All Products
Search
Document Center

Security Center:Troubleshoot issues that cause vulnerability fixing failures

最終更新日:Jan 03, 2024

If you fail to fix Linux software vulnerabilities or Windows system vulnerabilities in the Security Center console, you can troubleshoot the issues that cause the fixing failures based on error codes and error messages. After the issues are resolved, you can attempt to fix the vulnerabilities again. This topic describes how to troubleshoot issues that cause fixing failures of Linux software vulnerabilities and Windows system vulnerabilities in the Security Center console.

View the issues that cause vulnerability fixing failures

  1. Log on to the Security Center console. In the top navigation bar, select the region where the asset resides. You can select China or Outside China.

  2. In the left-side navigation pane, choose Risk Management > Vulnerabilities.

  3. On the Vulnerabilities page, click the number below Fixing. In the Fixing panel, view the list of vulnerabilities that are being fixed.

    The list displays all vulnerabilities that are in the Fixing, Handled (To Be Restarted), and Fix Failed states.

  4. Find a vulnerability that is in the Fix Failed state and click the image icon in the Status column. In the Cause dialog box, view the cause of the vulnerability fixing failure.

    You can handle the vulnerability fixing failure based on the error code and error message that are displayed in the dialog box. For more information about the causes and solutions to vulnerability fixing failures, see Causes and solutions to vulnerability fixing failures.

    d471036df397d9c4c55dee52fe9cc430

Causes and solutions to vulnerability fixing failures

Important
  • The following table describes the causes and solutions to fixing failures of only Linux software vulnerabilities and Windows system vulnerabilities.

  • The error messages that are provided in the following table are only part of the complete messages. You can view the complete messages in the Security Center console.

Error code: 116

Error message

download file failed

Cause

The patch that is required to fix a Windows system vulnerability failed to be downloaded.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 124

Windows modules installer service disable

Error message

Windows modules installer service disable

Cause

The Windows Modules Installer service is not enabled.

Solution

You must enable the Windows Modules Installer service in Windows Services Manager.

  1. Press Win+R to open the Run dialog box.

  2. In the Run dialog box, enter services.msc and click OK.

  3. Find the Windows Modules Installer service in the service list.

  4. Right-click the Windows Modules Installer service and click Start to enable the service.

Windows update service disable

Error message

Windows update service disable

Cause

The Windows Update service is not enabled.

Solution

You must enable the Windows Update service in Windows Services Manager.

  1. Press Win+R to open the Run dialog box.

  2. In the Run dialog box, enter services.msc, and click OK.

  3. Find the Windows Update service in the service list.

  4. Right-click the Windows Update service and click Start to enable the service.

Error code: 125

Error message

exit code:0x00000005

Cause

The fixing process is blocked by security software or infected by viruses, or the files that are required for the fix cannot be opened.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 127

Error message

exit code:0x00000005

Cause

If an ERROR_DISK_FULL error is reported when you install a Windows patch, the patch fails to be installed because the disk space is insufficient.

Solution

Release the disk space and then install the patch. The following list describes the methods that you can use to release the disk space:

  • Delete unnecessary files and programs.

    • Search for and delete the files and programs that you no longer require. You can use the Disk Cleanup tool that is provided by Windows or a third-party tool to delete unnecessary files, such as temporary files, junk files, and cached files.

    • Move files to an external hard disk or cloud storage. You can move large files, such as videos, audio files, and photos, to an external hard disk or cloud storage to release disk space.

  • Compress files.

    In some cases, you can compress files to release disk space.

  • Archive files.

    You can archive the files that you no longer require to an external storage device so that you can restore the files later.

Error code: 130

Error message

exit code:0x00000008

Cause

The memory is insufficient.

Solution

Check the memory usage and CPU utilization of your server. Make sure that your server has sufficient memory and CPU resources. Then, fix the vulnerability again.

Error code: 132

ErrorMessage

exit code:0x80240017

Cause

  • A patch is being installed on the server.

  • A patch is installed on the server. The patch requires you to restart the server after the patch is installed.

Solution

Check whether a patch is being installed on your server. If a patch is being installed, wait until the patch is installed and fix the vulnerability again. If no patch is being installed on your server, make sure that your business is not affected when you restart the server. Then, restart the server and fix the vulnerability again.

Error code: 133

Error message

xxx.exe is running

Cause

The installation of a patch is blocked by security software.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 134

Error message

exit code:0x00000476, (OK)

ERROR_TOO_MANY_LINKS

Cause

Excessive symbolic links exist in the file system. The error may affect the running of the file system. In addition, new Windows patches may fail to be installed.

Solution

  • Clear the disk space: You can delete unnecessary files and programs to clear the disk space.

  • Cancel symbolic links: Check the symbolic links and hard links in the file system, and cancel the excessive symbolic links and hard links.

  • Check the disk status: You can check the status of the disk and repair the disk to ensure that the file system runs as expected.

  • Disable the Windows Defender service: The Windows Defender service may interfere with the installation of Windows patches. You can disable the Windows Defender service and install the patches again.

Error code: 202

Error message

timeout

Cause

The installation of the patch that is required to fix a vulnerability times out.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 256

failure: repodata/repomd.xml from docker-ce-stable: [Errno 256] No more mirrors to try.

ErrorMessage

failure: repodata/repomd.xml from docker-ce-stable: [Errno 256] No more mirrors to try.

https://download.docker.com/linux/centos/2.1903/x86_64/stable/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found

Cause

The download source download.docker.com is invalid.

Solution

  1. Use a CLI to go to the /etc/yum.repos.d/ directory.

  2. Run the following command to find the invalid download source file.

    Note

    You must replace download.docker.com in the command with the source name that is provided in the error message.

    grep -r "download.docker.com"
  3. Modify the source file and set enabled to 0 to disable the source file.

  4. Fix the vulnerability again.

failure: repodata/repomd.xml from HDP-3.0-repo-1: [Errno 256] No more mirrors to try.

ErrorMessage

failure: repodata/repomd.xml from HDP-3.0-repo-1: [Errno 256] No more mirrors to try.

http://public-repo-1.hortonworks.com/HDP/centos7/3.x/updates/3.0.0.0/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden

Cause

The server cannot access the download source public-repo-1.hortonworks.com.

Solution

  1. Use a CLI to go to the /etc/yum.repos.d/ directory.

  2. Run the following command to find the invalid download source file.

    Note

    You must replace public-repo-1.hortonworks.com in the command with the source name in the error message.

    grep -r "public-repo-1.hortonworks.com" 
  3. Modify the source file and set enabled to 0 to disable the source file.

  4. Fix the vulnerability again.

There are unfinished transactions remaining

Error message

There are unfinished transactions remaining

Cause

The failure may be caused by issues that occur when you use Yellowdog Updater, Modified (YUM) to install software. For example, historical installation commands failed to complete and the installation stopped.

Solution

Run the following command on the server to resolve the remaining issues. Then, fix the vulnerability again.

yum-complete-transaction --cleanup-only

Error:rpmdb open failed

Error message

Error:rpmdb open failed

Cause

The rpm database may be opened by another process or the database file may be corrupted.

Solution

Run the following commands in sequence to rebuild the RPM database. Then, fix the vulnerability again.

cd /var/lib/rpm  // Go to the directory of the RPM database.
rm -f __db.*  // Delete the existing files of the RPM database.
rpm --rebuilddb // Rebuild the RPM database.
yum clean all // Clear all YUM caches.

Transaction Check Error

Error message

Transaction Check Error

Cause

A software package conflict occurs.

Solution

  1. View the execution information about YUM in the error message and find the software package that causes the conflict based on the following keyword: conflicts with file.

  2. Make sure that your business is not affected if the software package is deleted. Then, run the following command to delete the software package.

    yum remove [package_name]
  3. Fix the vulnerability again.

CRITICAL:yum.cli:Config error: Error accessing file for config file:///etc/yum.conf

Error message

CRITICAL:yum.cli:Config error: Error accessing file for config file:///etc/yum.conf.

Cause

The YUM configuration file is missing.

Solution

The error may occur because the YUM configuration file /etc/yum.conf does not exist. You can copy the configuration file from another server that runs the same type of operating system as your server. Then, fix the vulnerability again.

Error code: 300

Error message

rtap running error

Cause

The execution of the script for the Security Center agent fails because the execution is blocked by third-party security software.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 309

Error message

execute rtap task fail

Cause

The execution of the script for the Security Center agent fails because the execution is blocked by third-party security software.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 8005

Error message

/bin/rpm permit error

Cause

The tool or script used to fix a vulnerability does not have the required permissions to run the /bin/rpm command.

Solution

If excessively high permissions are required to run the /bin/rpm command, privilege escalation risks may rise. In most cases, you can set the permissions on the /bin/rpm file to 755 or 750. This ensures that only authorized users can perform related operations.

Error code: 8008

Error message

not support this system xxx

Cause

The current system does not support vulnerability fixing. The error may occur because you have changed the type of the operating system of your server after the vulnerability is detected on the server. As a result, the current operating system of your server is different from the operating system when the vulnerability was detected.

Solution

Ignore the vulnerability in the Security Center console or wait for the vulnerability to expire. For more information, see View and handle vulnerabilities.

Error code: 8009

Error message

update process is running

Cause

A fixing process is running.

Solution

A vulnerability fixing process is running. Try again later.

Error code: 8010

Error message

Insufficient space in download directory /var/cache/yum/x86_64/7/aegisbase

Cause

The disk space is insufficient.

Solution

Clear the disk space based on the path that is provided in the error message. Then, fix the vulnerability again.

Error code: 8012

Error message

dpkg was interrupted

Cause

Related data is damaged because dpkg (Debian Packager) is interrupted.

Solutions

Related data is damaged because dpkg is interrupted. The previous fixing process is forcefully stopped and junk data is generated. You must use the CLI to run the following command on your server to reconfigure the settings. For more information, see Fix dpkg interruptions.

dpkg --configure -a	

Error code: 8019

Error message

yum exception

Cause

An error occurs in running the yum command. This error may occur because the Python environment in which the yum command is run does not support the syntax of the yum file.

Solution

  1. Check whether the content of the file in the /usr/bin/yum directory contains syntax errors.

  2. Check whether the Python environment in which the yum command is run is correctly configured.

Error code: 8026

Error message

Multilib version problems found

Cause

The update fails because the package of an earlier version is protected.

Solution

If the vulnerability is a high-risk vulnerability, we recommend that you uninstall the package of the earlier version. If the vulnerability is not a high-risk vulnerability, you can ignore the vulnerability and do not perform the update operation.

Error code: 8027

Error message

A has missing requires of B

Cause

A required software package is missing.

Solution

  1. Identify the software package that is required to fix the vulnerability based on the error message. Example:

    1. A in the error message is the software package that is used for the update.

    2. B in the error message is the software package that is required for the preceding software package.

  2. Use the CLI on your server to run the following command to install the software.

    Note

    Before you run the following command, replace xxx with the name of the software package that you want to use.

    yum update xxx --disableexcludes=all --disablerepo="*" --enablerepo="aegisbase,aegisupdates,aegisextras" --obsoletes 
  3. Fix the vulnerability again.

Error code: 8032

Error message

run virtio fix process failed

Cause

The program that is used to fix an ECS disk drive vulnerability fails to start.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 8033

Error message

yum plugins protectbase enable

Cause

The ProtectBase plug-in of YUM blocked the update.

Solution

Disable the ProtectBase plug-in on your server and fix the vulnerability again. Perform the following steps to disable the plug-in:

  1. Open the configuration file /etc/yum/pluginconf.d/protectbase.conf of ProtectBase.

  2. Change enabled = 1 to enabled = 0.

Error code: 8037

Error message

[Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"

Cause

The mirrors.cloud.aliyuncs.com domain name cannot be accessed.

Solution

  1. Check whether the network connection between your server and the mirrors.cloud.aliyuncs.com domain name is normal, and whether the traffic between your server and the domain name is blocked by a security group or a firewall.

  2. If your server is connected to the Internet, replace mirrors.cloud.aliyuncs.com in the enabled source file with mirrors.aliyun.com in the /etc/yum.repos.d/ path.

  3. Fix the vulnerability again.

Error code: 8040

Error message

miss kernel grub file

Cause

The kernel boot file is missing.

Solution

Rebuild the kernel boot file.

If your server runs CentOS 7, run the following command in the CLI on your server. After the file is rebuilt, fix the vulnerability again.

grub2-mkconfig -o /boot/grub2/grub.cfg

Error code: 8041

Error message

redhat not subscription

Cause

No Red Hat account is created.

Solution

Go to the Red Hat official website, create a Red Hat account, and then purchase a subscription service.

Important

You must purchase a separate subscription service for each Red Hat system. If you want to register and manage a large number of systems, you can use a Red Hat Satellite Server instance to manage the systems in a centralized manner.

Error code: 8080

ErrorMessage

sh xxx killed

Cause

The yum process is terminated due to an out of memory (OOM) error.

Solution

You must release the memory space and fix the vulnerability again.

Error code: 8081

Error message

blacklist process xxx is running

Cause

A blacklist process that locks the kernel configuration file is running.

Solution

Stop the blacklist process and fix the vulnerability again.

Error code: 8082

Error message

redhat source has expired

Cause

The required Red Hat software repository expires or is not configured.

Solution

We recommend that you use another software repository.

Error code: 8083

Error message

redhat has no available source

Cause

The required Red Hat software repository expires or is not configured.

Solution

We recommend that you use another software repository. You can go to the Alibaba open source image site to obtain a software repository.

Error code: 8084

Error message

Some index files failed to download

Cause

The download source cannot be accessed, which leads to the failure of updating the software package information.

Solution

Check whether security groups or firewalls are configured to deny access to the download source.

Error code: 8085

Error message

alinux source not found

Cause

An Alibaba Cloud Linux software repository is inappropriately configured for the Alibaba Cloud Linux operating system.

Solution

Configure a new Alibaba Cloud Linux software repository. You can go to the Alibaba Cloud open source image site to obtain an Alibaba Cloud Linux software repository.

Error code: 8089

Error message

xxx newest available version versionA less than versionB to be updated

example: ppp newest available version 2.4.5-34.el7_7 less than 2.4.5-35.el7_7 to be updated

Cause

The latest available version of the software package that can be obtained from the current source to update the xxx package is earlier than the version that is required for the vulnerability fix.

Solution

Check whether the current source is appropriately configured and whether it is the latest version of source.

Error code: 8091

Error message

qboot kernel

Cause

The patch update for the kernel that is booted by using QEMU fails.

Solution

You must submit a ticket to the ECS team to resolve the issue.

Error code: 8092

Error message

package not available on the current system

Cause

The current system does not support the package that is required for vulnerability fixing.

Solution

Ignore the vulnerability in the Security Center console or wait for the vulnerability to expire. For more information, see View and handle vulnerabilities.

Error code: 8093

Error message

no space left for creating initramfs

Cause

The size of the /boot directory is insufficient space to install the new kernel.

Solution

Delete the files related to kernels of earlier versions from the /boot directory, install the new kernel, and then fix the vulnerability again.

Error code: 8094

Error message

Skipping linux-image-generic, it is not installed and only upgrades are requested.

Cause

The kernel of the required signed kernel image failed to be updated.

Solution

Ignore the vulnerability in the Security Center console or wait for the vulnerability to expire. For more information, see View and handle vulnerabilities.

Error code: 8095

Error message

vmlinuz or initramfs not exists

Cause

No vmlinuz or initramfs files are generated during the kernel update.

Solution

Uninstall and reinstall the kernel package.

Error code: 8096

Error message

installed kernel not available in grub file

Cause

The grub file is incorrectly configured during the kernel update.

Solution

Uninstall and reinstall the kernel package. You can also use the grubby command to add the grub file as a startup item.

Error code: 9002

Error message

timeout

Cause

The fixing operation timed out. This may be caused by network jitters or the server environment.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 9003

xxx is already the newest version

Error message

xxx is already the newest version

Cause

The command is successfully run, and your system is updated to the latest version. However, the vulnerability is not fixed.

Solution

If you changed the source, set the source to the Alibaba Cloud source mirrors.cloud.aliyuncs.com or mirrors.aliyun.com. Then, fix the vulnerability again. If the issue persists, submit a ticket to contact the technical support.

Invalid configuration value: failovermethod =priority in /etc/yum.repos.d/CentOS-Linux-epel.repo

Error message

Invalid configuration value: failovermethod =priority in /etc/yum.repos.d/CentOS-Linux-epel.repo

Cause

An error occurs in the configuration items of YUM.

Solution

Check the download source configurations of the current system. Move the source file /etc/yum.repos.d/CentOS-Linux-epel.repo that contains the configuration error to a different directory for backup. Then, fix the vulnerability again.

Finished Dependency Resolution

Error message

Finished Dependency Resolution

Cause

YUM exits immediately after the dependency analysis is complete. This may be caused by software package conflicts. If you are upgrading MariaDB, this error may occur because MySQL was installed on your server and port conflicts exist.

Solution

  1. Run the following command in the CLI on your server to check whether port 3306 is occupied by MySQL:

    netstat -anltp
  2. Make sure that your business is not affected if MySQL is disabled. Then, run the following command to disable MySQL:

    systemctl stop mysqld
  3. Run the following command to view the installed MySQL package:

    yum list mysql*
  4. Run the following command to remove the MySQL package:

    yum remove [package_name]
  5. Run the following command to reinstall MariaDB:

    yum install -y mariadb-server

Error code: 9007

Error message

ack timeout

Cause

The upgrade of the software package times out, which may be caused by network jitters or the environment of your server.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 9008

Error message

rpm collect timeout

Cause

The collection of the data of a software package times out, which may be caused by network jitters or the server environment.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 60001

Error message

start vulfix:[Error 2] The system cannot find the file specified

Cause

The fixing process is blocked by security software and failed to be started.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

References