Troubleshoot vulnerability fixing failures - Security Center

When a one-click vulnerability fix fails in the Security Center console, check the error message and apply the matching solution, then retry. This topic covers common causes and solutions for Linux software vulnerabilities and Windows system vulnerabilities.

Some error details in the console show only a summary. Open the Cause Details dialog box to see the full error message.

View the failure reason

Log on to the Security Center consoleSecurity Center consoleSecurity Center consoleSecurity Center console.Log on to the Security Center consoleSecurity Center console.
In the left navigation pane, choose Risk Governance > Vulnerabilities. In the upper-left corner, select the region for your assets: Chinese Mainland or Outside Chinese Mainland.
On the Vulnerabilities page, click the number under Fixing to open the Fixing panel.
The Fixing panel lists all vulnerabilities with a status of Fixing, Fixed and Pending Restarted, or Fixing Failed.
In the Status column, click the icon next to a failed vulnerability. In the Cause Details dialog box, view the error code and description, then follow the matching solution below.

Common causes and solutions

Agent offline or network connection abnormal

Cause: The Security Center agent went offline. This can happen when network connectivity between the server and Security Center is disrupted, or when the server has high CPU or memory usage.

Solution: Troubleshoot the agent offline issue, then retry the vulnerability fix. For details, see Client offline troubleshooting.

Disk full or out of memory

Cause: Security Center cannot download required patch files when the server's disk is full or memory is exhausted.

Solution:

Free up disk space or memory on the server.
Retry the vulnerability fix in the Security Center console.

Disk file system lacks read and write permissions

Cause: Without read and write permissions on the disk file system, Security Center cannot download or install the patch.

Solution:

Grant read and write permissions to the disk file system.
Retry the vulnerability fix in the Security Center console.

System update source misconfigured (Linux software vulnerability)

Cause: The YUM or APT source is misconfigured, or the YUM software list is not up to date.

Solution:

Fix the source configuration using one of the following methods:
- In the Security Center console, go to Vulnerability Settings. Under YUM/APT Source Configuration, enable Preferentially Use Alibaba Cloud Source to Fix Vulnerability to improve the fix success rate.
  Log on to the Security Center console.
- Manually update the YUM source list to the latest version.
Retry the vulnerability fix in the Security Center console.

Windows Update or Windows Modules Installer service is disabled (Windows system vulnerability)

Cause: If either service is disabled, Security Center cannot download patch files to fix the vulnerability.

Solution:

Enable the Windows Update and Windows Modules Installer services.
Retry the vulnerability fix in the Security Center console.

Patch download or installation failed (Windows system vulnerability)

Cause: Missing or mismatched patch packages can block the fix.

Solution: Apply the fix based on the specific error:

Patch package missing: Download the patch again, then retry the vulnerability fix.
Patch package mismatched: If the patch genuinely does not match the server's OS, ignore the vulnerability in the Security Center console.
Another patch is installing: Wait for the current patch installation to complete, then retry. A server cannot run two patch installers simultaneously.

Unknown server issue (Windows system vulnerability)

Solution: Reset the Windows Update components, then retry the vulnerability fix.

Third-party security software blocking the fix

Cause: Security software such as SafeDog may restrict the SYSTEM account's read and write permissions on the www directory and its subdirectories, preventing Security Center from applying the fix.

Solution: Manually grant read and write permissions to the SYSTEM account on the affected directories.

Vulnerability file no longer exists

Cause: If the vulnerability file has been deleted from the server, Security Center reports a fix failure.

Solution:

Check whether the file still exists using the path shown in the vulnerability details in the Security Center console.
If the file has been deleted, ignore the vulnerability alert in the console.

Common error codes and solutions

Important

The following error codes apply to Linux software vulnerabilities and Windows system vulnerabilities only.
Some error details in the console show only a summary. The full error message is available in the Cause Details dialog box.

Error code 116

Error message

download file failed

Cause: The Windows patch download failed.

Solution: Retry the vulnerability fix in the Security Center consoleSecurity Center consoleSecurity Center consoleSecurity Center console. If the fix fails after multiple retries, submit a ticketticketticket.

Error code 124

Windows Modules Installer service disabled

Error message

Windows modules installer service disable

Cause: The Windows Modules Installer service is not running.

Solution: Enable the service in Services Manager.

Press Win+R, enter services.msc, and click OK.
Find Windows Modules Installer in the list.
Right-click the service and start it.

Windows Update service disabled

Error message

Windows update service disable

Cause: The Windows Update service is not running.

Solution: Enable the service in Services Manager.

Press Win+R, enter services.msc, and click OK.
Find Windows Update in the list.
Right-click the service and start it.

Error code 125

Error message

exit code:0x00000005

Cause: Security software blocked the process, or the server has a virus infection.

Solution: Check that no security software is blocking the process, then retry the vulnerability fix.

Error code 127

Error message

exit code:0x00000005

Cause: An ERROR_DISK_FULL error occurred during Windows patch installation. The disk does not have enough free space.

Solution: Free up disk space, then retry the vulnerability fix. Options include:

Delete unnecessary files and programs. Use Windows Disk Cleanup to remove temporary files, cache files, and junk files.
Move large files (videos, photos, and so on) to external storage or cloud storage.
Compress or archive files that are infrequently accessed.

Error code 130

Error message

exit code:0x00000008

Cause: The host is out of memory (OOM).

Solution: Check the host's current memory and CPU usage. Retry the fix after memory and CPU usage return to normal.

Error code 132

Error message

exit code:0x80240017

Cause: One of the following:

A patch is currently installing.
A previously installed patch requires a restart to take effect.

Solution: Check whether any patches are still installing. If so, wait for the installation to finish, then retry the vulnerability fix. If no patches are installing, restart the host (after confirming no business impact), then retry.

Error code 133

Error message

xxx.exe is running

Cause: Security software blocked the patch installation.

Solution: Check that no security software is blocking the process, then retry the vulnerability fix.

Error code 134

Error message

exit code:0x800F0982, (OK)
ERROR_TOO_MANY_LINKS

Cause: Too many symbolic links in the file system are preventing Windows from installing the patch.

Solution: Try the following steps:

Clean the disk: Delete unnecessary files and programs to free up space.
Remove excess symbolic links: Check symbolic and hard links in the system. If there are too many, remove them.
Run a disk check: Check and repair the disk to make sure the file system is healthy.
Disable Windows Defender: Windows Defender can sometimes interfere with patch installation. Try disabling Windows Defender, then attempt to install the patch again.

Error code 202

Error message

timeout

Cause: Patch installation timed out.

Error code 256

Invalid third-party repository (docker-ce-stable)

Error message

failure: repodata/repomd.xml from docker-ce-stable: [Errno 256] No more mirrors to try.
https://download.docker.com/linux/centos/2.1903/x86_64/stable/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found

Cause: The download.docker.com source is no longer accessible.

Solution:

Navigate to /etc/yum.repos.d/ on the host.
Run the following command to find the source file containing the invalid source. Replace download.docker.com with the source name from your error message.
```
grep -r "download.docker.com"
```
Edit the source file and set enabled to 0 to disable the source.
Retry the vulnerability fix.

Inaccessible repository (HDP-3.0-repo-1)

Error message

failure: repodata/repomd.xml from HDP-3.0-repo-1: [Errno 256] No more mirrors to try.
http://public-repo-1.hortonworks.com/HDP/centos7/3.x/updates/3.0.X.X/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden

Cause: The host cannot access public-repo-1.hortonworks.com.

Solution:

Navigate to /etc/yum.repos.d/ on the host.
Run the following command to find the source file. Replace public-repo-1.hortonworks.com with the source name from your error message.
```
grep -r "public-repo-1.hortonworks.com"
```
Edit the source file and set enabled to 0 to disable the source.
Retry the vulnerability fix.

Unfinished YUM transactions

Error message

There are unfinished transactions remaining

Cause: A previous YUM installation did not complete normally, leaving residual transaction data.

Solution: Run the following command to clean up the residual data, then retry the vulnerability fix.

yum-complete-transaction --cleanup-only

RPM database open failed

Error message

Error:rpmdb open failed

Cause: The RPM database is locked by another process or the database file is corrupted.

Solution: Run the following commands in sequence to rebuild the RPM database, then retry the vulnerability fix.

cd /var/lib/rpm          # Go to the RPM database directory.
rm -f __db.*             # Clear original RPM database files.
rpm --rebuilddb           # Rebuild the RPM database.
yum clean all            # Clear all YUM caches.

Package conflict (Transaction check error)

Error message

Transaction Check Error

Cause: A software package conflict is blocking the update.

Solution:

In the error details, identify the conflicting packages. Look for lines containing conflicts with file.
If removing the conflicting package will not affect your workloads, uninstall it:
```
yum remove <package_name>
```
Retry the vulnerability fix.

YUM configuration file missing

Error message

CRITICAL:yum.cli:Config error: Error accessing file for config file:///etc/yum.conf

Cause: The YUM configuration file /etc/yum.conf is missing.

Solution: Copy /etc/yum.conf from another server running the same OS, then retry the vulnerability fix.

Error code 300

Error message

rtap running error

Cause: Security software blocked the client script from running.

Solution: Check that no security software is blocking the process, then retry the vulnerability fix.

Error code 309

Error message

execute rtap task fail

Cause: Security software blocked the client script from running.

Solution: Check that no security software is blocking the process, then retry the vulnerability fix.

Error code 8001

Error message

download aegis.repo error

Cause: Network connectivity issues or insufficient disk space prevented the Security Center software source file from being downloaded.

Solution: Check the following, then retry:

Verify that the server can reach update.aegis.aliyun.com. Confirm that security groups and firewall rules allow outbound traffic to this domain.
Verify that the system disk is not full.

Error code 8005

Error message

/bin/rpm permit error

Cause: The fix tool does not have permission to run /bin/rpm.

Solution: Set the permissions of /bin/rpm to 755 or 750, then retry the vulnerability fix. This ensures that only authorized users can run RPM operations while reducing privilege escalation risk.

Error code 8007

Error message

windows update damaged

Cause: Critical system files are corrupted or missing, so the Windows Update service cannot run.

Solution:

Important

Before repairing system files, create a snapshot backup to prevent data loss.

Stop the Windows Update service.
1. Press Win+R, enter services.msc, find Windows Update, and open its properties.
2. Set Startup type to Manual, click Stop in the Service Status section, then restart the computer.
If stopping fails, change the startup type to Manual, restart, then try stopping the service again.
Delete the contents of C:\Windows\SoftwareDistribution.
Repair system files.
1. Press Win+R, enter cmd, and run it as administrator.
2. Run sfc /scannow and wait for the scan to complete, then restart the computer.
Re-enable the Windows Update service.
1. Press Win+R, enter services.msc, find Windows Update, and open its properties.
2. Set Startup type to Automatic, then click Start in the Service Status section.
Open Settings, go to Windows Update, and reinstall the patch. Restart the computer after installation.

If errors persist after repair, the system files may be severely corrupted. Back up your data and consider reinstalling the OS.

Error code 8008

Error message

not support this system xxx

Cause: The current OS type does not match the OS type recorded when the vulnerability was detected. This can happen if you changed the operating system manually after the vulnerability scan.

Solution: Ignore the vulnerability in the Security Center console or wait for it to expire. For details, see View and manage vulnerabilities.

Error code 8009

Error message

update process is running

Cause: One of the following:

The current YUM source is not an Alibaba Cloud source.
A vulnerability fix process is already running.

Solution:

Switch to the Alibaba Cloud YUM source.
If a fix process is already running, wait for it to finish, then retry.

Error code 8010

Error message

Insufficient space in download directory /var/cache/yum/x86_64/7/aegisbase

Cause: The download directory does not have enough free space.

Solution: Free up disk space at the path shown in the error message, then retry the vulnerability fix.

Error code 8012

Error message

dpkg was interrupted

Cause: The dpkg (Debian Packager) process was interrupted during a previous fix, leaving behind corrupted data.

Solution: Run the following command on the server to reconfigure the settings, then retry the vulnerability fix. For details, see the dpkg interruption repair guide.

dpkg --configure -a

Error code 8019

Error message

yum exception

Cause: YUM execution failed, possibly because the Python environment used to run YUM does not match the YUM file syntax.

Solution:

Check /usr/bin/yum for syntax errors.
Verify that the Python environment used to run YUM is correctly configured.

Error code 8022

Error message

not find file xxx

Cause: The fix command file does not exist, typically because it was deleted or renamed.

Solution: Check whether the system file is missing or has been moved. Restore the file to its correct location, then retry the vulnerability fix.

Error code 8026

Error message

Multilib version problems found

Cause: An older version of a package is protected and cannot be upgraded.

Solution:

For important vulnerabilities: manually uninstall the older version package.
For non-important vulnerabilities: ignore the vulnerability and do not upgrade.

Error code 8027

Error message

A has missing requires of B

Cause: Package A (the package being upgraded) has an unmet dependency on package B.

Solution:

In the error message, identify:
- Package A: the package to be upgraded.
- Package B: the missing dependency.

Run the following command to manually install the package. Replace xxx with the package name.

yum update xxx --disableexcludes=all --disablerepo="*" --enablerepo="aegisbase,aegisupdates,aegisextras" --obsoletes

Retry the vulnerability fix.

Error code 8028

Error message

Error unpacking rpm package xxx xxx was supposed to be removed but is not!

Cause: The old version of the package could not be deleted, possibly due to file permission issues or a service holding the file.

Solution: Check the package file permissions and stop any services using the file, then retry the vulnerability fix.

Error code 8032

Error message

run virtio fix process failed

Cause: Security software blocked the ECS disk driver (virtio) vulnerability fix program from starting.

Solution: Check that no security software is blocking the process, then retry the vulnerability fix.

Error code 8033

Error message

yum plugins protectbase enable

Cause: The YUM ProtectBase plugin is blocking software package updates.

Solution: Disable the ProtectBase plugin, then retry the vulnerability fix.

Open /etc/yum/pluginconf.d/protectbase.conf.
Change enabled = 1 to enabled = 0.

Error code 8037

Error message

[Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"

Cause: The host cannot reach mirrors.cloud.aliyuncs.com.

Solution:

Verify that the server can connect to mirrors.cloud.aliyuncs.com. Check security group and firewall rules for this domain.
If the server has public internet access, replace mirrors.cloud.aliyuncs.com with mirrors.aliyun.com in all enabled source files under /etc/yum.repos.d/.
Retry the vulnerability fix.

Error code 8040

Error message

miss kernel grub file

Cause: The kernel boot file is missing.

Solution: Rebuild the kernel boot file, then retry the vulnerability fix.

For CentOS 7, run:

grub2-mkconfig -o /boot/grub2/grub.cfg

Error code 8041

Error message

redhat not subscription

Cause: The server is not registered with a Red Hat account.

Solution: Register an account and purchase a subscription on the Red Hat website.

Important

A separate subscription is required for each Red Hat system. If you manage many systems, consider using a Red Hat Satellite server for centralized subscription management.

Error code 8080

Error message

sh xxx killed

Cause: The YUM process was terminated due to an OOM (out-of-memory) error.

Solution: Free up memory on the server, then retry the vulnerability fix.

Error code 8081

Error message

blacklist process xxx is running

Cause: A blacklist process is running and locking the kernel configuration file.

Solution: Stop the blacklist process, then retry the vulnerability fix.

Error code 8082

Error message

redhat source has expired

Cause: The Red Hat software source has expired or is not configured.

Solution: Switch to a different software repository.

Error code 8083

Error message

redhat has no available source

Cause: The Red Hat software source has expired or is not configured.

Solution: Switch to a different software repository. Get one from the Alibaba Cloud Open Source Mirror Site.

Error code 8084

Error message

Some index files failed to download

Cause: The server cannot access the download source, so package index files cannot be updated.

Solution: Check whether security groups or firewall rules are blocking access to the download source.

Error code 8085

Error message

alinux source not found

Cause: The Alibaba Cloud Linux software source is not configured correctly.

Solution: Configure the official Alibaba Cloud Linux repository. Get it from the Alibaba Cloud Open Source Mirror Site.

Error code 8086

Error message

anolis source not found

Cause: The Anolis OS software source is not configured correctly.

Solution: Reconfigure the official Anolis repository. Get it from the Alibaba Cloud Open Source Mirror Site.

Error code 8090

Error message

xxx newest available version versionA less than versionB to be updated

Example: ppp newest available version 2.4.5-34.el7_7 less than 2.4.5-35.el7_7 to be updated

Cause: The highest version available in the current source is lower than the minimum version required to fix the vulnerability.

Solution: Check whether the current source configuration is correct and whether it is up to date.

Error code 8091

Error message

qboot kernel

Cause: A kernel booted via QEMU (qboot) does not support kernel patch updates.

Solution: Submit a ticket in the Elastic Compute Service (ECS) product to resolve this issue. Use the ECS ticketticketticket portal.

Error code 8092

Error message

package not available on the current system

Cause: The fix package is not available for the current system.

Solution: Ignore the vulnerability in the Security Center console or wait for it to expire automatically. For details, see View and manage vulnerabilities.

Error code 8093

Error message

no space left for creating initramfs

Cause: The /boot directory does not have enough space to install a new kernel.

Solution: Remove old kernel files from the /boot directory, then retry the vulnerability fix.

Error code 8094

Error message

Skipping linux-image-generic, it is not installed and only upgrades are requested.

Cause: The signed kernel image cannot be upgraded or fixed.

Solution: Ignore the vulnerability in the Security Center console or wait for it to expire automatically. For details, see View and manage vulnerabilities.

Error code 8095

Error message

vmlinuz or initramfs not exists

Cause: The vmlinuz or initramfs file was not correctly generated during the kernel package update.

Solution: Uninstall and reinstall the kernel package.

Error code 8096

Error message

installed kernel not available in grub file

Cause: The GRUB configuration was not updated correctly during the kernel package update.

Solution: Uninstall and reinstall the kernel package, or use the grubby command to add a boot entry manually.

Error code 9002

Error message

timeout

Cause: The fix timed out, possibly due to network jitter or a server environment issue.

Error code 9003

Package already at latest version

Error message

xxx is already the newest version

Cause: The update command completed successfully, but the vulnerability is still marked as unfixed.

Solution: Set the source to an Alibaba Cloud source (mirrors.cloud.aliyuncs.com or mirrors.aliyun.com), then retry the vulnerability fix. If the fix still fails, submit a ticketticketticket.

Invalid YUM configuration value

Error message

Invalid configuration value: failovermethod =priority in /etc/yum.repos.d/CentOS-Linux-epel.repo

Cause: The YUM configuration file contains an invalid configuration value.

Solution: Move /etc/yum.repos.d/CentOS-Linux-epel.repo to a backup directory, then retry the vulnerability fix.

YUM exited after dependency resolution (MariaDB/MySQL conflict)

Error message

Finished Dependency Resolution

Cause: YUM exited immediately after resolving dependencies due to a package conflict. If you are upgrading MariaDB, this is likely caused by a MySQL installation occupying port 3306.

Solution:

Check whether port 3306 is occupied by MySQL:
```
netstat -anltp
```
If no business operations are affected, stop MySQL:
```
systemctl stop mysqld
```
List installed MySQL packages:
```
yum list mysql*
```
Remove MySQL-related packages:
```
yum remove <package_name>
```
Reinstall MariaDB:
```
yum install -y mariadb-server
```

Error code 9007

Error message

ack timeout

Cause: The package upgrade timed out, possibly due to network jitter or a server environment issue.

Error code 9008

Error message

rpm collect timeout

Cause: RPM collection timed out, possibly due to network jitter or a server environment issue.

Error code 60001

Error message

start vulfix:[Error 2] The system cannot find the file specified

Cause: Security software blocked the fix process from starting.

Solution: Check that no security software is blocking the process, then retry the vulnerability fix.