All Products
Search
Document Center

What do I do if I cannot connect to an ApsaraDB RDS instance

Last Updated: May 19, 2022

This topic describes how to resolve various issues that cause failures to connect to an ApsaraDB RDS instance.  

Issues that cause failures to connect an Elastic Compute Service (ECS) instance to an RDS instance over an internal network

Check regions

You can connect an ECS instance to an RDS instance over an internal network only when these instances reside in the same region. These instances can reside in the same zone or different zones of the same region.

  • Make sure that the ECS instance and the RDS instance reside in the same region.
    • View the region where the ECS instance resides.
    • View the region where the RDS instance resides.
  • If the ECS instance and the RDS instance reside in different regions, these instances cannot directly communicate over an internal network. In this case, use one of the following methods to resolve the issue:
    • Method 1: Release or unsubscribe from the ECS instance or the RDS instance. Then, purchase an ECS instance or an RDS instance that resides in the specified region.
    • Method 2: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. For more information about how to apply for a public endpoint for an RDS instance, see Apply for a public endpoint for an ApsaraDB RDS instance. This method cannot ensure optimal performance, security, or stability.

Check network types

  1. Make sure that the ECS instance and the RDS instance reside in the same type of network. This means that the ECS instance and the RDS instance must both reside in virtual private clouds (VPCs) or in the classic network.
    • View the network type of the ECS instance.
    • View the network type of the RDS instance.
  2. If one instance resides in the classic network and the other instance resides in a VPC, use one of the following methods to resolve the issue:
    • Methods suitable in scenarios in which the ECS instance resides in a VPC and the RDS instance resides in the classic network:
      • Method 1: This is the recommended method. Change the network type of the RDS instance from classic network to VPC. During the configuration process, select the VPC to which the ECS instance belongs. For more information, see Change the network type of an ApsaraDB RDS instance.
      • Method 2: Purchase an ECS instance that resides in the classic network. Take note that a VPC provides higher security than the classic network. Therefore, we recommend that you use VPCs.
        Note: ECS instances cannot be migrated from VPCs to the classic network.
      • Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. For more information about how to apply for a public endpoint for an RDS instance, see Apply for a public endpoint for an ApsaraDB RDS instance. This method cannot ensure optimal performance, security, or stability.
    • Methods suitable in scenarios in which the ECS instance resides in the classic network and the RDS instance resides in a VPC:
      • Method 1: This is the recommended method. Change the network type of the ECS instance from classic network to VPC. During the configuration process, select the VPC to which the RDS instance belongs. For more information, see Change the network type of an ECS instance.
      • Method 2: Change the network type of the RDS instance from VPC to classic network. Take note that a VPC provides higher security than the classic network. Therefore, we recommend that you use VPCs.
      • Method 3: Use the ClassicLink feature to establish an internal network connection between the ECS instance and the RDS instance.
        Note: If an internal network connection cannot be established between the ECS instance and the RDS instance after the ClassicLink feature is enabled, see What do I do if a connection cannot be established between the classic network and a VPC?
      • Method 4: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. For more information about how to apply for a public endpoint for an RDS instance, see Apply for a public endpoint for an ApsaraDB RDS instance. This method cannot ensure optimal performance, security, or stability.
  3. If the ECS instance and the RDS instance both reside in VPCs, make sure that these instances reside in the same VPC.
    • View the ID of the VPC to which the ECS instance belongs.
    • View the ID of the VPC to which the RDS instance belongs.
  4. If the ECS instance and the RDS instance reside in different VPCs, use one of the following methods to resolve the issue:
  5. If the ECS instance and the RDS instance reside in the same VPC and in the same region, but the ECS instance can connect to the RDS instance by using the public endpoint rather than the internal endpoint of the RDS instance and both the ping and telnet commands return connection failures, see What do I do if an ECS instance cannot connect to an ApsaraDB RDS instance due to routing problems?

Issues that cause failures to connect to an RDS instance over the Internet

Check endpoints

Make sure that the public endpoint of the RDS instance is used to connect to the RDS instance. You can view the public endpoint of the RDS instance on the Database Connection page in the ApsaraDB RDS console.

Check IP address whitelists

Make sure that the IP address of the on-premises device from which you want to connect to the RDS instance is added to an IP address whitelist of the RDS instance. If you can connect to the RDS instance after you add 0.0.0.0/0 to an IP address whitelist of the RDS instance, the IP address of the on-premises device is not granted access to the RDS instance. In this case, you must add the IP address of the on-premises device to an IP address whitelist of the RDS instance. For more information about how to configure an IP address whitelist for an RDS instance, see Configure an IP address whitelist for an ApsaraDB RDS instance. For more information about how to obtain the IP address of an on-premises device, see the following topics:

Common connection errors

The following table describes common connection errors and the solutions to these errors.

Scenario Error message Cause Solution
Connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB TX instance
  • ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX'(10038, 10060, or 110)
  •  
Network communication is abnormal.

Click here

  • ERROR 1045 (HY000): #28000ip not in whitelist
  • ERROR 2801 (HY000): #RDS00ip not in whitelist, client ip is XXX
  • ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error:110
The IP address whitelists of the RDS instance does not contain the IP address from which you want to connect to the RDS instance. Click here
  • ERROR 1045 (28000): Access denied for user 'XXX'@'XXX' (using password: YES or NO)
  • ERROR 1045 (28000): Authentication Failed For RDS maybe username or password is incorrect
The username or password that you entered is incorrect. Click here
  • ERROR 2005 (HY000): Unknown MySQL server host 'XXX' (110 or 11004)
  • SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known
  • Name or service not known
The DNS servers cannot resolve the endpoint of the RDS instance. Click here
Connect to an ApsaraDB RDS for SQL Server instance Cannot connect to XXX.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060 or 258)
Network communication is abnormal.

Click here

Cannot connect to XXX.

A connection was successfully established with the server, but an error occurred during the logon process. (provider: TCP Provider, error: 0 - The network name that you specified can no longer be used.) (Microsoft SQL Server, Error: 64)

The IP address whitelists of the RDS instance does not contain the IP address from which you want to connect to the RDS instance.

Click here

Logon failed for login 'user' due to trigger execution The number of connections to the RDS instance reaches the maximum number that is allowed.

Click here

cannot open user default database.Login failed

The database to which the specified account logs on by default is deleted. As a result, your logon fails.

Click here

Connect to an ApsaraDB RDS for PostgreSQL instance

Unable to connect to server:

could not connect to server: Connection timed out (0x0000274C/10060)Is the server running on host "XXX.rds.aliyuncs.com" and acceptingTCP/IP connections on port XXX?

Network communication is abnormal.

Click here

  • server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
  • Error connecting to the server: FATAL: no pg_hba.conf entry
The IP address whitelists of the RDS instance does not contain the IP address from which you want to connect to the RDS instance.

Click here

FATAL: remaining connection slots are reserved for non-replication superuser connections The number of connections to the RDS instance reaches the maximum number that is allowed.

Click here

Connect to an ApsaraDB RDS instance by using Data Management (DMS) The user specified as a definer ('user'@'a.b.c.d') does not exist The specified account cannot be found. This error may occur only when the database proxy feature is enabled for the RDS instance. Click here
The MYSQL server is running with the --rds-deny-access option so it cannot execute this statement
  • The RDS instance expires.

  • The storage capacity of the RDS instance is exhausted.

Click here
Sorry, you cannot use DMS to connect to the RDS instance. You are not the owner of the RDS instance, and the owner of the RDS instance has not granted you the permissions to log on to the RDS instance. Click here
Check whether the endpoint is valid, the IP address whitelists are correctly configured, and network communication is normal.

In most cases, this error occurs due to the following reasons when you connect a self-managed MySQL database that resides on an ECS instance or an on-premises host to the RDS instance:

  • The firewall of the ECS instance or the firewall of the on-premises host does not allow access from the RDS instance.
  • The security group to which the ECS instance belongs does not allow access from DMS.
  • The self-managed MySQL database has not started.
  • The self-managed MySQL database allows only the logons that you initiate from the ECS instance by using the credentials of the root account.
Click here
max_user_connections The number of connections to the RDS instance reaches the maximum number that is allowed. Click here
Unable to log on to the RDS instance due to issues related to IP address whitelists.

The CIDR blocks of the DMS servers are not added to an IP address whitelist of the RDS instance.

Click here

References

Applicable scope

  • ApsaraDB RDS