This topic describes how to troubleshoot issues that cause fixing failures of Linux software vulnerabilities and Windows system vulnerabilities in the Security Center console.
View the issues that cause vulnerability fixing failures
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose .
On the Vulnerabilities page, click the number below Fixing. In the Fixing panel, view the list of vulnerabilities that are being fixed.
The list displays all vulnerabilities that are in the Fixing, Handled (To Be Restarted), and Fix Failed states.
Find a vulnerability that is in the Fix Failed state and click the icon in the Status column. In the Cause dialog box, view the cause of the vulnerability fixing failure.
You can handle the vulnerability fixing failure based on the error code and error message that are displayed in the dialog box. For more information about the causes and solutions to vulnerability fixing failures, see Causes and solutions to vulnerability fixing failures.
Causes and solutions of vulnerability fixing failures
The following table describes the causes and solutions to fixing failures of only Linux software vulnerabilities and Windows system vulnerabilities.
The error messages that are provided in the following table are only part of the complete messages. You can view the complete messages in the Security Center console.
download file fails
The required patch fails to be downloaded.
The patch that is required to fix a Windows system vulnerability fails to be downloaded. Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact technical support.
windows modules installer service disable
The Windows Modules Installer service is not enabled.
You must enable the Windows Modules Installer service in Windows Services Manager.
windows update service disable
The Windows Update service is not enabled.
You must enable the Windows Update service in Windows Services Manager.
The fixing process is blocked by security software or infected by viruses.
The fixing process is blocked by security software or infected by viruses, or the files that are required for the fix cannot be opened. Check whether security software is running on your server. Suspend the security software and fix the vulnerability again.
exit code:0x00000070, (OK)
The disk space is insufficient.
If an ERROR_DISK_FULL error is reported when you install a Windows patch, the patch failed to be installed because the disk space is insufficient. In this case, you must release the disk space before you can continue to install the patch. The following list describes the methods that you can use to release the disk space:
If the disk space is sufficient after you perform the preceding operations, you can continue to install the patch.
The memory is insufficient.
Check the memory usage and CPU utilization of your server. Make sure that your server has sufficient memory and CPU resources. Then, fix the vulnerability again.
Check whether a patch is being installed on your server. If a patch is being installed, wait until the patch is installed and fix the vulnerability again. If no patch is being installed on your server, make sure that your business is not affected when you restart the server. Then, restart the server and fix the vulnerability again.
xxx.exe is running
The installation of a patch is blocked by security software.
The installation of a patch is blocked by security software. Check the security software that runs on your server based on the error message and suspend the software. Then, fix the vulnerability again.
exit code:0x00000476, (OK)
Excessive symbolic links exist in the file system.
In most cases, the error is reported when excessive symbolic links or hard links exist in your file system. The error may affect the running of the file system. In addition, new Windows patches may fail to be installed. You can use the following methods to resolve the issue:
The installation of the required patch times out.
The installation of the patch that is required to fix a Windows system vulnerability times out. Fix the vulnerability again. If the issue persists, submit a ticket to contact technical support.
failure: repodata/repomd.xml from docker-ce-stable: [Errno 256] No more mirrors to try.
https://download.docker.com/linux/centos/2.1903/x86_64/stable/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
The download source is invalid.
The error message indicates that the download source
failure: repodata/repomd.xml from HDP-3.0-repo-1: [Errno 256] No more mirrors to try.
http://public-repo-1.hortonworks.com/HDP/centos7/3.x/updates/184.108.40.206/repodata/repomd.xml: [Errno 14] HTTP Error 403 - Forbidden
The download source cannot be accessed.
The error message indicates that the download source
There are unfinished transactions remaining
The historical installation commands failed to complete and the installation stopped.
The error may be caused by issues that occur when you use Yellowdog Updater, Modified (YUM) to install software. Run the following command on the server to resolve the remaining issues. Then, fix the vulnerability again.
Error:rpmdb open failed
The RPM database is corrupted.
The RPM database is opened by a process other than the installation process, or the files of the RPM database are corrupted. You can run the following commands in sequence to rebuild the RPM database. Then, fix the vulnerability again.
Transaction Check Error
A software package conflict occurs.
CRITICAL:yum.cli:Config error: Error accessing file for config file:///etc/yum.conf
The YUM configuration file is missing.
The error may occur because the YUM configuration file
rtap running error
The execution of the script for the Security Center agent fails.
The Security Center agent fails to run the fixing program because the program may be blocked by third-party security software. Fix the vulnerability again in the Security Center console. If the issue persists, submit a ticket to contact technical support.
execute rtap task fail
/bin/rpm permit error
The tool or script used to fix a vulnerability does not have the required permissions to run the
If excessively high permissions are required to run the /bin/rpm command, privilege escalation risks may rise. In most cases, you can set the permissions on the
not support this system xxx
The current system does not support vulnerability fixing.
The error may occur because you have changed the type of the operating system of your server after the vulnerability is detected on the server. As a result, the current operating system of your server is different from the operating system when the vulnerability was detected. You can ignore the vulnerability in the Security Center console or wait for the vulnerability to expire. For more information, see View and handle vulnerabilities.
update process is running
An existing fixing process is running.
A vulnerability fixing process is running. Try again later.
Insufficient space in download directory /var/cache/yum/x86_64/7/aegisbase
The disk space is insufficient.
YUM failed to be updated because of insufficient disk space. Clear the disk space based on the path in the error message. Then, fix the vulnerability again.
dpkg was interrupted
Related data is damaged because dpkg (Debian Packager) is interrupted.
Related data is damaged because dpkg is interrupted. The previous fixing process is forcefully stopped and junk data is generated. Use the CLI to run the following command on your server to reconfigure the settings.
For more information, see Fix dpkg interruptions.
An error occurs in running the yum command.
The Python environment in which the yum command is run does not support the syntax of the yum file. Check whether the content of the file in the
A has missing requires of B
A required software package is missing.
run virtio fix process faild
The program that is used to fix an Elastic Compute Service (ECS) disk drive vulnerability fails to start.
If a program that is used to fix an ECS disk drive vulnerability fails to start, the program may be blocked by security software. Make sure that no security software blocks the program. Then, fix the vulnerability again.
yum plugins protectbase enable
The ProtectBase plug-in blocked the update of YUM.
The ProtectBase plug-in of YUM blocked the update. Disable the ProtectBase plug-in on your server and fix the vulnerability again. Perform the following steps to disable the plug-in:
[Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"
The mirrors.cloud.aliyuncs.com domain name cannot be accessed.
miss kernel grub file
The kernel boot file is missing.
Rebuild the kernel boot file. If your server runs CentOS 7, run the following command in the CLI on your server:
After the file is rebuilt, fix the vulnerability again.
redhat not subscription
No Red Hat account is created.
No Red Hat account is created for your server. You must create a Red Hat account on the Red Hat official website and purchase a subscription service. Go to the Red Hat official website and create a Red Hat account.
You must purchase a separate subscription service for each Red Hat system. If you want to register and manage a large number of systems, you can use a Red Hat Satellite Server instance to manage the systems in a centralized manner.
sh xxx killed
The yum process is terminated due to an out of memory (OOM) error.
The vulnerability failed to be fixed because the system memory is insufficient. You can release the memory space and fix the vulnerability again.
blacklist process xxx is running
A blacklist process that locks the kernel configuration file is running.
If a blacklist process is running, it blocks the kernel configuration file. As a result, the kernel version may not be updated after a vulnerability is fixed. You can stop the process and fix the vulnerability again.
The fixing operation times out.
The failure may be caused by network jitters or the server environment. Fix the vulnerability again in the Security Center console. If the issue persists, submit a ticket to contact technical support.
xxx is already the newest version
The command is successfully run, and your system is updated to the latest version. However, the vulnerability is not fixed.
Your system is updated to the latest version, but the vulnerability is not fixed. If you changed the source, set the source to the Alibaba Cloud source
Invalid configuration value: failovermethod =priority in /etc/yum.repos.d/CentOS-Linux-epel.repo
An error occurs in the configuration items of YUM.
Check the download source configurations of the current system. Move the source file
Finished Dependency Resolution
YUM exits immediately after the dependency analysis is complete. This may be caused by software package conflicts.
The operation logs of YUM in the error message show that YUM exits immediately after the dependency analysis is complete, and the installation command is not run.
If you are upgrading MariaDB, this error may occur because MySQL was installed on your server and port conflicts exist. You can perform the following steps to resolve the issue:
The execution of the installation command times out.
The upgrade of the software package times out, which may be caused by network jitters or the environment of your server. Fix the vulnerability again in the Security Center console. If the issue persists, submit a ticket to contact technical support.
rpm collect timeout
The collection of the data of a software package times out.
The collection of the data of a software package times out. This may be caused by network jitters or the environment of your server. Fix the vulnerability again in the Security Center console. If the issue persists, submit a ticket to contact technical support.
start vulfix:[Error 2] The system cannot find the file specified
The fixing process is blocked by security software and fails to be started.
The fixing process is blocked by security software and fails to be started. Check whether security software is running and suspend the security software. Then, fix the vulnerability again.