All Products
Search

This Product

    :What do I do if the "Can't connect to MySQL server on 'XXX'" error message is displayed when I connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB instance?

    Document Center

    :What do I do if the "Can't connect to MySQL server on 'XXX'" error message is displayed when I connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB instance?

    Last Updated:Mar 21, 2025

    Description

    When you connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB instance, one of the following error messages is displayed:

    • ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX'(10038, 10060, or 110)

    • ERROR 2002 (HY000): Can't connect to MySQL server on 'XXX' (115)

    • Cannot connect to a database: XXX

    Solution

    This topic describes the following two methods:

    • Issues due to which you cannot connect an ECS instance to an RDS instance over an internal network

    • Issues due to which you cannot connect a device rather than an ECS instance to an RDS instance over the Internet

    Issues due to which you cannot connect an ECS instance to an RDS instance over an internal network

    1. Check whether the ECS instance and the RDS instance reside in the same region. If the instances reside in different regions, resolve the issue based on the instructions provided in What do I do if I fail to connect to an ApsaraDB RDS instance?

    2. Check whether the ECS instance and the RDS instance use the same network type. If the instances use different network types, such as the classic network and virtual private cloud (VPC), resolve the issue based on the instructions provided in What do I do if I fail to connect to an ApsaraDB RDS instance?

    3. If the ECS instance and the RDS instance use the VPC type, check whether the instances reside in the same VPC. If the instances reside in different VPCs, resolve the issue based on the instructions provided in What do I do if I fail to connect to an ApsaraDB RDS instance?

    4. Check whether the private IP address of the ECS instance is added to an IP address whitelist of the RDS instance. If the private IP address of the ECS instance is not added to an IP address whitelist of the RDS instance, add the IP address to an IP address whitelist of the RDS instance.

    5. Check whether the 0.0.0.0 entry is added to an IP address whitelist of the RDS instance. The valid format is 0.0.0.0/0.

      Note

      The 0.0.0.0/0 entry indicates that all devices are allowed to access the RDS instance. This may cause security risks. Proceed with caution.

    6. If you enable the enhanced whitelist mode for the RDS instance, take note of the following items:

      1. If you use the VPC-type internal endpoint, make sure that the private IP address of the ECS instance is added to the IP address whitelist of the VPC type.

      2. If you use the classic network-type internal endpoint, make sure that the private IP address of the ECS instance is added to the IP address whitelist of the classic network type.

    7. Check whether the internal endpoint and port number of the RDS instance are correctly configured for the ECS instance.

      Note

      You may add the private IP address of the ECS instance to an IP address of the RDS instance but use the public endpoint of the RDS instance to connect the instances.

    8. Check whether the CIDR blocks of the ECS instance and the services such containers deployed on the ECS instance conflict with the CIDR block of the RDS instance. For more information, see What do I do if I am unable to connect to an ApsaraDB RDS instance and the "Destination Host Unreachable" error message is displayed when I ping the internal endpoint of the instance?

    Issues due to which you cannot connect a device rather than an ECS instance to an RDS instance over the Internet

    You can connect a device rather than an ECS instances to an RDS instance only over the Internet. If the connection fails, use one of the following methods to resolve the issue:

    1. Check whether an IP address whitelist is configured the RDS instance. If no IP address whitelists are configured, configure an IP address whitelist.

    2. Check whether the 0.0.0.0 entry is added to the IP address whitelist of the RDS instance. The valid format is 0.0.0.0/0.

      Note

      The 0.0.0.0/0 entry indicates that all devices are allowed to access the RDS instance. This may cause security risks. Proceed with caution.

    3. If you enable the enhanced whitelist mode for the RDS instance, make sure that the public IP address of the device is added to the IP address whitelist of the classic network type.

      Note

      The IP address whitelist of the VPC type is invalid for the Internet-based connections.

    4. If the IP address of the device is added to an IP address whitelist of the RDS instance but the connection still fails, the possible cause is that the public IP address of the device that you added to the IP address whitelist is incorrect. The connection failure may be caused by one of the following reasons:

      Note

      For more information about how to obtain the public IP address of a device, see What do I do if I fail to connect to an ApsaraDB RDS instance?

      • Public IP addresses dynamically change.

      • The tool or website that is used to query public IP addresses returns inaccurate results.

    5. Check whether the endpoint that you use for the connection is the internal endpoint of the RDS instance. You must use the public endpoint of the RDS instance for the connection.

      Note

    Applicable scope

    • ApsaraDB RDS for MySQL

    • ApsaraDB RDS for MariaDB