Help Center> Host Security Service (New)> FAQs> Agent FAQs> What Do I Do If the Agent Upgrade Fails or the Agent Status Is "Not installed" After Successful Installation?

Updated on 2022-12-28 GMT+08:00

View PDF

What Do I Do If the Agent Upgrade Fails or the Agent Status Is "Not installed" After Successful Installation?

About the Upgrade

Agent upgrade is free of charge.
Before the upgrade, ensure the Agent Status is Online.
The upgrade does not affect the workloads on your cloud servers.
After the upgrade, the billing stops on the old console and starts on the new console.
After the upgrade, your servers will be protected on HSS (New).

How the Agent Is Upgraded

After you start agent upgrade on the HSS console, the system automatically uninstalls agent 1.0 and then installs agent 2.0.

After the upgrade, the agent status may change to the following:

Upgraded: The agent has been upgraded. You can go to the HSS (New) console to check the protection status.
Upgrading: The agent is being upgraded.
Upgrade failed: The agent failed to be upgraded.

Common Causes for Abnormal Agent Status

After the automatic upgrade is complete, it takes 5 to 10 minutes for the agent status to be refreshed.

Possible causes for abnormal agent statuses are as follows:

DNS resolution failure. The agent can be upgraded only through the intranet DNS resolution. Ensure the private DNS server address is correct.
Access to port 10180 is restricted. The agent upgrade requires accessed to port 10180.
The available memory of the VM is insufficient. The agent upgrade occupies certain memory. If the available memory is less than 300 MB, the upgrade will be affected.
Failed to obtain the metadata. To upgrade the agent, you need to obtain the ID, name, and region of the server.

Locating and Fixing the Problem

DNS Resolution Failure
- Troubleshooting Procedure
  1. Use a remote management tool, such as Xftp, SecureFX, or WinSCP, to log in to the server.
  2. Run the following command to check the private DNS address of the server:
    cat /etc/resolv.conf
  3. Make a note of the DNS address and region of the server and check whether they are correct. For details, see Private DNS Server Address.
  4. If your region and DNS server address match, the problem was not caused by DNS resolution. In this case, check for other causes.
    If your region and DNS server address do not match, the problem was caused by a DNS resolution failure.
- Solution
  Check whether your services will be affected if the private DNS server address configured on the server is changed.
  - If your services will not be affected by the address change, correct the private DNS server address and retry the upgrade. For details, see Changing the Private DNS Server Address.
  - If your services will be affected by the address change, create the mapping between your server name and the current IP address, and retry the upgrade. Perform the following steps:
    1. Log in to your cloud server.
    2. Run the following command to switch to user root:
      sudo su -
    3. Run the following command to edit the hosts configuration file:
      vi /etc/hosts
    4. Press i to enter the editing mode.
    5. Add statements in the following format:
      Private_IP_address Hostname
      
      [Example]
      
      192.168.0.1 hostname01
      
      192.168.0.2 hostname02
    6. Press Esc to exit the editing mode.
    7. Run the following command to save the configuration and exit:
      :wq
Restricted Access to Port 10180
Ensure the server where the agent is to be installed or upgraded can communicate with the network segment. The security group of your server must allow outbound access to port 10180 on the 100.125.X.X/16 network segment.
- Troubleshooting Procedure
  1. In the upper left corner of the page, select a region, click , and choose Compute > Elastic Cloud Server.
  2. Click the name of the server. On the server details page that is displayed, click the Security Groups tab.
  3. Click the Outbound Rules tab and check whether port 10180 is specified in the deny policy.
    1. If it is not specified, the problem was not caused by port access restriction.
    2. If it is specified, the problem was caused by port access restriction.
- Solution
  Allow access to the port. For details, see step 8 in Configuring Security Group Rules.
Insufficient VM Memory
- Troubleshooting Procedure
  1. Use a remote management tool, such as Xftp, SecureFX, or WinSCP, to log in to the server.
  2. Run the following command to check the memory usage of the server:
    free -m
  3. Check the value of free in the command output, as shown in Figure 1.
    If the value of free is less than 300, the memory is insufficient.
    Figure 1 Querying the memory
- Solution
  - Close the applications with high memory usage.
  - Expand the memory and then retry the installation. For details about how to expand the memory capacity, see General Operations for Modifying Specifications.
Failure to Obtain Metadata
- Troubleshooting Procedure
  For details about how to check whether metadata can be obtained, see Obtaining Metadata.
- Solution
  If metadata cannot be obtained, troubleshoot the problem by following the instructions in Why Can't My Linux ECS Obtain Metadata?