If the status of the anti-ransomware agent or backup tasks is abnormal, Security Center cannot protect your important files or data. To prevent data loss or encryption caused by ransomware attacks, we recommend that you troubleshoot the issues that cause the abnormal status at the earliest opportunity. After you create an anti-ransomware policy for your server, the anti-ransomware agent on the server and backup tasks may be in an abnormal state. This topic describes how to troubleshoot the issues that cause the abnormal status.
Prerequisites
An anti-ransomware policy is applied to your server. For more information, see Create an anti-ransomware policy.
Troubleshoot the issues that cause the abnormal status of the anti-ransomware agent
View the causes of the abnormal status of the anti-ransomware agent
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to protect. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Anti-ransomware for Servers tab, view the servers on which the anti-ransomware agent is in an abnormal state.
Find an anti-ransomware policy and click the icon next to the policy name to view all servers to which the policy is applied.
Find a server on which the anti-ransomware agent is in an abnormal state and click the icon to view the causes of the status.
Troubleshoot the issues that cause the abnormal status based on the information in the Details message.
Causes of the abnormal status for the anti-ransomware agent and solutions
If the error code that is returned is not included in the following table, you must collect the logs of the anti-ransomware agent and submit a ticket to contact technical support. The following list describes the logs that must be collected:
Installation logs of the anti-ransomware agent
Windows servers:
C:\Program Files (x86)\Alibaba\Aegis\PythonLoader\data\hbr.log
Linux servers:
/usr/local/aegis/PythonLoader/data/hbr.log
Backup logs of the anti-ransomware agent
V1.0 anti-ransomware agent
Windows servers:
C:\Program File (x86)\Alibaba\Aegis\hbr\logs
Linux servers:
/usr/local/aegis/hbr/logs
V2.0 anti-ransomware agent
Windows servers:
C:\Program File (x86)\Alibaba\Aegis\hbrClient\logs
CoreOS servers:
/opt/aegis/hbrClient/logs
Linux servers:
/usr/local/aegis/hbrClient/logs
Error code | Information in the Details message | Cause | Solution |
CLOUD_ASSIST_NOT_RUN | Cloud assistant Not started | Cloud Assistant is not started. | Log on to the Elastic Compute Service (ECS) console and check whether Cloud Assistant runs as expected. For more information, see O&M and monitoring FAQ. |
RoleNotExist | Your Alibaba Cloud account is not authorized. | Your Alibaba Cloud account does not have the required permissions. | Log on to the Security Center console by using your Alibaba Cloud account or a Resource Access Management (RAM) user to which the AliyunRAMFullAccess policy is attached. On the Anti-ransomware page, click the Anti-ransomware for Servers tab. On this tab, click Authorize Now and assign the AliyunServiceRoleForHbrEcsBackup and AliyunServiceRoleForSas roles to the account that you use. |
CLIENT_CONNECTION_ERROR | The client connection is abnormal. Check the ECS instance network and try again. | The network connection fails. | Perform the following operations to troubleshoot network connection issues:
|
ECS_ROLE_POLICY_NOT_EXIST | ECS role does not have AliyunECSAccessingHBRRolePolicy | The AliyunECSAccessingHBRRolePolicy policy is not attached to the RAM role that your ECS instance assumes, which causes the failure to install the anti-ransomware agent. | Perform the following operations to troubleshoot policy issues and then reinstall the anti-ransomware agent:
Important After you attach the AliyunECSAccessingHBRRolePolicy policy to the RAM role that your ECS instance assumes, the anti-ransomware agent is not automatically installed on the ECS instance. |
CHECK_ACTIVATION_COMMAND_TIMEOUT | The activation command times out. | The installation of the anti-ransomware agent times out. | Perform the following operations to reinstall the anti-ransomware agent:
|
ECS_STOPPED | The ECS instance is not started. | The anti-ransomware agent fails to be installed because the ECS instance is not started. | Perform the following operations to start the ECS instance and then reinstall the anti-ransomware agent:
|
UNINSTALL_FAILED | Failed to uninstall client | The anti-ransomware agent fails to be uninstalled because the execution of the Cloud Assistant command times out. | Perform the following operations to reinstall the anti-ransomware agent:
|
INSTALL_FAILED | Installation failed | The anti-ransomware agent fails to be installed because the execution of the Cloud Assistant command times out. | Perform the following operations to reinstall the anti-ransomware agent:
|
AGENT_NOT_RUN_AFTER_INSTALLATION | Post-installation services not started | After you install the anti-ransomware agent, the agent is not started because some registry entries of the agent that you previously uninstall are retained. | Perform the following operations to clear the registry entries and reinstall the agent:
|
FAILED_TO_DOWNLOAD_INSTALLER | Failed to download the installation package | The installation package of the anti-ransomware agent fails to be downloaded because the network connection fails. | Perform the following operations to troubleshoot network connection issues:
|
PRECHECK_COMMAND_FAILED | Preflight command failed | The execution of the Cloud Assistant command times out. | Perform the following operations to reinstall the anti-ransomware agent:
|
INSTALL_COMMAND_TIMEOUT | Install Command timeout | The anti-ransomware agent fails to be installed because the installation command times out. | Perform the following operations to reinstall the anti-ransomware agent:
|
ServiceUnavailable | ServiceUnavailable | Your Alibaba Cloud account does not have the required permissions, or the queries per second (QPS) exceeds the upper limit. |
|
CONFLICT_WITH_EXISTING_AGENT | Conflict with existing client | The anti-ransomware agent fails to be installed because the agent is already installed. | Perform the following operations to reinstall the anti-ransomware agent:
|
ACTIVATE_COMMAND_FAILED | An error occurs on the agent. You can reinstall the agent to restore normal service operations. If the issue persists, submit a ticket for consultation and start a live chat for support. | An error occurs on the anti-ransomware agent. | Perform the following operations to reinstall the anti-ransomware agent:
|
CHECK_RUNNING_COMMAND_FAILED | Check service startup command failed | A service error occurs. | Perform the following operations to reinstall the anti-ransomware agent:
|
INSTALL_COMMAND_FAILED | Installation Command failed | The installation of the anti-ransomware agent is blocked by the security software installed on the server. |
|
Troubleshoot the issues that cause the abnormal status of backup tasks
View the causes of the abnormal status of backup tasks
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
In the upper-right corner of the Anti-ransomware page, click Backup Tasks.
In the Backup Tasks panel, click Server Backup Task tab, select Failed from the Status drop-down list, and click .
Find a backup task and click the icon in the Status column to view the causes of failure.
Troubleshoot the issues that cause the abnormal status based on the information in the Error Details message.
Causes of the abnormal status for backup tasks and solutions
Error code | Information in the Details message | Cause | Solution |
EXPIRED | The backup task timed out |
|
|
SOURCE_NOT_EXIST | Backup source path does not exist | The backup directory that you specified in the anti-ransomware policy does not exist. | Specify another backup directory in the anti-ransomware policy. |
OPEN_VAULT_FAILED | Failed to open backup Library |
|
|
INTERNAL_ERROR | An internal error occurred. | An internal error occurred in the backup feature. In most cases, the error occurs in V1.0 anti-ransomware policies. | On the Anti-ransomware page, find the required V1.0 anti-ransomware policy and click Upgrade in the Actions column to upgrade the policy version to V2.0. If the issue persists, collect logs of the anti-ransomware agent and submit a ticket to contact technical support. |
InternalError | |||
killed | The backup process is terminated by the system | In most cases, the system forcefully terminates the process if the CPU utilization or memory usage is excessively high. As a result, the backup fails. | Log on to the ECS console. On the Monitoring tab of the instance details page, view the CPU utilization or memory usage during the backup period. If the backup process consumes a large amount of resources, limit the resources that can be occupied by the backup process. For more information, see How do I resolve OOM issues on a Cloud Backup client? |
CreateSnapshotFailed | Failed to create a backup snapshot when the backup is about to end | If a backup snapshot failed to be created when the backup is about to end, OSS cannot be accessed at this point in time. | You can submit a ticket to contact technical support. |
CONNECT_TO_VAULT_FAILED | Failed to access the backup vault | Access to OSS failed during backups. | Check network settings. In the ECS log named hbrclient.log, find the endpoint of OSS. The endpoint is in the |
AppError: ErrorCode=TooManyConcurrentJobs, ErrorMessage=TooManyConcurrentJobs | A large number of backup tasks are running, and new backup tasks cannot be run | A large amount of data needs to be backed up, or a subsequent backup task is run when the previous backup task is not complete due to the slow backup speed. | Perform the following operations in turn:
If the issue persists, submit a ticket to contact technical support. |
EcsStopped | The ECS instance is not started. | The ECS instance is stopped. | Check the status of the ECS instance and whether the ECS instance is stopped due to overdue payments. |
EcsReleased | The ECS instance is released | The ECS instance is released. | None. |
ClientDisconnectedAegisClientNotOnline | The Security Center agent and the anti-ransomware agent are offline | The Security Center agent and the anti-ransomware agent are offline. |
|
ClientDisconnected | The anti-ransomware agent is offline | The anti-ransomware agent is offline. |
|
OOM | The memory usage is high | If a large amount of file data is stored in the backup directory, the memory usage is high. If the memory usage exceeds the upper limit, the system forcefully terminates the backup process, and the backup fails. | For more information, see OOM error occurs. |
JOB_CANCELED | The backup task is automatically disabled | The backup task is disabled because the anti-ransomware policy that is applied to the server is disabled or the anti-ransomware capacity is exhausted. | Check whether the anti-ransomware policy is disabled. If the anti-ransomware policy is enabled, check whether the anti-ransomware capacity is exhausted. You can view the used capacity and total capacity on the Anti-ransomware page. |
FILE_CACHE_NO_SPACE | The space used to store the file cache is insufficient | The space of the disk on which the file cache is located is less than 1 GB, which is the default threshold. | Resize the disk or change the directory of the file cache. For more information, see Use the cache feature to accelerate data backup. |
ApplicationFileNotExist | The files related to the anti-ransomware agent are missing | The files related to the anti-ransomware agent are missing due to accidental deletion by third-party security software or users. | Add the process of the anti-ransomware agent to the whitelist of the third-party security software on your server and then reinstall the agent. |
0xC0000142 | The backup process on the Windows operating system fails to initialize |
| Add the process of the anti-ransomware agent to the whitelist of the third-party security software on your server and then reinstall the agent. |
3221225794 | |||
1 | The backup process is exceptionally terminated (If the backup process named ids is exceptionally terminated and the exception is not handled or recorded, the system reports an error. The error code is 1 or 2.) | In scenarios when the V1.0 anti-ransomware agent is installed, the error code 1 or 2 indicates that the error is not recorded or handled . | Perform the following operations to install the V2.0 anti-ransomware agent:
If the issue persists, submit a ticket to contact technical support. |
2 |