance)
    at Microsoft.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString
    newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, Boolean applyTransientFaultHandling, String accessToken, DbConnectionPool pool)
    at Microsoft.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbCon
    nectionOptions userOptions)
    at Microsoft.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnectionPool pool, DbConnection owningObject, DbConnectionOptions options, DbConnectionPoolKey poolKey, DbConnectionOptions userOptions
    )
    at Microsoft.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at Microsoft.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject, DbConnectionOptions userOptions, DbConnectionInternal oldConnection)
    at Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOption
    s, DbConnectionInternal& connection)
    at Microsoft.Data.ProviderBase.DbConnectionPool.WaitForPendingOpen()
    --- End of stack trace from previous location ---
    at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)
    at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternalAsync(Boolean errorsExpected, CancellationToken cancellationToken)
    at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenAsync(CancellationToken cancellationToken, Boolean errorsExpected)
    at Microsoft.EntityFrameworkCore.Storage.RelationalCommand.ExecuteReaderAsync(RelationalCommandParameterObject parameterObject, CancellationToken cancellationToken)
    at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.InitializeReaderAsync(DbContext _, Boolean result, CancellationToken cancellationToken)
    at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.ExecuteImplementationAsync[TState,TResult](Func`4 operation, Func`4 verifySucceeded, TState state, CancellationToken cancellationToken)
    at Microsoft.EntityFrameworkCore.Storage.ExecutionStrategy.ExecuteImplementationAsync[TState,TResult](Func`4 operation, Func`4 verifySucceeded, TState state, CancellationToken cancellationToken)
    at Microsoft.EntityFrameworkCore.Query.Internal.SingleQueryingEnumerable`1.AsyncEnumerator.MoveNextAsync()
    at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)
    at Microsoft.EntityFrameworkCore.EntityFrameworkQueryableExtensions.ToListAsync[TSource](IQueryable`1 source, CancellationToken cancellationToken)
    at DAST.Shared.Service.ConfigurationSettingService.DASTConfigurationSettingService.GetConfigurationSettingList(DBConnectionDataDto connectionDataDto)
    at DAST.Web.API.Startup.ConfigureServices(IServiceCollection services)
    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor, Boolean wrapExceptions)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.InvokeCore(Object instance, IServiceCollection services)
    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.<>c__DisplayClass9_0.<Invoke>g__Startup|0(IServiceCollection serviceCollection)
    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.Invoke(Object instance, IServiceCollection services)
    at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.<>c__DisplayClass8_0.<Build>b__0(IServiceCollection services)
    at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.UseStartup(Type startupType, HostBuilderContext context, IServiceCollection services, Object instance)
    at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.<>c__DisplayClass13_0.<UseStartup>b__0(HostBuilderContext context, IServiceCollection services)
    at Microsoft.Extensions.Hosting.HostBuilder.CreateServiceProvider()
    at Microsoft.Extensions.Hosting.HostBuilder.Build()
    at DAST.Web.API.Program.Main(String[] args)
    ClientConnectionId:00000000-0000-0000-0000-000000000000
    Error Number:53,State:0,Class:20

  • Suggested Answer

    System.ComponentModel.Win32Exception (53): The network path was not found.

    As you are receiving this error, the first thing I would do is perform a docker exec command on one of your running containers and see if you can ping the SQL Server from within the container using the value of your --server as defined in the config file. Unfortunately, name resolution from within Windows Docker containers has "always" been a challenge - github.com/.../3810

    If you cannot resolve the name from within the contianer, then you may need use IP addresses to define the --server. There are other options though (i.e., modifying the hosts file from within the container, etc.).

    Regarding running back through the config tool, after you finish troubleshooting and find a combination that works for you, then yes, you would run back through the config tool with the appropriate settings to generate the artifacts.

    During testing, the database connection string you see in the Docker run command is actually and encrypted version of the values provided in the config tool.

    Encrypted:

     

    docker run ---restart always -8080:80 --name scancentral-dast-api -"ConnectionStrings:DASTDB=H7ExeljHHr93fJcfRJ54JHs9pEGQsT9PArwfZtYtGoI2kGZv3lVlEd8INuyy5mLIV0qtmdE+TGfvC1Y6veqwU+1QmbaferEce3rEw7ITiUs05GsH//bBPw==" fortifydocker/scancentral-dast-api:22.1

     

    Unencrypted - this will allow you to modify/tweak the connection string if needed/desired:

     

    docker run -d --restart always -8080:80 --name scancentral-dast-api -e ConnectionStrings:DASTDB="Server=192.168.1.15\fortify;Database=eDAST;User Id=fortify;Password=fortifyPassword;" fortifydocker/scancentral-dast-api:22.1

  • So I ran Test-NetConnection from the container running the LIM and was able to reach the SQL server using both the IP and host name but still getting the same error when the container starts. Checked remote connections are allowed and verified the user account can actually log into the database

  • Chris--

    Have you tried using IP address as a test? Are there any additional connection strings needed while accessing the database? What type of database are you connecting to? Microsoft SQL Server? Azure? AWS?

    If you haven't already, I recommend opening a ticket with support for further investigation and a possible remote session for troubleshooting. 

  • Thanks for your help, I really appreciate it. I may have to go the ticket route. Was hoping to get a quick answer. To answer your questions the database is Microsoft SQL. Strange thing is the config tool verifies both IP and hostname settings with the specified user account but then the error is generated when the container starts. I would think the config tool would fail if the connection can't actually be established? I've checked remote connection is enabled, named pipes are enabled, necessary ports seem to be open. 

    I did try running the container the unencrypted way using your example with both IP and hostname but I'm getting a failed login for the specified user account, which I've checked can actually login to the database on the server.

  • Have you tried adding -e "AllowNonTrustedServerCertificate=true" to your unencrypted connection string?