Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ Host Security Service/ FAQs/ Vulnerability Management/ What Do I Do If Vulnerability Fix Failed?

What Do I Do If Vulnerability Fix Failed?

Updated on 2025-02-12 GMT+08:00

If Linux or Windows vulnerabilities failed to be fixed on the HSS console, rectify the fault by following the instructions provided in this section.

Viewing the Cause of a Vulnerability Fixing Failure

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Risk Management > Vulnerabilities.

    NOTE:

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

  4. In the upper right corner of the Vulnerabilities page, click Manage Task.
  5. Click the Fix Tasks tab to view the vulnerability fixing results.
  6. In the Operation column of a vulnerability fix task, click View Failure Cause to view its Failure Cause and Description.

    You can handle the vulnerability fixing failures based on the failure causes. For details, see Linux Vulnerability Fixing Failure Causes and Solutions and Windows Vulnerability Fixing Failure Causes and Solutions.

Linux Vulnerability Fixing Failure Causes and Solutions

NOTICE:
  • The kernel vulnerabilities on CCE, MRS, and BMS servers cannot be fixed. Fixing them may make some functions unavailable.
  • After the kernel vulnerability is fixed, you need to restart the server. If you do not restart the server, the vulnerability alarm still exists.
  • The following failure causes only contain some key fields. For details, see the information displayed on the HSS console.

Failure Cause

Description

Solution

timeout

Repair timed out.

Wait for 1 hour and try fixing the vulnerability again. If the fault persists, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

This agent version does not support vulnerability verification

The agent version is too early.

Upgrade the agent and try fixing the vulnerability again.

Agent status is not normal

The agent status is abnormal.

The agent is offline and the vulnerability cannot be fixed. Recover the agent status by referring to How Do I Fix an Abnormal Agent? and fix the vulnerability.

Error: software have multiple versions

A software version with vulnerabilities is not deleted.

  • If this problem occurs in common software, delete the packages of the earlier versions and check whether the problem persists.
    Run the following command to check whether an error is reported when an early version package is deleted:
    rpm -e --test XXX
    NOTE:

    XXX indicates the full software component name, which contains the version number. You can run the rpm -qa command to query the full component name.

    • If an error is reported during the deletion, there are dependencies on the software package, and the package cannot be deleted. You are advised to ignore this vulnerability.
    • If no error is reported during the deletion, run the following command to delete the early version package:
      rpm -e XXX
  • If this problem occurs on kernel-related components such as Kernel and Glibc, deleting the early version package may cause OS problems. In this case, you are advised to ignore this vulnerability.

No package marked for update

The upgrade package of a later version is not found.

The failure cause indicates that the software has been upgraded to the latest version supported by the current image source, but the vulnerability still exists.

NOTE:
  • CentOS 7, CentOS 8, Debian 9 and 10, Windows 2012 R2, and Ubuntu 14.04 and earlier have reached EOL and cannot be fixed because no official patches are available. You are advised to change to the OSs in active support.
  • Ubuntu 16.04 to Ubuntu 22.04 do not support certain free patch updates. You need to subscribe to Ubuntu Pro to install upgrade packages. If Ubuntu Pro is not configured, vulnerabilities will fail to be fixed. For details about the vulnerabilities that can be fixed only after you subscribe to Ubuntu Pro, see Do I Need to Subscribe to Ubuntu Pro to Fix Ubuntu Vulnerabilities?.
  • Possible cause 1: The image source is incorrectly configured.

    Update the image source and fix the vulnerability again. For more information, see Image Source Management.

  • Possible cause 2: Kernel vulnerabilities cannot be fixed on the server.

    Fixing kernel vulnerabilities may make some functions unavailable. To fix a kernel vulnerability, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

    NOTICE:

    The kernel vulnerabilities on CCE, MRS, and BMS servers cannot be fixed. Fixing them may make some functions unavailable. Do not upgrade kernel components.

Error: software info not update

Error: kernel is not update

is already the newest version

Dependencies resolved. Nothing to do. Complete!

Error: Failed to download metadata for repo

Failed to connect to the yum source.

Check whether your server is in one of the following regions: CN North-Beijing1, CN North-Beijing4, CN East-Shanghai1, CN East-Shanghai2, CN South-Guangzhou, or CN-Hong Kong.

  • If the server is in one of these regions and cannot connect to the Internet for some reason, configure the image source provided by Huawei Cloud. For details, see How Can I Use an Automated Tool to Configure a Huawei Cloud Image Source?
  • If the server is not in any of these regions, ensure the server can access the Internet. Otherwise, the server cannot connect to the official image source or other sources.

One of the configured repositories failed

Errors during downloading metadata for repository

Error: Cannot retrieve repository metadata

Failed connect to

E: Failed to fetch

Error: kernel is not update

Kernel not updated.

  • Possible cause 1: The server is not restarted after the vulnerability is fixed.

    Solution: Restart the server. After a kernel vulnerability is fixed, you need to restart the server for the fix to take effect. Otherwise, the system will still report the vulnerability in the next scan.

  • Possible cause 2: Kernel vulnerabilities cannot be fixed on the server.

    Fixing kernel vulnerabilities may make some functions unavailable. To fix a kernel vulnerability, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Error: kernel info not update

Please install a package which provides this module, or verify that the module is installed correctly

The yum command is unavailable.

Rectify the command unavailability issue based on the suggestions provided in the failure cause.

command not found

Error downloading packages

The upgrade package fails to be downloaded.

Check whether the server can properly connect to the Internet.
  • If yes, the image source is incorrectly configured. Update the image source and fix the vulnerability again. For more information, see Configuring the Image Source.
  • If no, ensure that your server can connect to the Internet and fix the vulnerability again.

There are no enabled repositories

No available sources are configured.

This fault occurs because the image source is incorrectly configured. Update the image source and fix the vulnerability again. For more information, see Configuring the Image Source.

Error: Cannot find a valid baseurl for repo

There are no enabled repos

dpkg was interrupted

The dpkg command is unavailable.

Rectify the command unavailability issue based on the suggestions provided in the failure cause.

Create backup error

Backup creation failed.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Request vaults error

Failed to obtain storage vaults.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Vault is full

Insufficient vault space.

The space of the backup vault associated with the server is insufficient. As a result, the server cannot be backed up, and the vulnerability fails to be fixed. Expand the vault capacity and try again. For details, see Expanding Vault Capacity.

Create checkpoint error

Backup creation failed.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Obtain backup status error

Failed to obtain the backup status.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Backup status is abnormal

Abnormal backup status.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Error: grub.conf still use old version.

The OS does not have GRUB. As a result, the grub.conf file does not contain the latest kernel.

Check whether the grub2-pc-modules, grub2-tools-extra and grub2-pc software is installed on the server. If not, perform the following steps:

  1. Run the following commands to install the preceding software on the server:

    yum install grub2-pc-modules grub2-tools-extra grub2-pc -y

  2. Run the following command to check the current kernel version:

    uname -r

  3. Check the versions of all kernels.

    rpm -qa | grep kernel-[0-9]

  4. Run the following command to uninstall the kernels whose versions are later than the current kernel version.

    yum remove [Complete software name with the version number]

  5. Fix the vulnerability again.

Windows Vulnerability Fixing Failure Causes and Solutions

NOTICE:
  • After a Windows patch is installed, you need to restart the server, or the following problems may occur:
    • The patch does not take effect.
    • When you install other system patches or software, the blue screen of death (BSOD) or startup failure may occur.
  • The following failure causes only contain some key fields. For details, see the information displayed on the HSS console.

Failure Cause

Description

Solution

timeout

Repair timed out.

Wait for 1 hour and try fixing the vulnerability again. If the fault persists, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Agent status is not normal

The agent status is abnormal.

The agent is offline and the vulnerability cannot be fixed. Recover the agent status by referring to How Do I Fix an Abnormal Agent? and fix the vulnerability.

This agent version does not support vulnerability verification

The agent version is too early.

Upgrade the agent and try fixing the vulnerability again.

Search patch failed: Search failed, errmsg(Unknown error 0x8024401C)

Failed to find the patch.

The fault occurs because the Windows Update component on the server is faulty. Perform the following operations to recover the Windows Update component and fix the vulnerability again:

  1. Open the command-line interface (CLI).
  2. Run the following commands one by one:
    net stop wuauserv
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    net start wuauserv

Search patch failed: Search failed, errmsg(Unknown error 0x8024402C)

Failed to find the patch.

The fault occurs because the Windows Update client cannot connect to the Windows Update server. Perform the following operations to recover the Windows Update component and fix the vulnerability again:

  1. Check whether the network connection of the server is normal.

    Ensure your server can connect to the Internet.

  2. Clear the Windows Update cache.
    1. Open Control Panel.
    2. Click System and Security. Under Administrative Tools, click Services.
    3. Right-click Windows Update and choose Stop.
    4. Open the C:\Windows folder. Delete the SoftwareDistribution file.
    5. Right-click the Windows Update service and choose Start.
  3. Run the following commands to reset the Windows Update component:
    net stop wuauserv
    net stop cryptSvc
    net stop bits
    net stop msiserver
    ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
    ren C:\Windows\System32\catroot2 catroot2.old
    net start wuauserv
    net start cryptSvc
    net start bits
    net start msiserver

Search patch failed: Search failed, errmsg(Unknown error 0x80070422)

Failed to find the patch.

The fault occurs because Windows Update is disabled on the server. Perform the following operations to start the service and fix the vulnerability again:

  1. Open Control Panel.
  2. Click System and Security. Under Administrative Tools, click Services.
  3. Double-click the Windows Update service.
  4. In the Windows Update Properties window, set Startup type to Automatic.
  5. Click OK.

Search patch failed: Get updates count is 0

Failed to find the patch.

The fault occurs because the Windows Update of the server is faulty. Perform the following steps to locate the fault:

  1. Check whether the network connection of the server is normal.
    • If yes, go to 2.
    • If no, fix the vulnerability again after the server network connection becomes normal.
  2. Open Windows Update and check whether the patch to be installed is available.
    • If yes, install the patch and restart the server.
    • If no, check whether the failure cause contains an error code.

      If it contains an error code, search for the corresponding solution on the Microsoft official website based on the error code.

      If it does not contain any error code, reset Windows Update by referring to Reset Windows Update.

Search patch failed: Search failed,errmsg

Failed to find the patch.

Not install security patch

Failed to find the patch.

Add patch to update collection failed: Update collection count is 0

Failed to find the patch.

Not find patch

No patches found.

Add patch to update collection failed

Failed to install the patch.

Com init failed

Failed to call Windows Update.

Download patch failed

Failed to download the patch.

  • Possible cause 1: The Windows Update configuration is incorrect. This problem may occur only in Windows 2008 and 2012.

    Open Control Panel. Click Windows Update and click Change settings. Configure the following parameters:

    • Important updates: Select Download updates but let me choose when to install them.
    • Recommended update: Select this check box.
    • Microsoft Update: Deselect this check box.

    After the configuration is complete, open Windows Update and click Check for Update. After the patches to be installed are found, install them and restart the server.

  • Possible cause 2: The server has not been patched for a long time. As a result, Windows Update is abnormal.
    1. Log in to the server and open Windows Update.
    2. Click Check for Update.
    3. After the patches to be installed are found, install them and restart the server.
    NOTE:

    Some patches probably cannot be installed at a time. Check for updates after every patch installation until all patches are installed.

Some vulnerabilities have been fixed. You need to restart the server for the patch to take effect before fixing the remaining vulnerabilities.

The system is not updated to the latest version.

This vulnerability cannot be completely fixed at a time. Restart the server and try again until the vulnerability is fixed.

Create backup error

Backup creation failed.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Request vaults error

Failed to obtain storage vaults.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Vault is full

Insufficient vault space.

The space of the backup vault associated with the server is insufficient. As a result, the server cannot be backed up, and the vulnerability fails to be fixed. Expand the vault capacity and try again. For details, see Expanding Vault Capacity.

Create checkpoint error

Backup creation failed.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Obtain backup status error

Failed to obtain the backup status.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

Backup status is abnormal

Abnormal backup status.

Wait for 10 minutes and try again. If the retry still fails, choose Service Tickets > Create Service Ticket in the upper right corner of the Huawei Cloud management console to contact technical support.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback