Problem description

To ensure successful data migration, DTS must check whether DTS servers can connect to the source database during PreCheck. This topic describes causes of check failure and how to fix the failure.

Possible cause

The PreCheck for the connectivity of the source database may fail due to the following reasons:

The database account or password is incorrect.

Detection method

Get a device that can connect to the source database. On the device, enter the database account and password that are specified in the data migration task to check whether the account and password are correct.

Note: you can verify the account and password on the server where the source database resides.

Repair Method

Log on to the DTS console, modify the data migration task, enter the correct database account and password, and then perform the PreCheck again.

The source database disallows access from specified IP addresses.

Detection method

  • You can enter the account and password that are specified in the data migration task on the server where the source database resides and connect to the database. If the connection is successful, it indicates that the source database disallows the access from the IP address.
  • If the source database is a MySQL database, you can use a MySQL client to connect to the database and run the following SQL statement to check whether the authorized IP address list in the output contains the IP address of DTS.
    ( On DTS migration when used by the IP address information, see migration, synchronization or subscribe to the local database needs to be added to the IP whitelist.
    select host,user,authentication_string,password_expired,account_locked from mysql.user WHERE user='[$Username]';
    Note: [$Username] is the account that you enter for the data migration task.
  • If the source database is an SQL Server database, check whether a firewall is set up on the Server where the SQL Server database resides. In addition, check whether the Endpoint or triggers in the source database disallows the access from the source IP address.
  • If the source database is an Oracle database, check the sqlnet.ora configuration file to make sure that the value of the tscdvalidnode_checking configuration items is yes. yes indicates that the source database disallows the access from the specified IP address.

Solution

  1. Select the following methods to rectify the vulnerability based on the type of the target database:
    • If the source database is a MySQL database, run the following SQL statement to grant permissions to the database account used for data migration.
      GRANT ALL ON *. * TO '[$UserName]'@'%' IDENTIFIED BY '[$PassWord]';
      Note:[$Username] and [$Password] indicate the database account and Password that you entered in the data migration task.
    •  If the source database is an SQL Server database, disable the firewall or triggers.
    • If the source database is Oracle, edit the sqlnet.ora configuration file drop-down list will TCP.VALIDNODE_CHECKING configuration items modify the value for no and restart the process.
  2. After you fix the problem, log on to the DTS console and run the PreCheck again.

A firewall is configured for the network or server where the source database resides.

Detection method

Please perform the following inspection steps according to the on-site conditions:

  • Check whether the server where the source database resides has a firewall enabled and a firewall policy configured.
    • If the server where the destination database resides runs Windows, open the control panel, and select Windows Firewall to check whether a firewall policy is configured for the server.
    • If the server where the destination source database resides is Linux, run the iptables-L command to check whether a firewall policy has been configured for the server.
  • Check whether the network firewall that hosts your database restricts the CIDR blocks of the DTS servers. This topic takes cloud firewall as an example.
    1. Log on to the Cloud Firewall console, in the left-side navigation pane, click access control.
    2. Check whether Cloud Firewall has a policy that prohibits the CIDR block of DTS. For more information, see the IP whitelist required for migrating, synchronizing, or subscribing to on-premises databases.

Solution

Select the following steps based on the on-site conditions:

  • The server has enabled the firewall
    • Disable the firewall for the server, log on to the DTS console, and perform the PreCheck again.
      Note: this method applies to both Windows and Linux.
    • Add the CIDR blocks of DTS servers to the whitelist of the source instance. For more information, see set whitelists and security groups.
  • The network firewall restricts the CIDR block of DTS
    Temporarily disable the network firewall where the source database resides or add the CIDR blocks of DTS to the whitelist. To use cloud firewall as an example, you can delete the policies that block the CIDR blocks of DTS.

The network is unavailable

If the connectivity check still fails after the preceding troubleshooting, the network between DTS servers and the source database may be unavailable. You can open a ticket to contact Alibaba Cloud technical support personnel.

Application scope

  • Data Transmission Service (DTS)