OpenVAS – Status code: 503, Status message: Service temporarily down

If you try to start a task you’ll get:

Operation: Start Task
Status code: 503
Status message: Service temporarily down

In /var/lib/openvasmd.log you can find something like this:

lib serv:WARNING:2016-09-02 08h21.18 UTC:4546: Failed to shake hands with peer: The TLS connection was non-properly terminated.
lib serv:WARNING:2016-09-02 08h21.18 UTC:4546: Failed to shutdown server socket
event task:MESSAGE:2016-09-02 08h21.18 UTC:4546: Task 256f8360-1ec7-4675-a6ab-415fd5fb9483 could not be started by admin

The fix is mentioned in a text document you can find here or just following the steps bellow:

  1. Stop scanner
    systemctl stop openvas-scanner
  2. Stop manager
    systemctl stop openvas-manager
  3. Make the certs with the command (pressing enter will fill in the defaults in the brackets):
    openvas-mkcert -f
  4. Make the client certs with the command:
    openvas-mkcert-client -i -n
  5. Get the scanner uid with the command (gives you an uid like “08b69003-5fc2-4037-a479-93b440211c73”):
    openvasmd --get-scanners
  6. Update scanner and keys with the command (you will need to replace the uid in this command with the uid provided from the previous step):
    openvasmd --modify-scanner "08b69003-5fc2-4037-a479-93b440211c73" --scanner-ca-pub /var/lib/openvas/CA/cacert.pem --scanner-key-pub /var/lib/openvas/CA/clientcert.pem --scanner-key-priv /var/lib/openvas/private/CA/clientkey.pem

    For Debian it can be slightly different. Thanks mansuamen:

    openvasmd –modify-scanner “08b69003-5fc2-4037-a479-93b440211c73” –scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem –scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem –scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem
  7. Sync the feeds using the command:
    openvas-nvt-sync
  8. Start the scanner using the command:
    systemctl start openvas-scanner
  9. Rebuild openvas databases using the command:
    openvasmd --rebuild
  10. Start openvas manager using the command:
    systemctl start openvas-manager
  11. Start Greenbone using the command:
    systemctl start gsa

Enjoy!

8 Replies to “OpenVAS – Status code: 503, Status message: Service temporarily down”

  1. Thanks a lot for your tutorial!
    I find 2 mistakes:
    In the section 2 it needs to be: systemctl stop openvas-managerer
    In the section 5 it needs to be: openvasmd –get-scanners

    I get “failed to modify scanner” on section 6.

    any idea ?
    Michael

    • Hi Michael,
      Thanks for the corrections!
      About the error you get – can you try with –verbose to get more details about the problem and what is wrong. Let me know the output.

      Regards,
      Bisser

  2. Thanks for the tutorial.
    Please, take care on step 6th that cert directories in debian are different:
    openvasmd –modify-scanner “08b69003-5fc2-4037-a479-93b440211c73” –scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem –scanner-key-pub /usr/local/var/lib/openvas/CA/clientcert.pem –scanner-key-priv /usr/local/var/lib/openvas/private/CA/clientkey.pem

  3. “failed to modify scanner” means – you did’nt use the correct scanner ID (i had a typo)

Leave a Reply

Your email address will not be published. Required fields are marked *

*