After you install the Security Center agent on your server, you can check the protection status of the server in the Security Center console. If the server is not protected, the Security Center agent is offline. This topic describes how to troubleshoot why the Security Center agent is offline.

Prerequisites

You have logged on to your server.

Procedure

  1. Log on to your server and check whether the AliYunDun and AliYunDunUpdate processes of the Security Center agent run as expected on your server.
    Note If the processes cannot run as expected, we recommend that you restart your server or reinstall the Security Center agent. For more information about how to install the Security Center agent, see Install the Security Center agent.
    • Windows server

      Open Task Manager and check whether the processes run as expected.

      Windows
    • Linux server

      Run the ps aux grep AliYunDun command and check whether the processes run as expected.

      linux
  2. If the protection status of your server is Unprotected the first time that you install the Security Center agent on your server, perform the following operations to restart the Security Center agent:
    • If your server is a Linux server, run the following commands:
      killall AliYunDun
      killall AliYunDunUpdate
      /usr/local/aegis/aegis_client/aegis_10_xx/AliYunDun
      Note In the third command, replace xx with the greatest number among the numbers at the end of the files whose names are in the aegis_10_xx format. The greatest number indicates the latest version of the Security Center agent. You can view the files whose names are in the aegis_10_xx format in the /usr/local/aegis/aegis_client directory. For example, if the directory contains aegis_10_70, aegis_10_73, and aegis_10_75, replace xx in the third command with 75.
    • If your server is a Windows server, find the Alibaba Security Aegis Detect Service and Alibaba Security Aegis Update Service services of Security Center in the service list. Select and right-click the services, and select Restart. Restart
  3. Run a ping command on your server to check whether the network connection on your server is normal. If the IP address of your server is returned, the network connection is normal. The command that you can run varies based on the operating system of the server and whether the server has a public IP address.
    • The server that has a public IP address such as a classic network IP address, an elastic IP address (EIP), or the public IP address of a server not deployed on Alibaba Cloud.
      • For a Windows server, run the ping jsrv.aegis.aliyun.com -l 1000 command.
      • For a Linux server, run the ping jsrv.aegis.aliyun.com -s 1000 command.
    • The server that does not have a public IP address. For example, the server is deployed on a virtual private cloud (VPC) or Alibaba Finance Cloud.
      • For a Windows server, run the ping jsrv3.aegis.aliyun.com -l 1000 command.
      • For a Linux server, run the ping jsrv3.aegis.aliyun.com -s 1000 command.
  4. If the ping command fails to run, perform the following steps to check whether the network connection on your server is normal:
    1. Check whether the Domain Name System (DNS) service runs as expected on your server. If the DNS service cannot run as expected, restart your server or check whether an error occurred on the DNS service.
    2. Check whether access control policies in Cloud Firewall or security group rules are configured for your server. If an access control policy or a security group rule is configured for your server, make sure that an outbound policy is created to allow the IP address of the Security Center server to access external networks. You do not need to create an inbound policy. For more information about how to configure a security group rule, see Create a security group. For more information about how to configure an access control policy in Cloud Firewall, see Create access control policies for outbound and inbound traffic on the Internet firewall.
      Note Add ports 80 and 443 of the following CIDR blocks to the whitelist:
      • 100.100.25.0/24
      • 106.11.68.0/24
      • 106.11.248.0/24
      • 110.173.196.0/24
      • 140.205.140.0/24
    3. Check whether the Internet bandwidth of your server is zero. If the bandwidth is zero, perform the following steps:
      1. Add the following DNS records to the hosts file on your server.
        Region DNS record
        Classic network in China 100.100.110.61 jsrv.aegis.aliyun.com
        100.100.45.131 jsrv.aegis.aliyun.com
        100.100.110.62 update.aegis.aliyun.com
        100.100.45.29 update.aegis.aliyun.com
        Classic network outside China 100.100.103.52 jsrv.aegis.aliyun.com
        100.100.30.54 jsrv.aegis.aliyun.com
        100.100.30.55 update.aegis.aliyun.com
        100.100.103.54 update.aegis.aliyun.com
      2. After you modify the hosts file, run the ping jsrv.aegis.aliyun.com command.
        Note If the address 100.100.25.3 is not returned, restart your server or check whether an error occurred on the DNS service.
      3. If a valid IP address is not returned, find the conf folder in the installation directory of the Security Center agent. Then, set t_srv_domain and h_srv_domain in the network_config file to 100.100.25.3 and 100.100.25.4. After you modify the file, restart the processes of the Security Center agent.
        Notice Before you modify the network_config file, you must back up the file.

        This method can work only if the Internet bandwidth of the server is zero and the server is in the Unprotected state.

    4. If a valid IP address is returned, run a telnet command to connect to the IP address on port 80. For example, run the telnet 140.205.140.205 80 command. If the connection fails, check whether the firewall is configured as required.
  5. Check whether the CPU utilization or memory usage of your server is high for a long period of time. For example, the CPU utilization is 95%, and the memory usage is 100%. High CPU utilization or memory usage may cause the Security Center agent to fail to work.
  6. Check whether third-party security software such as SafeDog or Yunsuo is installed on your server. Third-party security software may prevent the Security Center agent from accessing networks.

    If third-party security software is installed, we recommend that you stop the software and reinstall the Security Center agent.