After you apply an anti-ransomware policy to a server, the anti-ransomware agent or backup tasks on that server may enter an abnormal state. An abnormal state means Security Center cannot protect your files and data against ransomware. Resolve these issues as soon as possible to prevent data loss.
Prerequisites
Before you begin, ensure that you have:
An anti-ransomware policy applied to your server. For more information, see Create an anti-ransomware policy.
Before you start troubleshooting
Check the following before looking up specific error codes — most issues fall into one of these categories:
Agent version: Outdated agents are a common cause of backup failures and internal errors. If the agent is V1.0, upgrade to V2.0.
Network connectivity: The anti-ransomware agent must reach the anti-ransomware endpoints. Run
pingortelnetto verify. See Anti-ransomware endpoints.Security Center agent status: Check the Agent Status column on the Anti-ransomware for Servers tab. If the agent is offline, see Troubleshoot why the Security Center agent is offline.
Third-party security software: Security software can block agent installation and backup processes. Add the anti-ransomware agent process to the whitelist, or temporarily uninstall the security software before reinstalling the agent.
ECS instance status: A stopped ECS instance prevents agent installation and backup execution.
System clock accuracy: If the server clock deviates from the Security Center time by more than 15 minutes, backup tasks fail with time-related errors.
File cache disk space: The disk hosting the file cache must have at least 1 GB of free space.
Troubleshoot agent issues
View the error details
Log on to the Security Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center console. In the top navigation bar, select the region of the asset. You can select China or Outside China.
In the left-side navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware.
On the Anti-ransomware for Servers tab, find the anti-ransomware policy and click the
icon next to the policy name to expand the server list.Find a server in an abnormal state and click the
icon to view the error details.
Resolve the issue based on the error details shown in the Details message.
Log file locations
Use these log files to self-diagnose issues before contacting support. If your error code is not listed in the table below, collect the relevant logs and submit a ticket to contact technical support.
Installation logs
| OS | Log path |
|---|---|
| Windows | C:\Program Files (x86)\Alibaba\Aegis\PythonLoader\data\hbr.log |
| Linux | /usr/local/aegis/PythonLoader/data/hbr.log |
Backup logs — V1.0 agent
| OS | Log path |
|---|---|
| Windows | C:\Program File (x86)\Alibaba\Aegis\hbr\logs |
| Linux | /usr/local/aegis/hbr/logs |
Backup logs — V2.0 agent
| OS | Log path |
|---|---|
| Windows | C:\Program File (x86)\Alibaba\Aegis\hbrClient\logs |
| CoreOS | /opt/aegis/hbrClient/logs |
| Linux | /usr/local/aegis/hbrClient/logs |
Agent error codes and solutions
Troubleshoot backup task issues
View the error details
Log on to the Security Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center console. In the top navigation bar, select the region of the asset. You can select China or Outside China.
In the left-side navigation pane, choose Protection Configuration > Host Protection > Anti-ransomware.
In the upper-right corner of the Anti-ransomware page, click Backup Tasks.
In the Backup Tasks panel, click the Server Backup Task tab, select Failed from the Status drop-down list, and click
.
Find the backup task and click the
icon in the Status column to view the error details.
Resolve the issue based on the error details shown in the Details message.
Backup task error codes and solutions
| Error code | Details message | Cause | Solution |
|---|---|---|---|
| EXPIRED | The backup task timed out | Network errors, server restart during backup, ECS instance stopped, too many files to back up, or outdated agent. | - If network errors occur: check whether MQTT Connection Lost. appears in the backup logs. If it does, optimize your network settings.<br>- If the ECS instance stopped or restarted during backup: check whether the instance is running and whether a scheduled restart task overlaps with the backup window.<br>- If too many files caused the timeout: edit the anti-ransomware policy to remove directories that do not need to be backed up.<br>- If the agent is outdated: upgrade it to V2.0. |
| SOURCE_NOT_EXIST | Backup source path does not exist | The backup directory specified in the anti-ransomware policy does not exist on the server. | Edit the anti-ransomware policy and specify a valid backup directory. |
| OPEN_VAULT_FAILED | Failed to open backup Library | Object Storage Service (OSS) access failed during backup, or the server's local time differs from the OSS system time by more than 15 minutes. | 1. In the ECS log file hbrclient.log, find the OSS endpoint (format: oss-xxx.aliyuncs.com or oss-xxx-internal.aliyuncs.com). Run ping or telnet to check whether the endpoint is reachable.<br>2. Check whether firewalls and security groups allow outbound connections from the anti-ransomware agent.<br>3. Check whether security software is blocking network connections.<br>4. If the backup logs contain ErrorCode=RequestTimeTooSkewed, ErrorMessage="The difference between the request time and the current time is too large.": adjust the server's system clock so it matches the OSS system time (within 15 minutes), and then restart the anti-ransomware agent:<br>systemctl restart hbrclient<br>The OSS time zone matches the region where the ECS instance resides. For regions in the Chinese mainland, the time zone is UTC+8. For regions outside the Chinese mainland, the time zone matches the region's local time zone. |
| INTERNAL_ERROR / InternalError | An internal error occurred | An internal error in the backup feature, typically caused by a V1.0 anti-ransomware policy. | On the Anti-ransomware page, find the V1.0 policy and click Upgrade in the Actions column to upgrade it to V2.0. If the issue persists, collect agent logs and submit a ticket. |
| killed | The backup process is terminated by the system | The system forcefully terminated the backup process due to high CPU utilization or memory usage. | Log on to the ECS console. On the Monitoring tab of the instance details page, review CPU utilization and memory usage during the backup window. If the backup process consumed excessive resources, limit the resources it can use. For more information, see How do I resolve OOM issues on a Cloud Backup client? |
| CreateSnapshotFailed | Failed to create a backup snapshot when the backup is about to end | OSS was not accessible when the backup snapshot was being created. | Submit a ticket to contact technical support. |
| CONNECT_TO_VAULT_FAILED | Failed to access the backup vault | OSS access failed during backup. | In the ECS log file hbrclient.log, find the OSS endpoint (format: oss-xxx-internal.aliyuncs.com). Run ping or telnet on the ECS instance to check whether the endpoint is reachable. |
| AppError: ErrorCode=TooManyConcurrentJobs, ErrorMessage=TooManyConcurrentJobs | A large number of backup tasks are running, and new backup tasks cannot be run | Too much data to back up, or the previous backup task is still running when the next one is scheduled to start. | 1. Edit the anti-ransomware policy to increase the backup interval or exclude directories that do not need to be backed up.<br>2. If no historical backup data exists or no historical backup data is required: remove the server from the policy (see Manage servers in an anti-ransomware policy), and then re-add it (see Edit an anti-ransomware policy).<br>3. If the issue persists, submit a ticket. |
| EcsStopped | The ECS instance is not started | The ECS instance is stopped. | Check the ECS instance status and whether it was stopped due to overdue payments. |
| EcsReleased | The ECS instance is released | The ECS instance has been released. | No action required. |
| ClientDisconnectedAegisClientNotOnline | The Security Center agent and the anti-ransomware agent are offline | Both agents are offline. | Log on to the ECS instance, run ping or telnet to test connectivity to the anti-ransomware endpoint, and check firewall policies. See Anti-ransomware endpoints. |
| ClientDisconnected | The anti-ransomware agent is offline or an error occurs on the agent | The anti-ransomware agent is offline or has encountered an error. | 1. Log on to the ECS instance, run ping or telnet to test connectivity to the anti-ransomware endpoint, and check firewall policies. See Anti-ransomware endpoints.<br>2. After confirming network connectivity, go to the Anti-ransomware for Servers tab in the Security Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center console, click Uninstall for the server, and then click Install. |
| OOM | The memory usage is high | A large number of files in the backup directory caused memory usage to exceed the limit, and the system terminated the backup process. | See OOM error occurs. |
| JOB_CANCELED | The backup task is automatically disabled | The anti-ransomware policy applied to the server is disabled, or the anti-ransomware capacity is exhausted. | Check whether the policy is disabled. If the policy is enabled, check the used and total capacity on the Anti-ransomware page. |
| FILE_CACHE_NO_SPACE | The space used to store the file cache is insufficient | The disk hosting the file cache has less than 1 GB of free space, which is the minimum required. | Resize the disk or change the file cache directory. For more information, see Use the cache feature to accelerate data backup. |
| ApplicationFileNotExist | The files related to the anti-ransomware agent are missing | Agent files were deleted by third-party security software or manually by a user. | Add the anti-ransomware agent process to the whitelist of the security software on the server, and then reinstall the agent. |
| 0xC0000142 / 3221225794 | The backup process on the Windows operating system fails to initialize | Security software is blocking the process, a process conflict exists, or agent files are missing. | Add the anti-ransomware agent process to the whitelist of the security software on the server, and then reinstall the agent. |
| 1 / 2 | The backup process is exceptionally terminated (Error codes 1 and 2 indicate an unhandled exception in the V1.0 agent — the error is not recorded or handled.) | The V1.0 agent encountered an error that was not recorded or handled. | 1. In the Security Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center consoleSecurity Center console, go to Anti-ransomware for Servers, click Uninstall for the server, wait for the status to change to Not Installed, and then click Install to install the V2.0 agent.<br>2. If the issue persists, submit a ticket. |
| RequestTimeTooSkewed | Time deviation | The server's system clock deviates from the Security Center time by 15 minutes or more. | Adjust the system clock on the server to match the correct time. |