This topic describes how to resolve the issue due to which you cannot connect an Elastic Compute Service (ECS) instance to an ApsaraDB RDS for SQL Server instance over an internal network or connect another device to an RDS instance over the Internet.
Problem description
When you connect an ECS instance to an RDS instance over an internal network, the following error message is displayed:
Cannot connect to XXX Cannot connect to XXX.
When you attempt to connect to an ApsaraDB RDS for SQL Server instance, a network-related or instance-specific error occurs. The server was not found or was inaccessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ) (Microsoft SQL Server, Error code: 10060 or 258)Solutions
Take note of the following items:
Before you perform high-risk operations, such as modifying the configurations or data of an instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure the security of your data.
Before you modify the configurations or data of an instance, such as an ECS instance or an RDS instance, we recommend that you create snapshots or enable backup for the instance. For example, you can enable log backup for an RDS instance.
If you granted permissions on sensitive information or submitted sensitive information, such as usernames and passwords, in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.
Issues due to which you cannot connect an ECS instance to an RDS instance over an internal network
Make sure that the IP address of the ECS instance is added to an IP address whitelist of the RDS instance.
Before you use an internal endpoint of the RDS instance to connect the ECS instance to the RDS instance, you must add the private IP address of the ECS instance to an IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist and How do I query the IP address of an ECS instance?
NoteIf you add only the public IP address of the ECS instance to an IP address whitelist of the RDS instance, you cannot use the internal endpoint of the RDS instance to connect the ECS instance to the RDS instance.
Make sure that the ECS instance and the RDS instance reside in the same region.
You can connect an ECS instance to an RDS instance over an internal network only when these instances reside in the same region. These instances can reside in the same zone or different zones of the same region.
View the region in which the RDS instance resides.
View the region in which the ECS instance resides.
If the ECS instance and the RDS instance reside in different regions, these instances cannot directly communicate with each other over an internal network. In this case, you can use one of the following methods to resolve the issue:
Method 1:
Method 2:
Use the public endpoint of the RDS instance to connect the ECS instance to the RDS instance over the Internet. This method cannot deliver optimal performance or high security and stability. For more information, see Apply for or release a public endpoint.
Method 3:
If the network type of the RDS instance and ECS instance is virtual private cloud (VPC), use a Cloud Enterprise Network (CEN) instance to connect the VPCs of the instances across regions. For more information, see Overview.
Make sure that the ECS instance and the RDS instance reside in VPCs or in the classic network.
View the network type of the RDS instance on the instance details page.
View the network type of the ECS instance.
If one instance resides in the classic network and the other instance resides in a VPC, use one of the following methods to resolve the issue:
ImportantAlibaba Cloud resources that use the classic network type are being phased out. If your RDS instances or ECS instances use the classic network type, we recommend that you change the network type of the instances to VPC. For more information, [Product changes/Feature changes] Alibaba Cloud plans to phase out ApsaraDB RDS instances of the classic network type and EOL notice for Alibaba Cloud ECS instances in the classic network.
Methods suitable in scenarios in which the ECS instance resides in a VPC and the RDS instance resides in the classic network:
Method 1: Migrate the RDS instance from the classic network to the VPC in which the ECS instance to be connected resides. This is the recommended method. For more information, see Change the network type.
Method 2: Use the public endpoint of the RDS instance to connect the ECS instance to the RDS instance over the Internet. This method cannot deliver optimal performance or high security and stability. For more information, see Apply for or release a public endpoint.
Methods suitable in scenarios in which the ECS instance resides in a classic network and the RDS instance resides in a VPC:
Method 1: Migrate the ECS instance from the classic network to the VPC in which the RDS instance to be connected resides. This is the recommended method. You can click View Connection Details on the right side of the Network Type page to view the ID of the VPC where the RDS instance resides. For more information, see Migrate ECS instances from a classic network to a VPC.
Method 2: Use the ClassicLink feature to establish an internal network connection between the classic network-type ECS instance and the VPC-type RDS instance. For more information about the ClassicLink feature, see Enable ClassicLink.
NoteIf the internal network connection between classic network-type ECS instance and the VPC-type RDS instance cannot be established after the ClassicLink feature is used, handle the issue based on the descriptions in Troubleshoot connectivity issues between a classic network and a VPC after you establish a ClassicLink connection.
Method 3: Use the public endpoint of the RDS instance to connect the ECS instance to the RDS instance.This method cannot deliver optimal performance or high security and stability. For more information about how to apply for a public endpoint, see Apply for or release a public endpoint.
If the ECS instance and the RDS instance use the VPC network type, check whether the ECS instance and the RDS instance reside in the same VPC.
View the VPC ID of the RDS instance.
View the VPC ID of the ECS instance.
If the ECS instance and the RDS instance reside in different VPCs, use one of the following methods to resolve the issue:
Method 1: Migrate the ECS instance to the VPC in which the RDS instance resides. This is the recommended method. For more information, see Change the VPC of an ECS instance.
Method 2: Migrate the RDS instance to the VPC in which the ECS instance resides. For more information, see Change the VPC and vSwitch.
Method 3: Create a CEN instance to establish a connection between the two VPCs. For more information, see Use CEN to enable intra-region network communication.
Method 4: Use the public endpoint of the RDS instance to connect the ECS instance to the RDS instance. This method cannot deliver optimal performance or high security and stability. For more information about how to apply for a public endpoint, see Apply for or release a public endpoint.
Check whether the
0.0.0.0entry is added to an IP address whitelist of the RDS instance. The valid format is0.0.0.0/0.Important0.0.0.0/0indicates that all devices can access the RDS instance. This may cause potential security risks. Proceed with caution.Check whether the IP address and port number of the RDS instance are correctly configured for the ECS instance. For more information, see View and change the endpoints and port numbers.
Issues due to which you cannot connect a device rather than an ECS instance to an RDS instance over the Internet
We recommend that you use an internal domain name instead of an IP address to access the RDS instance. The IP address may change as the RDS instance is migrated.
You can connect a device rather than an ECS instances to an RDS instance only over the Internet. If the connection fails, perform the following steps to resolve the issue:
Check whether the endpoint that you use for the connection is the internal endpoint of the RDS instance.
You must change the endpoint to the public endpoint of the RDS instance. For more information, see View and change the endpoints and port numbers.
NoteIf you want to connect a device rather than an ECS instance or Data Management (DMS) to the RDS instance over an internal network, use Express Connect circuits. For more information, see What is a connection over an Express Connect circuit?
Check whether the IP address of the device is added to an IP address whitelist of the RDS instance. If the IP address of the device is not added to an IP address whitelist of the RDS instance, you must add the IP address to an IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist.
The whitelist is set to
0.0.0.0. The valid format is0.0.0.0/0.Important0.0.0.0/0indicates that all devices can access the RDS instance. This may cause potential security risks. Proceed with caution.If the IP address of the device is added to an IP address whitelist of the RDS instance, the connections fails probably because the public IP address of the device that you added to the IP address whitelist is incorrect. This issue occurs due to one of the following reasons:
The public IP address dynamically changes.
The tool or website that is used to query public IP addresses returns inaccurate results.
NoteFor more information about how to obtain the public IP address, see How do I obtain the public IP address of an external server or a client that is connected to an ApsaraDB RDS for SQL Server instance?
Application scope
ApsaraDB RDS for SQL Server