[Openvas-discuss] Service temporarily down

Eero Volotinen eero.volotinen at iki.fi
Mon Nov 9 09:43:42 CET 2015


Well, works fine for me. I am using Centos 7 and latest OpenVAS8.

Maybe you should also try with Centos 7 :)

--
Eero

2015-11-09 9:55 GMT+02:00 Helmut Koers <HKoers at de.hellmann.net>:

> Yes, system clock is on correct time.
>
> I even tried to copy certificates from a fresh/working installation to an
> updated/not working one and ran into the same issues. May there be a link
> to the certificates anywhere, that need to be updated?
>
>
> 08.11.2015----18:06:42eero.t.volotinen at gmail.com wrote on 08.11.2015
> 18:06:42:
>
> > From: Eero Volotinen
> <eero.volotinen at iki.fi>> To: Helmut Koers <HK
> oers at de.hellmann.net>, > Cc: "openvas-discuss at wald.intevation.org"
> <openvas-
> > discu
> ss at wald.intevation.org>>
>  Date: 08.11.2015 18:06> Subject: Re: [Openvas-discuss] S
> ervice temporarily down> Sent by: eer
> o.t.volotinen at gmail.com>
> > Is the system clock o
> n corr
> ect time?
> >
> > --> Eero>
> > 2015-11-08 20:02 GMT+03:00 Helmut Koers <H
> Koers at de.hellmann.net>:> It loads the certificates exactly from the place
> I looked at, as you can
> > see below.
> >
> > open("/var/lib/openvas/private/CA/serverkey.pem", O_RDONLY) = 5
> > open("/var/lib/openvas/CA/servercert.pem", O_RDONLY) = 5
> > open("/var/lib/openvas/CA/cacert.pem", O_RDONLY) = 5
> >
> > I did a clean installation of Debian Jessie and OpenVAS8 using latest
> > install media, and am having the same issues after renewing certificates
> > as mentioned before.
> >
> >
> > 06.11.2015----16:53:54eero.t.volotinen at gmail.com wrote on 06.11.2015
> > 16:53:54:
> >
> > > From: Eero Volotinen
> > <eero.volotinen at iki.fi>> To: Helmut Koers <HK
> > oers at de.hellmann.net>, > Cc: openvas-disc
> > uss at wald.intevation.org>
> >  Date: 06.11.2015 16:53> Subject: Re: [Openvas-discuss] S
> > ervice temporarily down> Sent by: eer
> > o
> .t.volotinen at gmail.com>> > Well, you could start openvasmd under strace
> like this strace -f -e
> > > open openvasmd and look wher
> > e it open certificates.> Maybe you are l
> > ooking
> >  in wrong place..> Eero> 6.11.2015 3.51 ip. "Helmut Koers" <HKoers at de.h
> > ellmann.net> kirjoitti:> Yes, I have tried both, deleting client, server
> > and ca certs as well as
> > > cert and keys (.../var/lib/openvas/CA/ und
> > > .../var/lib/openvas/private/CA/), which then have been newly created.
> > I've
> > > tried it several time, but here was not difference, I am am still
> seeing
> > > the error message and am not able to execute a scan.
> > >
> > >
> > > 06.11.2015----13:29:56eero.t.volotinen at gmail.com wrote on 06.11.2015
> > > 13:29:56:
> > >
> > > > From: Eero Volotinen
> > > <eero.volotinen at iki.fi>> To: Helmut Koers <HK
> > > oers at de.hellmann.net>, > Cc: openvas-disc
> > > uss at wald.intevation.org>
> > >  Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S
> > > ervice temporarily down> Sent by: eer
> > > o.t.volotinen at gmail.com>
> > > > Well, did you really deleted server ca
> > > , cert
> > >  and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers"
> <HKoers at de.h
> > > ellmann.net> kirjoitti:> Unfortunately, that did not solve the issue,
> > same
> > > error in GSAD than
> > > > before.
> > > >
> > > > Not sure if I got the right error message in openvasmd.log before,
> now
> > I
> > > > see the following:
> > > >
> > > > lib  serv:WARNING:2015-11-06 11h51.21 CET:7977:
> openvas_server_verify:
> > > the
> > > > certificate is not trusted
> > > > lib  serv:WARNING:2015-11-06 11h51.21 CET:7977:
> openvas_server_verify:
> > > the
> > > > certificate hasn't got a known issuer
> > > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task
> > > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin
> > > >
> > > > I repeated the actions I have been received, but no change.
> > > >
> > > >
> > > > 06.11.2015----10:59:20eero.t.volotinen at gmail.com wrote on 06.11.2015
> > > > 10:59:20:
> > > >
> > > > > From: Eero Volotinen
> > > > <eero.volotinen at iki.fi>> To: Helmut Koers <HK
> > > > oers at de.hellmann.net>, > Cc: openvas-disc
> > > > uss at wald.intevation.org>
> > > >  Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S
> > > > ervice temporarily down> Sent by: eer
> > > > o.t.volotinen at gmail.com>
> > > > > Try to delete old ca and certs and then regener
> > > > ate &
> > > > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers"
> > <HKoers at de.h
> > > > ellmann.net> kirjoitti:> Hi all,
> > > > > after renewing OpenVAS certificates as requested:
> > > > >
> > > > > openvas-mkcert -f -q
> > > > > openvas-mkcert-client -n -i
> > > > >
> > > > > and reooting the entire system, I can't run a scan anymore getting
> > an
> > > > > error message in GSAD saying:
> > > > >
> > > > > Operation:              Start Task
> > > > > Status code:            503
> > > > > Status message:         Service temporarily down
> > > > >
> > > > > The openvasmd.log shows the following:
> > > > >
> > > > > lib  serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake
> hands
> > > > with
> > > > > peer: The TLS connection was non-properly terminated.
> > > > > lib  serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown
> > > server
> > > > > socket
> > > > > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task
> > > > > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin
> > > > >
> > > > > I am running OpenVAS 8 on Debian Jessie.
> > > > >
> > > > > Any advice is appreciated.
> > > > > _______________________________________________
> > > > > Openvas-discuss mailing list
> > > > > Openvas-discuss at wald.intevation.org
> > > > >
> > > >
> > >
> >
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20151109/2b9d9ac6/attachment.html>


More information about the Openvas-discuss mailing list