"SonarQube server https://{myserver} can not be reached" in step 3 of Sonar Scanner manual scan

SonarQube: Version 8.7.1 (build 42226)
Sonar Scanner msbuild:
Trying to run a manual scan.

I have successfully setup the server and a reverse proxy in IIS as per the instructions to enable SSL. The IIS server is hosting an internally signed and trusted certificate. My browser shows this as being a valid certificate. The common name is the server and SANs specified for each of the CNAMES, both FQ and non-FQ.

I have created a project and want to run a manual scan.
The project page says to run these commands in the root folder of the solution:

  • SonarScanner.MSBuild.exe begin /k:"{myproject}" /d:sonar.host.url=“https://{myserver}” /d:sonar.login="{mytoken}"
  • MsBuild.exe /t:Rebuild
  • SonarScanner.MSBuild.exe end /d:sonar.login="{mytoken}"

Commands 1 and 2 run successfully, but no 3 errors as follows:

SonarScanner for MSBuild 4.10
Using the .NET Framework version of the Scanner for MSBuild
Post-processing started.
Calling the SonarQube Scanner…
INFO: Scanner configuration file: D:\SqAgent\sonar-scanner-\bin…\con
INFO: Project root configuration file: D:\Mark\Dev Projects{myproject}.sonarqube\out\s
INFO: SonarScanner
INFO: Java 11.0.10 Oracle Corporation (64-bit)
INFO: Windows Server 2012 R2 6.3 amd64
INFO: User cache: C:\Users{mylogin}.sonar\cache
INFO: ------------------------------------------------------------------------
ERROR: SonarQube server [https://{myserver}] can not be reached
INFO: ------------------------------------------------------------------------
INFO: Total time: 0.469s
ERROR: Error during SonarScanner execution
INFO: Final Memory: 3M/17M
INFO: ------------------------------------------------------------------------
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarSc
anner analysis

Any ideas why the scanner may not be able to see the server that a) it can see in step 1; b) is visible from a browser in the same session as the scanner.

Can you run the analysis in debug mode and check the http request not able to reach SonarQube ?
It should be this one,

DEBUG: GET 200 https://{myserver}/api/settings/values.protobuf

Then check in your proxy logs if the request reaches it, and if it does check the status code and let us know.

Hi Alex,

Thanks for your reply. I added the “/d:sonar.verbose=true” to the command line for the “begin” step and re-ran the other commands. Adding it to the “end” step is not valid.

The output is as follows this time, so not much more to go on:

Executing file D:\SqAgent\sonar-scanner-\bin\sonar-scanner.bat
Args: -Dsonar.scanAllFiles=true -Dproject.settings=D:\Mark\Dev Projects{myproject}.s
onarqube\out\sonar-project.properties --from=ScannerMSBuild/4.10 --debug
Working directory: D:\Mark\Dev Projects{myproject}
Timeout (ms):-1
Process id: 2444
16:05:53.488 INFO: Scanner configuration file: D:\SqAgent\sonar-scanner-
16:05:53.504 INFO: Project root configuration file: D:\Mark\Dev Projects{myproject}.so
16:05:53.550 INFO: SonarScanner
16:05:53.550 INFO: Java 11.0.10 Oracle Corporation (64-bit)
16:05:53.550 INFO: Windows Server {version}
16:05:53.707 DEBUG: keyStore is :
16:05:53.707 DEBUG: keyStore type is : pkcs12
16:05:53.707 DEBUG: keyStore provider is :
16:05:53.707 DEBUG: init keystore
16:05:53.707 DEBUG: init keymanager of type SunX509
16:05:53.847 DEBUG: Create: C:\Users{mylogin}.sonar\cache
16:05:53.847 INFO: User cache: C:\Users{mylogin}.sonar\cache
16:05:53.847 DEBUG: Create: C:\Users{mylogin}.sonar\cache_tmp
16:05:53.847 DEBUG: Extract sonar-scanner-api-batch in temp…
16:05:53.847 DEBUG: Get bootstrap index…
16:05:53.847 DEBUG: Download: https://{myserver}/batch/index
16:05:53.972 ERROR: SonarQube server [https://{myserver}] can not
be reached
16:05:53.972 INFO: -------------------------------------------------------------

16:05:53.972 INFO: -------------------------------------------------------------

I don’t have access to the proxy server to check logs.
Is there a way to specify a proxy server and a server exclusion list?



For anyone else who finds this post in the future and has the same issue, I resolved this by making sure Java knew about our internal certificates.


  • export your root an intermediate certificates from mmc, certificates snap-in
  • in C:\Program Files\Java\jdk-11.0.10\bin:
    ** keytool -import -trustcacerts -alias root -keystore {somefolder}\cacerts -file {exported root cert}.cer
    ** keytool -import -trustcacerts -alias intermediate -keystore {somefolder}\cacerts -file {exported intermediate cert}.cer
  • set two system level environment variables:
    ** SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore={somefolder}\cacerts -Djavax.net.ssl.trustStorePassword={keystore password}
    ** NODE_EXTRA_CA_CERTS={exported root cert}.cer