OpenVAS – Status code: 503, Status message: Service temporarily down

If you try to start a task you’ll get:

Operation: Start Task
Status code: 503
Status message: Service temporarily down

In /var/lib/openvasmd.log you can find something like this:

lib serv:WARNING:2016-09-02 08h21.18 UTC:4546: Failed to shake hands with peer: The TLS connection was non-properly terminated.
lib serv:WARNING:2016-09-02 08h21.18 UTC:4546: Failed to shutdown server socket
event task:MESSAGE:2016-09-02 08h21.18 UTC:4546: Task 256f8360-1ec7-4675-a6ab-415fd5fb9483 could not be started by admin

The fix is mentioned in a text document you can find here or just following the steps bellow:

  1. Stop scanner
    systemctl stop openvas-scanner
  2. Stop manager
    systemctl stop openvas-manager
  3. Make the certs with the command (pressing enter will fill in the defaults in the brackets):
    openvas-mkcert -f
  4. Make the client certs with the command:
    openvas-mkcert-client -i -n
  5. Get the scanner uid with the command (gives you an uid like “08b69003-5fc2-4037-a479-93b440211c73”):
    openvasmd --get-scanners
  6. Update scanner and keys with the command (you will need to replace the uid in this command with the uid provided from the previous step):
    openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" --scanner-ca-pub /var/lib/openvas/CA/cacert.pem --scanner-key-pub /var/lib/openvas/CA/clientcert.pem --scanner-key-priv /var/lib/openvas/private/CA/clientkey.pem

    For Debian it can be slightly different. Thanks mansuamen:

    openvasmd –modify-scanner “08b69003-5fc2-4037-a479-93b440211c73” –scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem –scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem –scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem
  7. Sync the feeds using the command:
  8. Start the scanner using the command:
    systemctl start openvas-scanner
  9. Rebuild openvas databases using the command:
    openvasmd --rebuild
  10. Start openvas manager using the command:
    systemctl start openvas-manager
  11. Start Greenbone using the command:
    systemctl start gsa


16 Replies to “OpenVAS – Status code: 503, Status message: Service temporarily down”

  1. Thanks a lot for your tutorial!
    I find 2 mistakes:
    In the section 2 it needs to be: systemctl stop openvas-managerer
    In the section 5 it needs to be: openvasmd –get-scanners

    I get “failed to modify scanner” on section 6.

    any idea ?

    • Hi Michael,
      Thanks for the corrections!
      About the error you get – can you try with –verbose to get more details about the problem and what is wrong. Let me know the output.


    • /usr/sbin/openvasmd –modify-scanner=$scanner –scanner-ca-pub /var/lib/openvas/CA/cacert.pem –scanner-key-pub /var/lib/openvas/CA/clientcert.pem –scanner-key-priv /var/lib/openvas/private/CA/clientkey.pem

  2. Thanks for the tutorial.
    Please, take care on step 6th that cert directories in debian are different:
    openvasmd –modify-scanner “08b69003-5fc2-4037-a479-93b440211c73” –scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem –scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem –scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem

  3. “failed to modify scanner” means – you did’nt use the correct scanner ID (i had a typo)

  4. Thank you very much.
    I have been trying to get my OpenVas 8 Scanner to work for quite sometime but i could not understand or fix the ” Status code 503 Error ” I almost gave up until i found your post. This really helps a lot.
    Thanks Again!

  5. Worked much better than another “solution” I found. A couple of points: Ubuntu 14.04 doesn’t have systemctl (use service openvas… stop or start) and there is no gsa service but the web interface still worked.

  6. My OpenVAS is on Parrotsec. When I try the above I get:

    openvas-mkcert -f
    bash: openvas-mkcert: command not found

    for step 3

  7. I found this stuff, so will try:

    ─╼ $openvas-manage-certs
    /usr/bin/openvas-manage-certs [OPTION] – Manage certificate infrastructure for an OpenVAS installation

    -h Print help
    -a Automatically set up default infrastructure for OpenVAS
    -V Verify existing OpenVAS certificate infrastructure
    -C Create a certificate authority (CA)
    -I Install a CA certificate
    -R Create a certificate request for a CA
    -r Create a certificate request
    -c Create a certificate request and sign it
    -i Install a certificate
    -S Sign a certificate request
    -f Force overwriting of existing files

    Certificate options:
    -E Create a server certificate
    -L Create a client certificate
    -A Skip CA generation in automatic mode

  8. For a fully patched Parrotsec of this date:

    I was able to get my scan going again. I was trying to resume a stopped scan and getting the 503 error.

    I was able to carry out the above instructions with the following modifications:

    For step 3 I used: openvas-manage-certs -E

    For step 4 I used: openvas-manage-certs -L

  9. In step 7: with Parrotsec I get “#openvas-nvt-sync -wget
    bash: openvas-nvt-sync: command not found”
    Tried both with and w/o “-wget”.

Leave a Reply

Your email address will not be published. Required fields are marked *