What Can I Do If Agents Failed to Be Installed in Batches and a Message Is Displayed Indicating that the Network Is Disconnected?
Symptom
On the Asset Management > Servers & Quota page of the HSS console, the agents failed to be installed on servers in batches using the username and password. A message is displayed indicating that the network is disconnected and the access timed out.
Solution
- Check whether the server status is Running.
- If yes, go to 2 to locate the fault.
- If no, ensure that the server is running properly, and try again. The agent can be installed only when the server is in the Running state.
- Check whether the servers where the agent is to be installed are in the same VPC.
Perform the following operations:
- Log in to the management console.
- Click
in the upper left corner and select the region and project. - Click
in the upper left corner and Compute > Elastic Cloud Server. - Click the name of an ECS. The basic information page is displayed.
- In the ECS Information area, click the VPC name to go to the VPC page.
- Locate the row that contains the target VPC, and click the value in the Servers column to view all ECSs in the VPC.
Check whether all the servers you need to check are displayed.
- If yes, go to 3 to locate the fault.
- If no, the batch installation failed because the selected servers are not in the same VPC. You can use the account and password to install the agent in batches only on servers in the same VPC. You can perform batch installation by referring to Installing Agents in Batches Using Installation Commands.
- Check whether the servers where the agent is to be installed use the same account and password.
- If yes, go to 4 to locate the fault.
- If no, you can use commands to install the agent on servers by referring to Installing the Agent on Linux Servers in Batches (Using the CLI). You can use account and password to install the agent in batches only on servers that use the same account and password.
- Run the following command to check whether port 10180 on the 100.125.0.0/16 network segment is allowed in the outbound direction of the server security group:
curl -kv https://hss-agent.region code.myhuaweicloud.com:10180
Each region has a unique region code. For details about the region code, see Regions and Endpoints.
Take CN North-Beijing1 as an example. The complete command is as follows: curl -kv https://hss-agent.cn-north-1.myhuaweicloud.com:10180- If the ping command is successfully executed, the port 10180 in the 100.125.0.0/16 network segment is allowed. Go to 5 to locate the fault.
- If the page is suspended after the ping command is executed, the port 10180 in the 100.125.0.0/16 network segment is not allowed. For details about how to allow the port, see Adding a Security Group Rule.
- Run the following command to check whether the DNS of the server can resolve the domain name for downloading the agent:
ping -c 1 hss-agent.region code.myhuaweicloud.com
Each region has a unique region code. For details about the region code, see Regions and Endpoints.
Take CN North-Beijing1 as an example. The complete command is as follows: ping -c 1 hss-agent.cn-north-1.myhuaweicloud.com- If the resolved IP address is displayed, the DNS resolution is normal. Go to 6 to continue troubleshooting.
- If name or service not known is displayed or no IP address is resolved, the DNS resolution fails. Perform the following operations to modify the DNS:
- Run the following command to open the resolv.conf file:
vi /etc/resolv.conf
- Add the private DNS server address of Huawei Cloud to the file. For details about the DNS server address, see What Are Huawei Cloud Private DNS Server Addresses?
For example, if the DNS addresses of CN North-Beijing1 are 100.125.1.250 and 100.125.21.250, add nameserver 100.125.1.250 and nameserver 100.125.21.250 to the file.
- Enter wq and press Enter to save the settings.
- Run the following command to open the resolv.conf file:
- Run the following command to check whether the server can obtain metadata:
curl http://169.254.169.254/openstack/latest/meta_data.json
- If a value is returned, metadata can be obtained. Go to 7 to continue troubleshooting.
- If no value is returned or the page is suspended, rectify the fault by referring to Why Can't My Linux ECS Obtain Metadata?
- Check whether the ICPM command is disabled in the inbound direction of the server security group.
Use another server to ping the IP address of the server on which the agent is to be installed. If the IP address cannot be pinged, the ICMP command is disabled in the inbound direction of the security group. You can enable the ICMP command by referring to Adding a Security Group Rule.
Agent FAQs
- Do I Need to Install the HSS Agent After Purchasing HSS?
- Is the Agent in Conflict with Any Other Security Software?
- How Do I Install the Agent?
- How Do I Uninstall the Agent?
- What Should I Do If Agent Installation Failed?
- How Do I Fix an Abnormal Agent?
- What Is the Default Agent Installation Path?
- How Many CPU and Memory Resources Are Occupied by the Agent When It Performs Scans?
- Do Different HSS Editions Share the Same Agent?
- How Do I View Servers Where No Agents Have Been Installed?
- What Can I Do If the Agent Status Is Still "Not installed" After Installation?
- How Do I Upgrade the Agent?
- What Do I Do If the HSS Upgrade Fails?
- What If I Do Not Upgrade HSS to the New Version?
- What Resources Will Be Accessed by the Agent After It Is Installed on a Server?
- How Do I Use Images to Install Agents in Batches?
- What Do I Do If I Cannot Access the Download Link of the Windows Or Linux Agent?
- What Do I Do If Agent Upgrade Fails and the Message "File replacement failed" Is Displayed?
- What Can I Do If Agents Failed to Be Installed in Batches and a Message Is Displayed Indicating that the Network Is Disconnected?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore
