GVMD not starting

Walter · June 19, 2025, 11:05pm

I’ve tried installing the service on 3 machines, Debian, Kali, and Ubuntu. Currently having these issues with Ubuntu.
I continue to get the this:
The unit gvmd.service has entered the ‘failed’ state with result ‘protocol’.
Jun 18 15:57:05 cybsec-ov systemd[1]: Failed to start Greenbone Vulnerability Manager daemon (gvmd).

Jun 18 15:57:05 cybsec-ov systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
Jun 18 15:57:05 cybsec-ov systemd[1]: gvmd.service: Can't open PID file /run/gvm/gvmd.pid (yet?) after start: Operation not permitted
Jun 18 15:57:05 cybsec-ov systemd[1]: gvmd.service: Failed with result 'protocol'.
Jun 18 15:57:05 cybsec-ov systemd[1]: Failed to start Greenbone Vulnerability Manager daemon (gvmd).

This is another output:

Jun 18 15:57:05 cybsec-ov systemd[1]: gvmd.service: Failed with result 'protocol'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit gvmd.service has entered the 'failed' state with result 'protocol'.
Jun 18 15:57:05 cybsec-ov systemd[1]: Failed to start Greenbone Vulnerability Manager daemon (gvmd).
░░ Subject: A start job for unit gvmd.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit gvmd.service has finished with a failure.
░░
░░ The job identifier is 1435047 and the job result is failed.
Jun 18 15:57:05 cybsec-ov systemd[1]: gvmd.service: Scheduled restart job, restart counter is at 1105.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ Automatic restarting of the unit gvmd.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Jun 18 15:57:05 cybsec-ov systemd[1]: Stopped Greenbone Vulnerability Manager daemon (gvmd).
░░ Subject: A stop job for unit gvmd.service has finished
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A stop job for unit gvmd.service has finished.
░░
░░ The job identifier is 1435139 and the job result is done.
Jun 18 15:57:05 cybsec-ov systemd[1]: gvmd.service: Start request repeated too quickly.
Jun 18 15:57:05 cybsec-ov systemd[1]: gvmd.service: Failed with result 'protocol'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ The unit gvmd.service has entered the 'failed' state with result 'protocol'.
Jun 18 15:57:05 cybsec-ov systemd[1]: Failed to start Greenbone Vulnerability Manager daemon (gvmd).
░░ Subject: A start job for unit gvmd.service has failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support

Here some more:

OSPD[100717] 2025-06-19 19:24:55,893: ERROR: (ospd_openvas.openvas) OpenVAS Scanner failed to load VTs. Command '['openvas', '--update-vt-info']' returned non-zero exit status 1.
OSPD[100717] 2025-06-19 19:24:55,894: ERROR: (ospd_openvas.daemon) Updating VTs failed.
OSPD[100717] 2025-06-19 19:25:06,129: INFO: (ospd_openvas.daemon) Loading VTs. Scans will be [requested|queued] until VTs are loaded. This may take a few minutes, please wait...
OSPD[100717] 2025-06-19 19:25:06,189: ERROR: (ospd_openvas.openvas) OpenVAS Scanner failed to load VTs. Command '['openvas', '--update-vt-info']' returned non-zero exit status 1.
OSPD[100717] 2025-06-19 19:25:06,189: ERROR: (ospd_openvas.daemon) Updating VTs failed.

And some more:

lib  nasl:MESSAGE:2025-06-19 19h25.56 utc:273576: /var/lib/openvas/plugins/plugin_feed_info.inc: Not able to open nor to locate it in include paths
lib  nasl:MESSAGE:2025-06-19 19h26.07 utc:273582: /var/lib/openvas/plugins/plugin_feed_info.inc: Not able to open nor to locate it in include paths
lib  nasl:MESSAGE:2025-06-19 19h26.17 utc:273588: /var/lib/openvas/plugins/plugin_feed_info.inc: Not able to open nor to locate it in include paths

The log file doesn’t exist, even if I try creating it nothing gets written into it
/var/log/gvm/gvmd.log

Any idea what I’m doing wrong?

rippledj · June 19, 2025, 11:06pm

You should provide detailed information about your install method, and system configuration to get help from community members. Otherwise, we could assume you used the official Building from Source Guide, and then find out differently at a later point.

Walter · June 21, 2025, 6:07am

I did build from Source, and also tried the immauss container. Currently running immausss.

Lukas · June 21, 2025, 9:34am

It looks like a permission problem, you need to start the services in the foreground (without systemd) and if you have permission issues you can run “strace -e file {cmd}” to debug this.

Walter · June 25, 2025, 5:35pm

To make sure we are on the right track I’ve been rebuilding from source strictly following the steps on the article. I hit a wall while setting up the admin user. The guide is very specific for this step, if there is no output “User created.” then I must check the log, and I see some errors there, any ideas?

cybsec@cybsec-ov:~/source/openvas-scanner-23.20.0/rust/src/openvasd$ /usr/local/sbin/gvmd --create-user=admin --password='TestPassword'
cybsec@cybsec-ov:~/source/openvas-scanner-23.20.0/rust/src/openvasd$ cat /var/log/gvm/gvmd.log
md   main:MESSAGE:2025-06-25 17h29.22 utc:21217:    Greenbone Vulnerability Manager version 26.0.0 (DB revision 259)
md manage:   INFO:2025-06-25 17h29.22 utc:21217:    Creating user.
md manage:WARNING:2025-06-25 17h29.22 utc:21217: sql_exec_internal: PQexec failed: ERROR:  relation "public.meta" does not exist
LINE 1: SELECT value FROM public.meta WHERE name = 'database_version...
                          ^
 (7)
md manage:WARNING:2025-06-25 17h29.22 utc:21217: sql_exec_internal: SQL: SELECT value FROM public.meta WHERE name = 'database_version';
md manage:WARNING:2025-06-25 17h29.22 utc:21217: sql_x: sql_exec_internal failed
md manage:MESSAGE:2025-06-25 17h29.22 utc:21217: No SCAP database found
md manage:MESSAGE:2025-06-25 17h29.22 utc:21217: No CERT database found
md manage:WARNING:2025-06-25 17h29.22 utc:21217: sql_exec_internal: PQexec failed: ERROR:  permission denied to set role "dba"
 (7)
md manage:WARNING:2025-06-25 17h29.22 utc:21217: sql_exec_internal: SQL: SET ROLE "dba";
md manage:WARNING:2025-06-25 17h29.22 utc:21217: sqlv: sql_exec_internal failed
md   main:MESSAGE:2025-06-25 17h30.08 utc:21236:    Greenbone Vulnerability Manager version 26.0.0 (DB revision 259)
md manage:   INFO:2025-06-25 17h30.08 utc:21236:    Creating user.
md manage:WARNING:2025-06-25 17h30.08 utc:21236: sql_exec_internal: PQexec failed: ERROR:  relation "public.meta" does not exist
LINE 1: SELECT value FROM public.meta WHERE name = 'database_version...
                          ^
 (7)
md manage:WARNING:2025-06-25 17h30.08 utc:21236: sql_exec_internal: SQL: SELECT value FROM public.meta WHERE name = 'database_version';
md manage:WARNING:2025-06-25 17h30.08 utc:21236: sql_x: sql_exec_internal failed
md manage:MESSAGE:2025-06-25 17h30.08 utc:21236: No SCAP database found
md manage:MESSAGE:2025-06-25 17h30.08 utc:21236: No CERT database found
md manage:WARNING:2025-06-25 17h30.08 utc:21236: sql_exec_internal: PQexec failed: ERROR:  permission denied to set role "dba"
 (7)
md manage:WARNING:2025-06-25 17h30.08 utc:21236: sql_exec_internal: SQL: SET ROLE "dba";
md manage:WARNING:2025-06-25 17h30.08 utc:21236: sqlv: sql_exec_internal failed

Eero · June 27, 2025, 12:49pm

Just follow instructions by step by step..

Eero

Walter · June 28, 2025, 3:46pm

I did, didn’t skip anything. And I did it again just to make sure I didn’t miss anything. Same issue.

Eero · June 28, 2025, 3:55pm

@Walter how about using deb packages, if instructions are too hard to follow?

Eero

Walter · June 28, 2025, 4:27pm

Hey, instructions are not hard to follow, they’re very straight forward. The issue at this time is the Postgres database, I’m currently troubleshooting that, error by error and it seems I’m making some progress.

cybsec@cybsec-ov:~/source/openvas-scanner-23.20.0/rust/src/openvasd$ sudo runuser -u _gvm -- gvmd --migrate

(gvmd:188395): md manage-WARNING **: 15:54:41.857: sql_exec_internal: PQexec failed: ERROR:  permission denied to set role "dba"
 (7)

(gvmd:188395): md manage-WARNING **: 15:54:41.857: sql_exec_internal: SQL: SET ROLE "dba";

(gvmd:188395): md manage-WARNING **: 15:54:41.857: sqlv: sql_exec_internal failed
cybsec@cybsec-ov:~/source/openvas-scanner-23.20.0/rust/src/openvasd$ sudo -u postgres psql
psql (17.5 (Ubuntu 17.5-1.pgdg22.04+1), server 14.18 (Ubuntu 14.18-0ubuntu0.22.04.1))
Type "help" for help.

postgres=# GRANT dba TO _gvm;
GRANT ROLE
postgres=# \du
                             List of roles
 Role name |                         Attributes
-----------+------------------------------------------------------------
 _gvm      |
 cybsec    |
 dba       | Superuser, No inheritance, Cannot login
 gvm       |
 gvmduser  |
 postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS

postgres=# \q
cybsec@cybsec-ov:~/source/openvas-scanner-23.20.0/rust/src/openvasd$ sudo runuser -u _gvm -- gvmd --migrate
md manage-Message: 15:56:57.248: cleanup_old_sql_functions: cleaning up SQL functions now included in pg-gvm extension
md   main:  DEBUG:2025-06-28 15h56.57 utc:188534: Sentry support disabled
md   main:  DEBUG:2025-06-28 15h56.57 utc:188534: No default relay mapper found.
md   main:MESSAGE:2025-06-28 15h56.57 utc:188534:    Greenbone Vulnerability Manager version 22.4.2 (DB revision 250)
md   main:   INFO:2025-06-28 15h56.57 utc:188534:    Migrating database.
Can not open '/var/log/gvm/gvmd.log' logfile: Permission denied

(process:188534): libgvm base-ERROR (recursed) **: Can not open '/var/log/gvm/gvmd.log' logfile: Permission deniedcybsec@cybsec-ov:~/source/openvas-scanner-23.20.0/rust/src/openvasd$

Just in case, do you have a guide for the *.deb packages?
If I don’t make much progress then I’ll try that for sure

Eero · June 28, 2025, 4:40pm

Most of errors can be seen your screen capture.

It might be wise just use kali packages or install debian 12 and just run this script for installation.

Eero

Walter · June 28, 2025, 4:45pm

Thanks!
Hadn’t seen that one yet, I will read it and give it a go on a VM with Debian 12

Walter · July 3, 2025, 8:07pm

Hey, I ran the script, and it worked fine!
Just a little thing. When it finishes, the web access is created which is awesome, but for some reason I can’t seem to be able to bind port 9390 to TCP in order to access the OpenVAS via GMP. The idea is to integrate it to a script we’re creating.
When checking the GVMD status it always says “initializing”. And when checking the logs it shows issues with a certificate. I’m assuming these 2 issues are correlated but not sure how to fix this. Our idea is to pay for the service, but we wanted to try it out first before investing money on it.

md   main:CRITICAL:2025-07-03 19h58.03 utc:440998: gvmd: client server initialisation failed
md   main:MESSAGE:2025-07-03 19h58.04 utc:441018:    Greenbone Vulnerability Manager version 26.0.0 (DB revision 259)
libgvm util:WARNING:2025-07-03 19h58.18 utc:441018: server_new_internal: failed to set credentials key file: Error while reading file.
libgvm util:WARNING:2025-07-03 19h58.18 utc:441018: server_new_internal:   cert file: /var/lib/gvm/CA/servercert.pem
libgvm util:WARNING:2025-07-03 19h58.18 utc:441018: server_new_internal:   key file : /var/lib/gvm/private/CA/serverkey.pem
md   main:CRITICAL:2025-07-03 19h58.18 utc:441018: gvmd: client server initialisation failed
md   main:MESSAGE:2025-07-03 19h58.19 utc:441039:    Greenbone Vulnerability Manager version 26.0.0 (DB revision 259)


deb-ov@debian-ov:~$ sudo systemctl status gvmd

● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
     Loaded: loaded (/etc/systemd/system/gvmd.service; enabled; preset: enabled)
     Active: active (running) since Thu 2025-07-03 15:58:34 EDT; 11s ago
       Docs: man:gvmd(8)
   Main PID: 441062 (gvmd)
      Tasks: 1 (limit: 8758)
     Memory: 265.7M
        CPU: 6.927s
     CGroup: /system.slice/gvmd.service
             └─441062 "gvmd: Initializing" "" .--osp-vt-update=/run/ospd/ospd-openvas.sock --listen=0.0.0.0 --port=9390 --listen-group=gvm --foreground

Jul 03 15:58:34 debian-ov systemd[1]: Started gvmd.service - Greenbone Vulnerability Manager daemon (gvmd).
deb-ov@debian-ov:~$

Eero · July 4, 2025, 9:37am

@Walter

I just tested the installation on Debian 12 and it worked perfectly; This script is a bit on the bleeding edge since it downloads the latest versions; I recommend installing Kali Rolling Linux and installing the packages through it (apt -y install openvas; gvm-setup; gvm-check-setup).

On this forum, it’s not possible to provide step-by-step guidance — it’s assumed that the basics are already understood. In the commercial version, you can use support services that offer hands-on help and detailed instructions.

edit: make sure that you are running Debian 12 fully updated before running the script.

Eero