Security Center:Troubleshoot issues that cause vulnerability fixing failures

View the issues that cause vulnerability fixing failures

1. Log on to the Security Center console. In the top navigation bar, select the region where the asset resides. You can select China or Outside China.

2. In the left-side navigation pane, choose Risk Management > Vulnerabilities.

3. On the Vulnerabilities page, click the number below Fixing. In the Fixing panel, view the list of vulnerabilities that are being fixed.

   The list displays all vulnerabilities that are in the Fixing, Handled (To Be Restarted), and Fix Failed states.

4. Find a vulnerability that is in the Fix Failed state and click the icon in the Status column. In the Cause dialog box, view the cause of the vulnerability fixing failure.

   You can handle the vulnerability fixing failure based on the error code and error message that are displayed in the dialog box. For more information about the causes and solutions to vulnerability fixing failures, see Causes and solutions to vulnerability fixing failures.

   

Error code: 116

Error message

download file failed

Cause

The patch that is required to fix a Windows system vulnerability failed to be downloaded.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 124

Error code: 125

Error message

exit code:0x00000005

Cause

The fixing process is blocked by security software or infected by viruses, or the files that are required for the fix cannot be opened.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 127

Error message

exit code:0x00000005

Cause

If an ERROR_DISK_FULL error is reported when you install a Windows patch, the patch fails to be installed because the disk space is insufficient.

Solution

Release the disk space and then install the patch. The following list describes the methods that you can use to release the disk space:

• Delete unnecessary files and programs.

  • Search for and delete the files and programs that you no longer require. You can use the Disk Cleanup tool that is provided by Windows or a third-party tool to delete unnecessary files, such as temporary files, junk files, and cached files.

  • Move files to an external hard disk or cloud storage. You can move large files, such as videos, audio files, and photos, to an external hard disk or cloud storage to release disk space.

• Compress files.

  In some cases, you can compress files to release disk space.

• Archive files.

  You can archive the files that you no longer require to an external storage device so that you can restore the files later.

Error code: 130

Error message

exit code:0x00000008

Cause

The memory is insufficient.

Solution

Check the memory usage and CPU utilization of your server. Make sure that your server has sufficient memory and CPU resources. Then, fix the vulnerability again.

Error code: 132

ErrorMessage

exit code:0x80240017

Cause

• A patch is being installed on the server.

• A patch is installed on the server. The patch requires you to restart the server after the patch is installed.

Solution

Check whether a patch is being installed on your server. If a patch is being installed, wait until the patch is installed and fix the vulnerability again. If no patch is being installed on your server, make sure that your business is not affected when you restart the server. Then, restart the server and fix the vulnerability again.

Error code: 133

Error message

xxx.exe is running

Cause

The installation of a patch is blocked by security software.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 134

Error message

exit code:0x00000476, (OK)

ERROR_TOO_MANY_LINKS

Cause

Excessive symbolic links exist in the file system. The error may affect the running of the file system. In addition, new Windows patches may fail to be installed.

Solution

• Clear the disk space: You can delete unnecessary files and programs to clear the disk space.

• Cancel symbolic links: Check the symbolic links and hard links in the file system, and cancel the excessive symbolic links and hard links.

• Check the disk status: You can check the status of the disk and repair the disk to ensure that the file system runs as expected.

• Disable the Windows Defender service: The Windows Defender service may interfere with the installation of Windows patches. You can disable the Windows Defender service and install the patches again.

Error code: 202

Error message

timeout

Cause

The installation of the patch that is required to fix a vulnerability times out.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 256

yum-complete-transaction --cleanup-only

cd /var/lib/rpm  // Go to the directory of the RPM database.
rm -f __db.*  // Delete the existing files of the RPM database.
rpm --rebuilddb // Rebuild the RPM database.
yum clean all // Clear all YUM caches.

Error code: 300

Error message

rtap running error

Cause

The execution of the script for the Security Center agent fails because the execution is blocked by third-party security software.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 309

Error message

execute rtap task fail

Cause

The execution of the script for the Security Center agent fails because the execution is blocked by third-party security software.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 8005

Error message

/bin/rpm permit error

Cause

The tool or script used to fix a vulnerability does not have the required permissions to run the /bin/rpm command.

Solution

If excessively high permissions are required to run the /bin/rpm command, privilege escalation risks may rise. In most cases, you can set the permissions on the /bin/rpm file to 755 or 750. This ensures that only authorized users can perform related operations.

Error code: 8008

Error message

not support this system xxx

Cause

The current system does not support vulnerability fixing. The error may occur because you have changed the type of the operating system of your server after the vulnerability is detected on the server. As a result, the current operating system of your server is different from the operating system when the vulnerability was detected.

Solution

Ignore the vulnerability in the Security Center console or wait for the vulnerability to expire. For more information, see View and handle vulnerabilities.

Error code: 8009

Error message

update process is running

Cause

A fixing process is running.

Solution

A vulnerability fixing process is running. Try again later.

Error code: 8010

Error message

Insufficient space in download directory /var/cache/yum/x86_64/7/aegisbase

Cause

The disk space is insufficient.

Solution

Clear the disk space based on the path that is provided in the error message. Then, fix the vulnerability again.

Error code: 8012

Error message

dpkg was interrupted

Cause

Related data is damaged because dpkg (Debian Packager) is interrupted.

Solutions

Related data is damaged because dpkg is interrupted. The previous fixing process is forcefully stopped and junk data is generated. You must use the CLI to run the following command on your server to reconfigure the settings. For more information, see Fix dpkg interruptions.

dpkg --configure -a	

Error code: 8019

Error message

yum exception

Cause

An error occurs in running the yum command. This error may occur because the Python environment in which the yum command is run does not support the syntax of the yum file.

Solution

1. Check whether the content of the file in the /usr/bin/yum directory contains syntax errors.

2. Check whether the Python environment in which the yum command is run is correctly configured.

Error code: 8026

Error message

Multilib version problems found

Cause

The update fails because the package of an earlier version is protected.

Solution

If the vulnerability is a high-risk vulnerability, we recommend that you uninstall the package of the earlier version. If the vulnerability is not a high-risk vulnerability, you can ignore the vulnerability and do not perform the update operation.

Error code: 8027

Error message

A has missing requires of B

Cause

A required software package is missing.

Solution

1. Identify the software package that is required to fix the vulnerability based on the error message. Example:

   1. A in the error message is the software package that is used for the update.

   2. B in the error message is the software package that is required for the preceding software package.

2. Use the CLI on your server to run the following command to install the software.

   Note

   Before you run the following command, replace xxx with the name of the software package that you want to use.

   yum update xxx --disableexcludes=all --disablerepo="*" --enablerepo="aegisbase,aegisupdates,aegisextras" --obsoletes 

3. Fix the vulnerability again.

Error code: 8032

Error message

run virtio fix process failed

Cause

The program that is used to fix an ECS disk drive vulnerability fails to start.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.

Error code: 8033

Error message

yum plugins protectbase enable

Cause

The ProtectBase plug-in of YUM blocked the update.

Solution

Disable the ProtectBase plug-in on your server and fix the vulnerability again. Perform the following steps to disable the plug-in:

1. Open the configuration file /etc/yum/pluginconf.d/protectbase.conf of ProtectBase.

2. Change enabled = 1 to enabled = 0.

Error code: 8037

Error message

[Errno 14] curl#6 - "Could not resolve host: mirrors.cloud.aliyuncs.com; Unknown error"

Cause

The mirrors.cloud.aliyuncs.com domain name cannot be accessed.

Solution

1. Check whether the network connection between your server and the mirrors.cloud.aliyuncs.com domain name is normal, and whether the traffic between your server and the domain name is blocked by a security group or a firewall.

2. If your server is connected to the Internet, replace mirrors.cloud.aliyuncs.com in the enabled source file with mirrors.aliyun.com in the /etc/yum.repos.d/ path.

3. Fix the vulnerability again.

Error code: 8040

Error message

miss kernel grub file

Cause

The kernel boot file is missing.

Solution

Rebuild the kernel boot file.

If your server runs CentOS 7, run the following command in the CLI on your server. After the file is rebuilt, fix the vulnerability again.

grub2-mkconfig -o /boot/grub2/grub.cfg

Error code: 8041

Error message

redhat not subscription

Cause

No Red Hat account is created.

Solution

Go to the Red Hat official website, create a Red Hat account, and then purchase a subscription service.

Error code: 8080

ErrorMessage

sh xxx killed

Cause

The yum process is terminated due to an out of memory (OOM) error.

Solution

You must release the memory space and fix the vulnerability again.

Error code: 8081

Error message

blacklist process xxx is running

Cause

A blacklist process that locks the kernel configuration file is running.

Solution

Stop the blacklist process and fix the vulnerability again.

Error code: 8082

Error message

redhat source has expired

Cause

The required Red Hat software repository expires or is not configured.

Solution

We recommend that you use another software repository.

Error code: 8083

Error message

redhat has no available source

Cause

The required Red Hat software repository expires or is not configured.

Solution

We recommend that you use another software repository. You can go to the Alibaba open source image site to obtain a software repository.

Error code: 8084

Error message

Some index files failed to download

Cause

The download source cannot be accessed, which leads to the failure of updating the software package information.

Solution

Check whether security groups or firewalls are configured to deny access to the download source.

Error code: 8085

Error message

alinux source not found

Cause

An Alibaba Cloud Linux software repository is inappropriately configured for the Alibaba Cloud Linux operating system.

Solution

Configure a new Alibaba Cloud Linux software repository. You can go to the Alibaba Cloud open source image site to obtain an Alibaba Cloud Linux software repository.

Error code: 8089

Error message

xxx newest available version versionA less than versionB to be updated

example: ppp newest available version 2.4.5-34.el7_7 less than 2.4.5-35.el7_7 to be updated

Cause

The latest available version of the software package that can be obtained from the current source to update the xxx package is earlier than the version that is required for the vulnerability fix.

Solution

Check whether the current source is appropriately configured and whether it is the latest version of source.

Error code: 8091

Error message

qboot kernel

Cause

The patch update for the kernel that is booted by using QEMU fails.

Solution

You must submit a ticket to the ECS team to resolve the issue.

Error code: 8092

Error message

package not available on the current system

Cause

The current system does not support the package that is required for vulnerability fixing.

Solution

Ignore the vulnerability in the Security Center console or wait for the vulnerability to expire. For more information, see View and handle vulnerabilities.

Error code: 8093

Error message

no space left for creating initramfs

Cause

The size of the /boot directory is insufficient space to install the new kernel.

Solution

Delete the files related to kernels of earlier versions from the /boot directory, install the new kernel, and then fix the vulnerability again.

Error code: 8094

Error message

Skipping linux-image-generic, it is not installed and only upgrades are requested.

Cause

The kernel of the required signed kernel image failed to be updated.

Solution

Ignore the vulnerability in the Security Center console or wait for the vulnerability to expire. For more information, see View and handle vulnerabilities.

Error code: 8095

Error message

vmlinuz or initramfs not exists

Cause

No vmlinuz or initramfs files are generated during the kernel update.

Solution

Uninstall and reinstall the kernel package.

Error code: 8096

Error message

installed kernel not available in grub file

Cause

The grub file is incorrectly configured during the kernel update.

Solution

Uninstall and reinstall the kernel package. You can also use the grubby command to add the grub file as a startup item.

Error code: 9002

Error message

timeout

Cause

The fixing operation timed out. This may be caused by network jitters or the server environment.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 9003

Error code: 9007

Error message

ack timeout

Cause

The upgrade of the software package times out, which may be caused by network jitters or the environment of your server.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 9008

Error message

rpm collect timeout

Cause

The collection of the data of a software package times out, which may be caused by network jitters or the server environment.

Solution

Fix the vulnerability later in the Security Center console. If the issue persists, submit a ticket to contact the technical support.

Error code: 60001

Error message

start vulfix:[Error 2] The system cannot find the file specified

Cause

The fixing process is blocked by security software and failed to be started.

Solution

Make sure that no security software blocks the process. Then, fix the vulnerability again.