What Do I Do If Vulnerability Fix Failed?
If Linux or Windows vulnerabilities failed to be fixed on the HSS console, rectify the fault by following the instructions provided in this section.
Viewing the Cause of a Vulnerability Fixing Failure
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane, choose Risk Management > Vulnerabilities.
If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.
- In the upper right corner of the Vulnerabilities page, click Manage Task.
- Click the Fix Tasks tab to view the vulnerability fixing results.
- : The number displayed next to this icon indicates the number of servers that are successfully fixed.
- : The number displayed next to this icon indicates the number of servers that failed to be fixed.
- Click . In the Fix Failures dialog box, view the failure cause and description.
You can handle the vulnerability fixing failures based on the failure causes. For details, see Linux Vulnerability Fixing Failure Causes and Solutions and Windows Vulnerability Fixing Failure Causes and Solutions.
Linux Vulnerability Fixing Failure Causes and Solutions
- The kernel vulnerabilities on CCE, MRS, and BMS servers cannot be fixed. Fixing them may make some functions unavailable.
- After the kernel vulnerability is fixed, you need to restart the server. If you do not restart the server, the vulnerability alarm still exists.
- The following failure causes only contain some key fields. For details, see the information displayed on the HSS console.
Failure Cause |
Description |
Solution |
---|---|---|
timeout |
Repair timed out. |
Wait for 1 hour and try fixing the vulnerability again. If the fault persists, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support. |
This agent version does not support vulnerability verification |
The agent version is too early. |
Upgrade the agent and try fixing the vulnerability again. |
Agent status is not normal |
The agent status is abnormal. |
The agent is offline and the vulnerability cannot be fixed. Recover the agent status by referring to How Do I Fix an Abnormal Agent? and fix the vulnerability. |
Error: software have multiple versions |
A software version with vulnerabilities is not deleted. |
|
No package marked for update |
The upgrade package of a later version is not found. |
The failure cause indicates that the software has been upgraded to the latest version supported by the current image source, but the vulnerability still exists.
NOTE:
|
Error: software info not update |
||
Error: kernel is not update |
||
is already the newest version |
||
Dependencies resolved. Nothing to do. Complete! |
||
Error: Failed to download metadata for repo |
Failed to connect to the yum source. |
The server cannot connect to the image source. Check whether the server can properly connect to the external network. |
One of the configured repositories failed |
||
Errors during downloading metadata for repository |
||
Error: Cannot retrieve repository metadata |
||
Failed connect to |
||
E: Failed to fetch |
||
Error: kernel is not update |
Kernel not updated. |
|
Error: kernel info not update |
||
Please install a package which provides this module, or verify that the module is installed correctly |
The yum command is unavailable. |
Rectify the command unavailability issue based on the suggestions provided in the failure cause. |
command not found |
||
Error downloading packages |
The upgrade package fails to be downloaded. |
Check whether the server can properly connect to the Internet.
|
There are no enabled repositories |
No available sources configured. |
This fault occurs because the image source is incorrectly configured. Update the image source and fix the vulnerability again. |
Error: Cannot find a valid baseurl for repo |
||
There are no enabled repos |
||
dpkg was interrupted |
The dpkg command is unavailable. |
Rectify the command unavailability issue based on the suggestions provided in the failure cause. |
Windows Vulnerability Fixing Failure Causes and Solutions
- After a Windows patch is installed, you need to restart the server, or the following problems may occur:
- The patch does not take effect.
- When you install other system patches or software, the blue screen of death (BSOD) or startup failure may occur.
- The following failure causes only contain some key fields. For details, see the information displayed on the HSS console.
Failure Cause |
Description |
Solution |
---|---|---|
timeout |
Repair timed out. |
Wait for 1 hour and try fixing the vulnerability again. If the fault persists, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support. |
Agent status is not normal |
The agent status is abnormal. |
The agent is offline and the vulnerability cannot be fixed. Recover the agent status by referring to How Do I Fix an Abnormal Agent? and fix the vulnerability. |
This agent version does not support vulnerability verification |
The agent version is too early. |
Upgrade the agent and try fixing the vulnerability again. |
Search patch failed: Search failed, errmsg(Unknown error 0x8024401C) |
Failed to find the patch. |
The fault occurs because the Windows Update component on the server is faulty. Perform the following operations to recover the Windows Update component and fix the vulnerability again:
|
Search patch failed: Search failed, errmsg(Unknown error 0x8024402C) |
Failed to find the patch. |
The fault occurs because the Windows Update client cannot connect to the Windows Update server. Perform the following operations to recover the Windows Update component and fix the vulnerability again:
|
Search patch failed: Search failed, errmsg(Unknown error 0x80070422) |
Failed to find the patch. |
The fault occurs because Windows Update is disabled on the server. Perform the following operations to start the service and fix the vulnerability again:
|
Search patch failed: Get updates count is 0 |
Failed to find the patch. |
The fault occurs because the Windows Update of the server is faulty. Perform the following steps to locate the fault:
|
Search patch failed: Search failed,errmsg |
Failed to find the patch. |
|
Not install security patch |
Failed to find the patch. |
|
Add patch to update collection failed: Update collection count is 0 |
Failed to find the patch. |
|
Not find patch |
No patches found. |
|
Add patch to update collection failed |
Failed to install the patch. |
|
Com init failed |
Failed to call Windows Update. |
|
Download patch failed |
Failed to download the patch. |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.