If you applied a protection policy to your server and the status of the anti-ransomware agent is abnormal in the Security Center console, you can troubleshoot the issues that cause the abnormal status of the agent. This topic describes how to troubleshoot the issues.

Prerequisites

A protection policy is applied to your server. For more information, see Create a protection policy.

Background information

If the status of the anti-ransomware agent is abnormal, the agent cannot back up the data on your server or protect your server. We recommend that you troubleshoot the issues that cause the abnormal status of the agent at the earliest opportunity.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Anti-ransomware.
  3. On the General Anti-ransomware Solutions page, view the servers on which the anti-ransomware agent is in the abnormal status.
    Find a protection policy and click the Add icon icon next to the policy name to view all servers to which the policy is applied.
  4. Find a server on which the anti-ransomware agent is in the abnormal status and click the Error message icon to view the causes of the status. Details
  5. Troubleshoot the issues that cause the abnormal status based on the information in the Details message.
    For more information about the causes of the abnormal status and the solutions, see Causes of the abnormal status for the anti-ransomware agent.

Causes of the abnormal status for the anti-ransomware agent

Status Information in the Details message Cause Solution
Installation failed Cloud assistant is not started. Cloud Assistant is not started, which causes a failure to install the anti-ransomware agent. Perform the following operations to troubleshoot the issues that are related to Cloud Assistant:
  1. Log on to the ECS console.
  2. Check whether Cloud Assistant is started. For more information, see Cloud Assistant troubleshooting FAQ.
  3. Optional. After Cloud Assistant is started, reinstall the anti-ransomware agent. For more information, see Related operations.
Your Alibaba Cloud account is not authorized. Your Alibaba Cloud account does not have the required permissions. Log on to the Security Center console by using your Alibaba Cloud account. On the General Anti-ransomware Solutions page, click Authorize Now to assign the AliyunHBRDefaultRole and AliyunECSAccessingHBRRole roles to your account.
Errors occur in the agent connection. The network connection fails. Perform the following operations to troubleshoot network connection issues:
  1. Log on to your Elastic Compute Service (ECS) instance, run the ping or telnet command to test the connectivity between the ECS instance and the anti-ransomware endpoint, and then check whether firewall policies are configured for the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware endpoints.
  2. After you troubleshoot network connection issues, reinstall the anti-ransomware agent. For more information, see Related operations.
The AliyunECSAccessingHBRRolePolicy policy is not attached to the Resource Access Management (RAM) role that your ECS instance assumes. The AliyunECSAccessingHBRRolePolicy policy is not attached to the RAM role that your ECS instance assumes, which causes the failure to install the anti-ransomware agent. Attach the AliyunECSAccessingHBRRolePolicy policy to the RAM role. For more information, see What can I do if the error message "The strategy of AliyunECSAccessingHBRRolePolicy is missing on EcsRamRole. Please refer to the FAQ for authorization" appears when I install the HBR backup client on an ECS instance?.
The activation command times out. The installation of the anti-ransomware agent times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the General Anti-ransomware Solutions page, uninstall the anti-ransomware agent. For more information, see Related operations.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent. For more information, see Related operations.
The ECS instance is stopped. The ECS instance is stopped. Perform the following operations to start the ECS instance and then reinstall the anti-ransomware agent:
  1. Log on to the ECS console. Start the ECS instance that is stopped. For more information, see Start an instance.
  2. Reinstall the anti-ransomware agent. For more information, see Related operations.
The anti-ransomware agent fails to be uninstalled. The execution of the Cloud Assistant command times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the General Anti-ransomware Solutions page, find a protection policy that is applied to specific servers, select the server from which the anti-ransomware agent fails to be uninstalled, and then click Delete in the Actions column.
  2. Wait until the agent is uninstalled. Approximately 2 minutes is required to uninstall the anti-ransomware agent.
  3. Apply the protection policy to the server. For more information, see Edit a protection policy.
  4. Reinstall the anti-ransomware agent. For more information, see Related operations.
The anti-ransomware agent fails to be installed. The execution of the Cloud Assistant command times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the General Anti-ransomware Solutions page, uninstall the anti-ransomware agent. For more information, see Related operations.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent. For more information, see Related operations.
After you install the anti-ransomware agent, the agent is not started. After you install the anti-ransomware agent, the agent is not started because some registry entries of the agent that you previously uninstall are retained. Perform the following operations to clear the registry entries and reinstall the agent:
  1. Log on to the Security Center console. On the General Anti-ransomware Solutions page, uninstall the anti-ransomware agent. For more information, see Related operations.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Clear the following registry entries:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hybridbackup
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrupdater
  3. Reinstall the anti-ransomware agent. For more information, see Related operations.
The installation package of the anti-ransomware agent failed to be downloaded. The network connection fails. Perform the following operations to troubleshoot network connection issues:
  1. Log on to your Elastic Compute Service (ECS) instance, run the ping or telnet command to test the connectivity between the ECS instance and the anti-ransomware endpoint, and then check whether firewall policies are configured for the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware endpoints.
  2. After you troubleshoot network connection issues, reinstall the anti-ransomware agent. For more information, see Related operations.
The precheck command failed to be run. The execution of the Cloud Assistant command times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the General Anti-ransomware Solutions page, uninstall the anti-ransomware agent. For more information, see Related operations.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent. For more information, see Related operations.
The following table describes the anti-ransomware endpoints in different regions.
Region Public endpoint ECS internal endpoint
China (Hangzhou) https://hbr.cn-hangzhou.aliyuncs.com https://hbr-vpc.cn-hangzhou.aliyuncs.com
China (Shanghai) https://hbr.cn-shanghai.aliyuncs.com https://hbr-vpc.cn-shanghai.aliyuncs.com
China (Qingdao) https://hbr.cn-qingdao.aliyuncs.com https://hbr-vpc.cn-qingdao.aliyuncs.com
China (Beijing) https://hbr.cn-beijing.aliyuncs.com https://hbr-vpc.cn-beijing.aliyuncs.com
China (Zhangjiakou) https://hbr.cn-zhangjiakou.aliyuncs.com https://hbr-vpc.cn-zhangjiakou.aliyuncs.com
China (Hohhot) https://hbr.cn-huhehaote.aliyuncs.com https://hbr-vpc.cn-huhehaote.aliyuncs.com
China (Shenzhen) https://hbr.cn-shenzhen.aliyuncs.com https://hbr-vpc.cn-shenzhen.aliyuncs.com
China (Chengdu) https://hbr.cn-chengdu.aliyuncs.com https://hbr-vpc.cn-chengdu.aliyuncs.com
China (Hong Kong) https://hbr.cn-hongkong.aliyuncs.com https://hbr-vpc.cn-hongkong.aliyuncs.com
Singapore (Singapore) https://hbr.ap-southeast-1.aliyuncs.com https://hbr-internal.ap-southeast-1.aliyuncs.com
Australia (Sydney) https://hbr.ap-southeast-2.aliyuncs.com https://hbr-vpc.ap-southeast-2.aliyuncs.com
Malaysia (Kuala Lumpur) https://hbr.ap-southeast-3.aliyuncs.com https://hbr.ap-southeast-3.aliyuncs.com
Indonesia (Jakarta) https://hbr.ap-southeast-5.aliyuncs.com https://hbr-vpc.ap-southeast-5.aliyuncs.com
Japan (Tokyo) https://hbr.ap-northeast-1.aliyuncs.com https://hbr.ap-northeast-1.aliyuncs.com
Germany (Frankfurt) https://hbr.eu-central-1.aliyuncs.com https://hbr.eu-central-1.aliyuncs.com
US (Silicon Valley) https://hbr.us-west-1.aliyuncs.com https://hbr.us-west-1.aliyuncs.com
China East 2 Finance https://hbr.cn-shanghai-finance-1.aliyuncs.com https://hbr-vpc.cn-shanghai-finance-1.aliyuncs.com