"SonarQube server https://{myserver} can not be reached" in step 3 of Sonar Scanner manual scan

SonarQube: Version 8.7.1 (build 42226)
Sonar Scanner msbuild: 4.10.0.19059
Trying to run a manual scan.

I have successfully setup the server and a reverse proxy in IIS as per the instructions to enable SSL. The IIS server is hosting an internally signed and trusted certificate. My browser shows this as being a valid certificate. The common name is the server and SANs specified for each of the CNAMES, both FQ and non-FQ.

I have created a project and want to run a manual scan.
The project page says to run these commands in the root folder of the solution:

  • SonarScanner.MSBuild.exe begin /k:"{myproject}" /d:sonar.host.url=“https://{myserver}” /d:sonar.login="{mytoken}"
  • MsBuild.exe /t:Rebuild
  • SonarScanner.MSBuild.exe end /d:sonar.login="{mytoken}"

Commands 1 and 2 run successfully, but no 3 errors as follows:

SonarScanner for MSBuild 4.10
Using the .NET Framework version of the Scanner for MSBuild
Post-processing started.
Calling the SonarQube Scanner…
INFO: Scanner configuration file: D:\SqAgent\sonar-scanner-4.4.0.2170\bin…\con
f\sonar-scanner.properties
INFO: Project root configuration file: D:\Mark\Dev Projects{myproject}.sonarqube\out\s
onar-project.properties
INFO: SonarScanner 4.4.0.2170
INFO: Java 11.0.10 Oracle Corporation (64-bit)
INFO: Windows Server 2012 R2 6.3 amd64
INFO: User cache: C:\Users{mylogin}.sonar\cache
INFO: ------------------------------------------------------------------------
ERROR: SonarQube server [https://{myserver}] can not be reached
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 0.469s
ERROR: Error during SonarScanner execution
INFO: Final Memory: 3M/17M
INFO: ------------------------------------------------------------------------
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarSc
anner analysis

Any ideas why the scanner may not be able to see the server that a) it can see in step 1; b) is visible from a browser in the same session as the scanner.

Hello,
Can you run the analysis in debug mode and check the http request not able to reach SonarQube ?
It should be this one,

DEBUG: GET 200 https://{myserver}/api/settings/values.protobuf

Then check in your proxy logs if the request reaches it, and if it does check the status code and let us know.
Alex.

Hi Alex,

Thanks for your reply. I added the “/d:sonar.verbose=true” to the command line for the “begin” step and re-ran the other commands. Adding it to the “end” step is not valid.

The output is as follows this time, so not much more to go on:

Executing file D:\SqAgent\sonar-scanner-4.4.0.2170\bin\sonar-scanner.bat
Args: -Dsonar.scanAllFiles=true -Dproject.settings=D:\Mark\Dev Projects{myproject}.s
onarqube\out\sonar-project.properties --from=ScannerMSBuild/4.10 --debug
Working directory: D:\Mark\Dev Projects{myproject}
Timeout (ms):-1
Process id: 2444
16:05:53.488 INFO: Scanner configuration file: D:\SqAgent\sonar-scanner-4.4.0.21
70\bin…\conf\sonar-scanner.properties
16:05:53.504 INFO: Project root configuration file: D:\Mark\Dev Projects{myproject}.so
narqube\out\sonar-project.properties
16:05:53.550 INFO: SonarScanner 4.4.0.2170
16:05:53.550 INFO: Java 11.0.10 Oracle Corporation (64-bit)
16:05:53.550 INFO: Windows Server {version}
16:05:53.707 DEBUG: keyStore is :
16:05:53.707 DEBUG: keyStore type is : pkcs12
16:05:53.707 DEBUG: keyStore provider is :
16:05:53.707 DEBUG: init keystore
16:05:53.707 DEBUG: init keymanager of type SunX509
16:05:53.847 DEBUG: Create: C:\Users{mylogin}.sonar\cache
16:05:53.847 INFO: User cache: C:\Users{mylogin}.sonar\cache
16:05:53.847 DEBUG: Create: C:\Users{mylogin}.sonar\cache_tmp
16:05:53.847 DEBUG: Extract sonar-scanner-api-batch in temp…
16:05:53.847 DEBUG: Get bootstrap index…
16:05:53.847 DEBUG: Download: https://{myserver}/batch/index
16:05:53.972 ERROR: SonarQube server [https://{myserver}] can not
be reached
16:05:53.972 INFO: -------------------------------------------------------------

16:05:53.972 INFO: EXECUTION FAILURE
16:05:53.972 INFO: -------------------------------------------------------------

I don’t have access to the proxy server to check logs.
Is there a way to specify a proxy server and a server exclusion list?

Thanks

Mark

For anyone else who finds this post in the future and has the same issue, I resolved this by making sure Java knew about our internal certificates.

Steps:

  • export your root an intermediate certificates from mmc, certificates snap-in
  • in C:\Program Files\Java\jdk-11.0.10\bin:
    ** keytool -import -trustcacerts -alias root -keystore {somefolder}\cacerts -file {exported root cert}.cer
    ** keytool -import -trustcacerts -alias intermediate -keystore {somefolder}\cacerts -file {exported intermediate cert}.cer
  • set two system level environment variables:
    ** SONAR_SCANNER_OPTS=-Djavax.net.ssl.trustStore={somefolder}\cacerts -Djavax.net.ssl.trustStorePassword={keystore password}
    ** NODE_EXTRA_CA_CERTS={exported root cert}.cer