If you applied an anti-ransomware policy to your server and the status of the anti-ransomware agent is abnormal in the Security Center console, you can troubleshoot the issues that cause the abnormal status of the agent. This topic describes how to troubleshoot the issues.

Background information

If the status of the anti-ransomware agent is abnormal, the agent cannot back up the data on your server or protect your server. We recommend that you troubleshoot the issues that cause the abnormal status of the agent at the earliest opportunity.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Defense > Anti-ransomware.
  3. On the Server extortion virus protection tab, view the servers on which the anti-ransomware agent is in an abnormal state.
    Find an anti-ransomware policy and click the Show icon next to the policy name to view all servers to which the policy is applied. View the servers to which an anti-ransomware policy is applied
  4. Find a server on which the anti-ransomware agent is in an abnormal state and click the Error message icon to view the causes of the status. Cause
  5. Troubleshoot the issues that cause the abnormal status based on the information in the Details message.
    For more information about the causes of the abnormal status for the anti-ransomware agent and how to troubleshoot the issues, see Causes of the abnormal status for the anti-ransomware agent and solutions.

Causes of the abnormal status for the anti-ransomware agent and solutions

Error code Information in the Details message Cause Solution
CLOUD_ASSIST_NOT_RUN Cloud assistant Not started Cloud Assistant is not started. Perform the following operations to troubleshoot the issues that are related to Cloud Assistant:
  1. Log on to the ECS console.
  2. Check whether Cloud Assistant is started. For more information, see Cloud Assistant troubleshooting FAQ.
RoleNotExist Your Alibaba Cloud account is not authorized. Your Alibaba Cloud account does not have the required permissions. Log on to the Security Center console by using your Alibaba Cloud account. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, assign the AliyunHBRDefaultRole and AliyunECSAccessingHBRRole roles to your account.
CLIENT_CONNECTION_ERROR The client connection is abnormal. Check the ECS instance network and try again. The network connection fails. Perform the following operations to troubleshoot network connection issues:
  1. Log on to your ECS instance, run the ping or telnet command to test the connectivity between the ECS instance and the anti-ransomware endpoint, and then check whether firewall policies are configured for the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware endpoints.
  2. After you troubleshoot network connection issues, reinstall the anti-ransomware agent.
ECS_ROLE_POLICY_NOT_EXIST ecs role does not have AliyunECSAccessingHBRRolePolicy The AliyunECSAccessingHBRRolePolicy policy is not attached to the RAM role that your ECS instance assumes, which causes the failure to install the anti-ransomware agent. Perform the following operations to troubleshoot issues:
  1. Attach the AliyunECSAccessingHBRRolePolicy policy to the RAM role that your ECS instance assumes. For more information, see What can I do if the error message "The strategy of AliyunECSAccessingHBRRolePolicy is missing on EcsRamRole. Please refer to the FAQ for authorization" appears when I install the HBR backup client on an ECS instance?.
  2. Reinstall the anti-ransomware agent.
Notice After you attach the AliyunECSAccessingHBRRolePolicy policy to the RAM role that your ECS instance assumes, the anti-ransomware agent is not automatically installed on the ECS instance. You can log on to the Security Center console, go to the Anti-blackmail page, and manually install the anti-ransomware agent.
CHECK_ACTIVATION_COMMAND_TIMEOUT The activation command times out. The installation of the anti-ransomware agent times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent.
ECS_STOPPED The ECS instance is not started. The anti-ransomware agent fails to be installed because the ECS instance is not started. Perform the following operations to start the ECS instance and then reinstall the anti-ransomware agent:
  1. Log on to the ECS console. Start the ECS instance that is stopped. For more information, see Start an instance.
  2. Reinstall the anti-ransomware agent.
UNINSTALL_FAILED Failed to uninstall client The anti-ransomware agent fails to be uninstalled because the execution of the Cloud Assistant command times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, find an anti-ransomware policy that is applied to specific servers, select the server from which the anti-ransomware agent fails to be uninstalled, and then click Delete in the Actions column.
    Note Approximately 2 minutes is required to remove the server from the anti-ransomware policy. Wait until the server is removed.
  2. Apply the anti-ransomware policy to the server. For more information, see Edit an anti-ransomware policy.
  3. Reinstall the anti-ransomware agent.
INSTALL_FAILED Installation failed The anti-ransomware agent fails to be installed because the execution of the Cloud Assistant command times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent.
AGENT_NOT_RUN_AFTER_INSTALLATION Post-installation services not started After you install the anti-ransomware agent, the agent is not started because some registry entries of the agent that you previously uninstall are retained. Perform the following operations to clear the registry entries and reinstall the agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Clear the following registry entries based on the version of the anti-ransomware agent that is installed based on anti-ransomware policies:
    • The registry entries of the V1.X.X anti-ransomware agent
      # The V1.X.X anti-ransomware agent
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hybridbackup
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrupdater
    • The registry entries of the V2.X.X anti-ransomware agent
      # The V2.X.X anti-ransomware agent
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrclient
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrclientupdater
      HKEY_LOCAL_MACHINE\SOFTWARE\Alibaba, Inc.\Aliyun Hybrid Backup Service Client
      # 64-bit
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1F066FC-D85C-46F8-9ED7-88A4385AF9A6}}_is1
      # 32-bit
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A3FBAB2-A9B0-4F3B-951A-ABC72D58BA6D}}_is1
  3. Reinstall the anti-ransomware agent.
FAILED_TO_DOWNLOAD_INSTALLER Failed to download the installation package The installation package of the anti-ransomware agent fails to be downloaded because the network connection fails. Perform the following operations to troubleshoot network connection issues:
  1. Log on to your ECS instance, run the ping or telnet command to test the connectivity between the ECS instance and the anti-ransomware endpoint, and then check whether firewall policies are configured for the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware endpoints.
  2. After you troubleshoot network connection issues, reinstall the anti-ransomware agent.
PRECHECK_COMMAND_FAILED Preflight command failed The execution of the Cloud Assistant command times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent.
INSTALL_COMMAND_TIMEOUT Install Command timeout The anti-ransomware agent fails to be installed because the installation command times out. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent.
ServiceUnavailable ServiceUnavailable Your Alibaba Cloud account does not have the required permissions, or the QPS exceeds the upper limit.
  • Log on to the Security Center console by using your Alibaba Cloud account. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, click Authorize Now to assign the AliyunHBRDefaultRole and AliyunECSAccessingHBRRole roles to your Alibaba Cloud account.
  • If you want to increase the QPS limit, submit a ticket.
CONFLICT_WITH_EXISTING_AGENT Conflict with existing client The anti-ransomware agent fails to be installed because the agent is installed. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent.
ACTIVATE_COMMAND_FAILED An error occurs on the client. You need to reinstall the client to restore normal service operation. If the failure persists, submit a ticket for consultation. Alibaba technical experts will help you troubleshoot the issue. An error occurs on the anti-ransomware agent. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent.
  3. If the anti-ransomware agent fails to be installed, submit a ticket to address the issue.
CHECK_RUNNING_COMMAND_FAILED Check service startup command failed A service error occurs. Perform the following operations to reinstall the anti-ransomware agent:
  1. Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent.

    After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed.

  2. Reinstall the anti-ransomware agent.
The following table describes the anti-ransomware endpoints in different regions.
Region Public endpoint ECS internal endpoint
China (Hangzhou) https://hbr.cn-hangzhou.aliyuncs.com https://hbr-vpc.cn-hangzhou.aliyuncs.com
China (Shanghai) https://hbr.cn-shanghai.aliyuncs.com https://hbr-vpc.cn-shanghai.aliyuncs.com
China (Qingdao) https://hbr.cn-qingdao.aliyuncs.com https://hbr-vpc.cn-qingdao.aliyuncs.com
China (Beijing) https://hbr.cn-beijing.aliyuncs.com https://hbr-vpc.cn-beijing.aliyuncs.com
China (Zhangjiakou) https://hbr.cn-zhangjiakou.aliyuncs.com https://hbr-vpc.cn-zhangjiakou.aliyuncs.com
China (Hohhot) https://hbr.cn-huhehaote.aliyuncs.com https://hbr-vpc.cn-huhehaote.aliyuncs.com
China (Shenzhen) https://hbr.cn-shenzhen.aliyuncs.com https://hbr-vpc.cn-shenzhen.aliyuncs.com
China (Chengdu) https://hbr.cn-chengdu.aliyuncs.com https://hbr-vpc.cn-chengdu.aliyuncs.com
China (Hong Kong) https://hbr.cn-hongkong.aliyuncs.com https://hbr-vpc.cn-hongkong.aliyuncs.com
Singapore (Singapore) https://hbr.ap-southeast-1.aliyuncs.com https://hbr-internal.ap-southeast-1.aliyuncs.com
Australia (Sydney) https://hbr.ap-southeast-2.aliyuncs.com https://hbr-vpc.ap-southeast-2.aliyuncs.com
Malaysia (Kuala Lumpur) https://hbr.ap-southeast-3.aliyuncs.com https://hbr.ap-southeast-3.aliyuncs.com
Indonesia (Jakarta) https://hbr.ap-southeast-5.aliyuncs.com https://hbr-vpc.ap-southeast-5.aliyuncs.com
Japan (Tokyo) https://hbr.ap-northeast-1.aliyuncs.com https://hbr.ap-northeast-1.aliyuncs.com
Germany (Frankfurt) https://hbr.eu-central-1.aliyuncs.com https://hbr.eu-central-1.aliyuncs.com
US (Silicon Valley) https://hbr.us-west-1.aliyuncs.com https://hbr.us-west-1.aliyuncs.com

Alibaba Finance Cloud

Region Public endpoint ECS internal endpoint
China East 2 Finance https://hbr.cn-shanghai-finance-1.aliyuncs.com https://hbr-vpc.cn-shanghai-finance-1.aliyuncs.com