All Products
Document Center

:Failed to log on to the tower panel console for an ECS instance

Last Updated:Dec 24, 2020

Disclaimer: This article may contain information about third-party products. Such information is for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

Problem description

You cannot access the resource because the ECS instance fails to log on to the tower console.


May be caused by the following reasons:

  • The pagodas panel Service did not start properly.
  • The ECS instance does not have an access rule for port 8888 added to its security group.


Alibaba Cloud reminds you that:

  • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.
  1. Perform the following steps based on the on-site instance to check whether the tower panel service is started normally.
    • In Linux: run the netstat-nltpexpgrep8888 command to check whether Port 8888 is enabled.
    • In the Windows operating system: run the netstat-ano command to check whether Port 8888 is started.
  2. Log on to the ECS console, find the target instance, and click the instance ID.
  3. Go to the instance details page, click the security group of the instance and click intranet inbound rules to view whether to add an access rule for TCP port 8888 or a rule that allows access for all ports.

    If no security group rule is configured, port 8888 cannot be accessed. Follow these steps to configure a security group rule for port 8888:

    1. In the left-side navigation pane, click security groups and then click the ID of the Target security group.

    2. In the access rules section, set inbound to manual add, and set authorization policy to allow and protocol type. Select custom TCP. Set the port range to 8888/8888 , and the authorization objects to Enter the description, and then click Save.

Application scope

  • ECS