All Products
Search
Document Center

What do I do if the "Can't connect to MySQL server on 'XXX'" error message is displayed when I connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB TX instance?

Last Updated: May 19, 2022

Description

When you connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB TX instance, the following error message is displayed:

  • ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX'(10038, 10060, or 110)
  • Cannot connect to a database: XXX

Solution

Take note of the following items:

  • Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
  • Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
  • If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.

This topic describes the following two methods:

Issues due to which you cannot connect an ECS instance to an RDS instance over an internal network

  1. Make sure that the ECS instance and the RDS instance reside in the same region. If the ECS instance and the RDS instance reside in different regions, these instances cannot directly communicate over an internal network. In this case, use one of the following methods to resolve the issue:
    • Method 1: Release or unsubscribe from the ECS instance or the RDS instance. Then, purchase an ECS instance or an RDS instance that resides in the specified region.
    • Method 2: Change the network types of the ECS instance and the RDS instance to Virtual Private Cloud (VPC). For more information, see Change the network type of an RDS instance. In addition, establish a connection by using Express Connect between the VPCs of the ECS instance and the RDS instance.
    • Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances. If you use Method 3, we recommend that you configure the reasonable network settings for the ECS instance and the RDS instance.
  2. Make sure that the ECS instance and the RDS instance reside in the same type of network. If one instance resides in the classic network and the other instance resides in a VPC, use one of the following methods to resolve the issue:
    • Methods suitable in scenarios in which the ECS instance resides in a VPC and the RDS instance resides in the classic network:
      • Method 1: This is the recommended method. Change the network type of the RDS instance from classic network to VPC. For more information, see Change the network type of an ApsaraDB RDS instance.
        Note: The ECS instance and the RDS instance must reside in the same VPC to communicate with each other over an internal network.
      • Method 2: Purchase an ECS instance that resides in the classic network. However, a VPC provides higher security than the classic network. We recommend that you use VPCs.
        Note: ECS instances cannot be migrated from VPCs to the classic network.
      • Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances.
    • Methods suitable in scenarios in which the ECS instance resides in the classic network and the RDS instance resides in a VPC:
      • Method 1: This is the recommended method. Change the network type of the ECS instance from classic network to VPC. For more information, see Change the network type of an ECS instance.
        Note: The ECS instance and the RDS instance must reside in the same VPC to communicate with each other over an internal network.
      • Method 2: Change the network type of the RDS instance from VPC to classic network. However, a VPC provides higher security than the classic network. We recommend that you use VPCs.
      • Method 3: Use the ClassicLink feature to establish an internal network connection between the ECS instance and the RDS instance.
        Note: If an internal network connection cannot be established between the ECS instance and the RDS instance after the ClassicLink feature is enabled, see What do I do if a connection cannot be established between the classic network and a VPC?
      • Method 4: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances.
  3. If the ECS instance and the RDS instance both reside in VPCs, make sure that these instances reside in the same VPC.
    If the ECS instance and the RDS instance reside in different VPCs, use one of the following methods to resolve the issue:
    • Method 1: This is the recommended method. Migrate the RDS instance to the VPC to which the ECS instance belongs. For more information, see Migrate an ApsaraDB RDS instance to a different VPC and a different vSwitch or Change the network type of an ApsaraDB RDS instance. Change the network type of the RDS instance from VPC to classic network. Then, change the network type of the RDS instance back to VPC. When you change the network type of the RDS instance back to VPC, select the VPC to which the ECS instance belongs.
    • Method 2: Create an Cloud Enterprise Network (CEN) instance to establish a private connection between the VPCs of the ECS instance and the RDS instance.
    • Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances.
  4. Make sure that the IP address of the ECS instance is added to an IP address whitelist of the RDS instance. For more information about how to configure an IP address whitelist for an RDS instance, see Configure an IP address whitelist for an ApsaraDB RDS instance.
  5. Check the connection between the RDS instance and the ECS instance. Run the following command on the ECS instance to test whether the ECS instance can connect to the port that is associated with the endpoint of the RDS instance.
    telnet [$RDS_IP] [$Port]
    Note:
    • [$RDS_IP] is the endpoint of the RDS instance.
    • [$Port] is the port number of the RDS instance. If the port of the RDS instance has been modified, replace the port number with the new port number. The default port number of an ApsaraDB RDS for MySQL instance is 3306, and the default port number of an ApsaraDB RDS for SQL Server instance is 3433.
    • If the ECS instance can connect to the port that is associated with the endpoint of the RDS instance, the ECS instance can connect to the RDS instance over an internal network.
    • If the ECS instance cannot connect to the port that is associated with the endpoint of the RDS instance, you must troubleshoot the network issues of the ECS instance. For more information, see What do I do if I cannot connect to an RDS instance?.

Issues due to which you cannot connect a device rather than an ECS instance to an RDS instance over the Internet

You can connect a device rather than an ECS instances to an RDS instance only over the Internet. If the connection fails, use one of the following methods to resolve the issue:

  1. Check whether the IP address of the device is added to an IP address whitelist of the RDS instance. If the IP address of the device is not added to an IP address whitelist of the RDS instance, you must add the IP address to an IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist for an ApsaraDB RDS instance.
  2. If the enhanced whitelist mode is enabled, make sure that the public IP address of the device is added to an IP address whitelist of the classic network type.
    Note: IP addresses of the VPC whitelist group are invalid for the classic network whitelist group.
  3. If the IP address of the device is added to an IP address whitelist of the RDS instance, the connections fails probably because the public IP address of the device that you added to the IP address whitelist is incorrect. The connection failure is due to the following reasons:
    Note: For more information about how to confirm the public IP address of a device, see Why am I unable to connect to my ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instance from a local server over the Internet? or How does SQL Server determine the public IP address of an external Server or client?
    • Public IP addresses dynamically change.
    • The tool or website that is used to query public IP addresses returns inaccurate results.
  4. Check whether the endpoint that you use for the connection is the internal endpoint of the RDS instance. You must use the public endpoint of the RDS instance for the connection.
    Note:

Applicable scope

  • ApsaraDB RDS for MySQL
  • ApsaraDB RDS for MariaDB TX