Troubleshoot the issues causing the abnormal status of the anti-ransomware agent on your server - Defense| Alibaba Cloud Documentation Center

If you applied an anti-ransomware policy to your server and the status of the anti-ransomware agent is abnormal in the Security Center console, you can troubleshoot the issues that cause the abnormal status of the agent. This topic describes how to troubleshoot the issues.

Background information

If the status of the anti-ransomware agent is abnormal, the agent cannot back up the data on your server or protect your server. We recommend that you troubleshoot the issues that cause the abnormal status of the agent at the earliest opportunity.

Procedure

Log on to the Security Center console.
In the left-side navigation pane, choose Defense > Anti-ransomware.
On the Server extortion virus protection tab, view the servers on which the anti-ransomware agent is in an abnormal state.
Find an anti-ransomware policy and click the icon next to the policy name to view all servers to which the policy is applied.
Find a server on which the anti-ransomware agent is in an abnormal state and click the icon to view the causes of the status.
Troubleshoot the issues that cause the abnormal status based on the information in the Details message.
For more information about the causes of the abnormal status for the anti-ransomware agent and how to troubleshoot the issues, see Causes of the abnormal status for the anti-ransomware agent and solutions.

Causes of the abnormal status for the anti-ransomware agent and solutions


Error code	Information in the Details message	Cause	Solution
CLOUD_ASSIST_NOT_RUN	Cloud assistant Not started	Cloud Assistant is not started.	Perform the following operations to troubleshoot the issues that are related to Cloud Assistant: Log on to the ECS console. Check whether Cloud Assistant is started. For more information, see Cloud Assistant troubleshooting FAQ. If Cloud Assistant is not started, start the Cloud Assistant client. For more information, see Start or stop the Cloud Assistant client. If Cloud Assistant is started, submit a ticket to address the issue.
RoleNotExist	Your Alibaba Cloud account is not authorized.	Your Alibaba Cloud account does not have the required permissions.	Log on to the Security Center console by using your Alibaba Cloud account. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, assign the AliyunHBRDefaultRole and AliyunECSAccessingHBRRole roles to your account.
CLIENT_CONNECTION_ERROR	The client connection is abnormal. Check the ECS instance network and try again.	The network connection fails.	Perform the following operations to troubleshoot network connection issues: Log on to your ECS instance, run the `ping` or `telnet` command to test the connectivity between the ECS instance and the anti-ransomware endpoint, and then check whether firewall policies are configured for the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware endpoints. After you troubleshoot network connection issues, reinstall the anti-ransomware agent.
ECS_ROLE_POLICY_NOT_EXIST	ecs role does not have AliyunECSAccessingHBRRolePolicy	The AliyunECSAccessingHBRRolePolicy policy is not attached to the RAM role that your ECS instance assumes, which causes the failure to install the anti-ransomware agent.	Perform the following operations to troubleshoot issues: Attach the AliyunECSAccessingHBRRolePolicy policy to the RAM role that your ECS instance assumes. For more information, see What can I do if the error message "The strategy of AliyunECSAccessingHBRRolePolicy is missing on EcsRamRole. Please refer to the FAQ for authorization" appears when I install the HBR backup client on an ECS instance?. Reinstall the anti-ransomware agent. Notice After you attach the AliyunECSAccessingHBRRolePolicy policy to the RAM role that your ECS instance assumes, the anti-ransomware agent is not automatically installed on the ECS instance. You can log on to the Security Center console, go to the Anti-blackmail page, and manually install the anti-ransomware agent.
CHECK_ACTIVATION_COMMAND_TIMEOUT	The activation command times out.	The installation of the anti-ransomware agent times out.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Reinstall the anti-ransomware agent.
ECS_STOPPED	The ECS instance is not started.	The anti-ransomware agent fails to be installed because the ECS instance is not started.	Perform the following operations to start the ECS instance and then reinstall the anti-ransomware agent: Log on to the ECS console. Start the ECS instance that is stopped. For more information, see Start an instance. Reinstall the anti-ransomware agent.
UNINSTALL_FAILED	Failed to uninstall client	The anti-ransomware agent fails to be uninstalled because the execution of the Cloud Assistant command times out.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, find an anti-ransomware policy that is applied to specific servers, select the server from which the anti-ransomware agent fails to be uninstalled, and then click Delete in the Actions column. Note Approximately 2 minutes is required to remove the server from the anti-ransomware policy. Wait until the server is removed. Apply the anti-ransomware policy to the server. For more information, see Edit an anti-ransomware policy. Reinstall the anti-ransomware agent.
INSTALL_FAILED	Installation failed	The anti-ransomware agent fails to be installed because the execution of the Cloud Assistant command times out.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Reinstall the anti-ransomware agent.
AGENT_NOT_RUN_AFTER_INSTALLATION	Post-installation services not started	After you install the anti-ransomware agent, the agent is not started because some registry entries of the agent that you previously uninstall are retained.	Perform the following operations to clear the registry entries and reinstall the agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Clear the following registry entries based on the version of the anti-ransomware agent that is installed based on anti-ransomware policies: The registry entries of the V1.X.X anti-ransomware agent `# The V1.X.X anti-ransomware agent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hybridbackup HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrupdater` The registry entries of the V2.X.X anti-ransomware agent # The V2.X.X anti-ransomware agent HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrclient HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\hbrclientupdater HKEY_LOCAL_MACHINE\SOFTWARE\Alibaba, Inc.\Aliyun Hybrid Backup Service Client # 64-bit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1F066FC-D85C-46F8-9ED7-88A4385AF9A6}}_is1 # 32-bit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A3FBAB2-A9B0-4F3B-951A-ABC72D58BA6D}}_is1 Reinstall the anti-ransomware agent.
FAILED_TO_DOWNLOAD_INSTALLER	Failed to download the installation package	The installation package of the anti-ransomware agent fails to be downloaded because the network connection fails.	Perform the following operations to troubleshoot network connection issues: Log on to your ECS instance, run the `ping` or `telnet` command to test the connectivity between the ECS instance and the anti-ransomware endpoint, and then check whether firewall policies are configured for the ECS instance. For more information about anti-ransomware endpoints, see Anti-ransomware endpoints. After you troubleshoot network connection issues, reinstall the anti-ransomware agent.
PRECHECK_COMMAND_FAILED	Preflight command failed	The execution of the Cloud Assistant command times out.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Reinstall the anti-ransomware agent.
INSTALL_COMMAND_TIMEOUT	Install Command timeout	The anti-ransomware agent fails to be installed because the installation command times out.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Reinstall the anti-ransomware agent.
ServiceUnavailable	ServiceUnavailable	Your Alibaba Cloud account does not have the required permissions, or the QPS exceeds the upper limit.	Log on to the Security Center console by using your Alibaba Cloud account. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, click Authorize Now to assign the AliyunHBRDefaultRole and AliyunECSAccessingHBRRole roles to your Alibaba Cloud account. If you want to increase the QPS limit, submit a ticket.
CONFLICT_WITH_EXISTING_AGENT	Conflict with existing client	The anti-ransomware agent fails to be installed because the agent is installed.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Reinstall the anti-ransomware agent.
ACTIVATE_COMMAND_FAILED	An error occurs on the client. You need to reinstall the client to restore normal service operation. If the failure persists, submit a ticket for consultation. Alibaba technical experts will help you troubleshoot the issue.	An error occurs on the anti-ransomware agent.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Reinstall the anti-ransomware agent. If the anti-ransomware agent fails to be installed, submit a ticket to address the issue.
CHECK_RUNNING_COMMAND_FAILED	Check service startup command failed	A service error occurs.	Perform the following operations to reinstall the anti-ransomware agent: Log on to the Security Center console. On the Anti-blackmail page, click the Server extortion virus protection tab. On the Server extortion virus protection tab, uninstall the anti-ransomware agent. After you uninstall the anti-ransomware agent, the status of the agent changes to Not Installed. Reinstall the anti-ransomware agent.

The following table describes the anti-ransomware endpoints in different regions.


Region	Public endpoint	ECS internal endpoint
China (Hangzhou)	https://hbr.cn-hangzhou.aliyuncs.com	https://hbr-vpc.cn-hangzhou.aliyuncs.com
China (Shanghai)	https://hbr.cn-shanghai.aliyuncs.com	https://hbr-vpc.cn-shanghai.aliyuncs.com
China (Qingdao)	https://hbr.cn-qingdao.aliyuncs.com	https://hbr-vpc.cn-qingdao.aliyuncs.com
China (Beijing)	https://hbr.cn-beijing.aliyuncs.com	https://hbr-vpc.cn-beijing.aliyuncs.com
China (Zhangjiakou)	https://hbr.cn-zhangjiakou.aliyuncs.com	https://hbr-vpc.cn-zhangjiakou.aliyuncs.com
China (Hohhot)	https://hbr.cn-huhehaote.aliyuncs.com	https://hbr-vpc.cn-huhehaote.aliyuncs.com
China (Shenzhen)	https://hbr.cn-shenzhen.aliyuncs.com	https://hbr-vpc.cn-shenzhen.aliyuncs.com
China (Chengdu)	https://hbr.cn-chengdu.aliyuncs.com	https://hbr-vpc.cn-chengdu.aliyuncs.com
China (Hong Kong)	https://hbr.cn-hongkong.aliyuncs.com	https://hbr-vpc.cn-hongkong.aliyuncs.com
Singapore (Singapore)	https://hbr.ap-southeast-1.aliyuncs.com	https://hbr-internal.ap-southeast-1.aliyuncs.com
Australia (Sydney)	https://hbr.ap-southeast-2.aliyuncs.com	https://hbr-vpc.ap-southeast-2.aliyuncs.com
Malaysia (Kuala Lumpur)	https://hbr.ap-southeast-3.aliyuncs.com	https://hbr.ap-southeast-3.aliyuncs.com
Indonesia (Jakarta)	https://hbr.ap-southeast-5.aliyuncs.com	https://hbr-vpc.ap-southeast-5.aliyuncs.com
Japan (Tokyo)	https://hbr.ap-northeast-1.aliyuncs.com	https://hbr.ap-northeast-1.aliyuncs.com
Germany (Frankfurt)	https://hbr.eu-central-1.aliyuncs.com	https://hbr.eu-central-1.aliyuncs.com
US (Silicon Valley)	https://hbr.us-west-1.aliyuncs.com	https://hbr.us-west-1.aliyuncs.com

Alibaba Finance Cloud


Region	Public endpoint	ECS internal endpoint
China East 2 Finance	https://hbr.cn-shanghai-finance-1.aliyuncs.com	https://hbr-vpc.cn-shanghai-finance-1.aliyuncs.com