After you install the Security Center agent on your server, you can check the protection status of the server in the Security Center console. If the server is not protected, the Security Center agent is offline. This topic describes how to troubleshoot why the Security Center agent is offline.

Prerequisites

You have logged on to your server.

Procedure

  1. Log on to your server to check whether the processes related to the Security Center agent are running as expected. The related processes include AliYunDun and AliYunDunUpdate.
    Note If the processes cannot run as expected, we recommend that you restart your server or reinstall the Security Center agent. For more information about how to install the Security Center agent, see Install the Security Center agent.
    • Windows operating systems

      Open Task Manager and check whether the related processes are running as expected.

      Windows
    • Linux operating systems

      Run the ps aux | grep AliYunDun command to check whether the related processes are running as expected.

      linux
  2. After you install the Security Center agent on your server for the first time, if the protection status of the server is still Unprotected, perform the following operations to restart the Security Center agent.
    • For Linux operating systems, run the following commands: 
      killall AliYunDun 
killall AliYunDunUpdate
/usr/local/aegis/aegis_client/aegis_10_xx/AliYunDun
      Note In the third command, replace xx with the greatest number among the numbers at the end of file names in the aegis_10_xx format. The greatest number indicates the latest version of the Security Center agent. You can view the files named in the aegis_10_xx format in the /usr/local/aegis/aegis_client directory. For example, if the directory contains aegis_10_70, aegis_10_73, and aegis_10_75, replace xx in the command with 75.
    • For Windows operating systems, find Alibaba Security Aegis Detect Service and Alibaba Security Aegis Update Service in the service list. Right-click the services and choose Restart.Restart services
  3. Check whether the network connection on your server is functioning. After you Ping the following IP addresses on your server, if the IP address of your server is returned, the network connection is functioning.
    • If the server has a public IP address, for example, a classic network IP address, an Elastic IP address, or an external server IP address.
      • For Windows operating systems, run the ping jsrv.aegis.aliyun.com -l 1000 command.
      • For Linux operating systems, run the ping jsrv.aegis.aliyun.com -s 1000 command.
    • If the server does not have a public IP address. For example, the server is deployed in a Virtual Private Cloud (VPC) network or Alibaba Finance Cloud.
      • For Windows operating systems, run the ping jsrv3.aegis.aliyun.com -l 1000 command.
      • For Linux operating systems, run the ping jsrv3.aegis.aliyun.com -s 1000 command.
  4. If the ping command fails to work, follow these steps:
    1. Make sure that the DNS service is running as expected on your server. If the DNS service is not running, restart your server or check whether a DNS service error has occurred.
    2. Check whether access control rules of Cloud Firewall or security group rules of Alibaba Cloud are configured for your server. If so, make sure that an outbound policy is created to allow the IP address of the Security Center server to access external networks. You do not need to create an inbound policy. For more information about security group rules, see Create a security group. For more information about Cloud Firewall, see Outbound and inbound traffic control on the Internet firewall.
      Note Add port 80 and port 443 of the following CIDR blocks to the whitelist:
      • 100.100.25.0/24
      • 106.11.68.0/24
      • 106.11.248.0/24
      • 110.173.196.0/24
      • 140.205.140.0/24
    3. Check whether the Internet bandwidth of your server is zero. If so, follow these steps:
      1. Add the following DNS records to the hosts file on your server:
        Region Record
        Classic networks in China 100.100.110.61 jsrv.aegis.aliyun.com
        100.100.45.131 jsrv.aegis.aliyun.com
        100.100.110.62 update.aegis.aliyun.com
        100.100.45.29 update.aegis.aliyun.com
        Classic network outside China 100.100.103.52 jsrv.aegis.aliyun.com
        100.100.30.54 jsrv.aegis.aliyun.com
        100.100.30.55 update.aegis.aliyun.com
        100.100.103.54 update.aegis.aliyun.com
      2. After you modify the hosts file, run the ping jsrv.aegis.aliyun.com command.
        Note If 100.100.25.3 is not returned, restart your server or check whether a DNS service error has occurred.
      3. If the ping command does not return the correct IP address, find the conf folder under the installation directory of the Security Center agent. Then, respectively change the values of t_srv_domain and h_srv_domain in the network_config file to 100.100.25.3 and 100.100.25.4. After you modify the file, restart the Security Center agent process.
        Note Back up the network_config file before you modify it.

        This method works only if the Internet bandwidth of the server is zero and the protection status of the Security Center is Unprotected.

    4. If the ping command returns the correct IP address, run a telnet command to connect to the IP address through port 80. For example, run the telnet 140.205.140.205 80 command. If the connection fails, check whether any relevant Cloud Firewall rule exists.
  5. Check whether the CPU or memory usage rate has been high, for example, 95% or 100%, for a long time. High CPU or memory usage rate may prevent the Security Center agent from running as expected.
  6. Check whether third-party security software such as SafeDog is installed on your server. Third-party security software may prevent the Security Center agent from accessing networks.

    If third-party security software is installed on your server, we recommend that you disable the software and reinstall the Security Center agent.