ApsaraDB RDS:What do I do if I fail to connect to an ApsaraDB RDS instance?

Error message

Cause

Solution

• ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX'(10038, 10060, or 110)

• Cannot connect to a database: XXX

Network communication is abnormal.

• Make sure that the Elastic Compute Service (ECS) instance and the RDS instance reside in the same region.

• Make sure that the ECS instance and the RDS instance use the same network type.

• Make sure that the ECS instance and the RDS instance reside in the same virtual private cloud (VPC).

• Make sure that the private IP address of the ECS instance is added to an IP address whitelist of the RDS instance.

For more information, see Solutions.

• ERROR 1045 (HY000): #28000ip not in whitelist

• ERROR 2801 (HY000): #RDS00ip not in whitelist, client ip is XXX

• ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error:110

The IP address whitelist is not correctly configured.

Check the IP address whitelist of the RDS instance

• ERROR 1045 (28000): Access denied for user 'XXX'@'XXX' (using password: YES or NO)

• ERROR 1045 (28000): Authentication Failed For RDS maybe username or password is incorrect

The username or password is invalid.

Check the username and password in the connection information.

• ApsaraDB RDS does not provide root accounts. If you need an account, you can create one. For more information, see Create an account.

• If the password contains special characters, the special characters must be enclosed in single quotation marks (''). For example, use -p 'XXX' in a command.

• If you forget the password of the account that is used to connect to the RDS instance, log on to the ApsaraDB RDS console and go to the Accounts page of the RDS instance. Then, change the password of the account.

  Note

  After you change the password, the new password takes effect a few minutes later.

• ERROR 2005 (HY000): Unknown MySQL server host 'XXX' (110 or 11004)

• SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known

• Name or service not known

• unknown server host

The Domain Name System (DNS) server cannot resolve the endpoint of the RDS instance.

1. Check whether the input endpoint (connection string) of the RDS instance is correct. The error may be caused by the following reasons:

   • The endpoint is incorrectly input. The endpoint of an RDS instance is in the following format: rm-xxx.xxx.rds.aliyuncs.com.

   • The input public endpoint of the instance has been manually released.

   • The input endpoint is truncated by the application because it exceeds the maximum length defined by the application.

2. If you confirm that the input endpoint is correct and the error is still reported, change your DNS server address to the address of Alibaba Cloud's DNS server.

   • If you connect to the RDS instance through the classic network, change your DNS server address to 10.143.22.116 or 10.143.22.118.

   • If you connect to the RDS instance through a VPC, change your DNS server address to 100.100.2.136 or 100.100.2.138.

   • If you connect to the RDS instance through the Internet, change your DNS server address to 223.5.5.5 or 223.6.6.6.

ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded:

/usr/xx/xx/caching_sha2_password.so: cannot open shared object file: No such file or directory

MySQL cannot load the caching_sha2_password authentication plug-in.

• Client running MySQL 8.0: By default, MySQL 8.0 uses the caching_sha2_password plug-in. However, the plug-in may be missing in specific systems or due to specific installation methods. If the plug-in is missing, you can use one of the following methods to resolve the issue:

  • Method 1: Use a privileged account to log on to MySQL and execute the following statements to modify plug-in settings for reconnection.

    ALTER USER 'your_username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_password';
    FLUSH PRIVILEGES;

  • Method 2: Install MySQL again to fix the plug-in.

    sudo yum reinstall mysql-server

• Client running MySQL 5.x: The client version is outdated and does not support the caching_sha2_password plug-in. In this case, install MySQL 8.0.

  sudo yum install mysql-server

[Note] [MY-010914] [Server] Aborted connection 671541 to db: 'XXX' user: 'XXX' host: 'XXX' (The client was disconnected by the server because of inactivity.).

The connection to the RDS instance is closed.

The error occurs because the client does not send requests for a long period of time and the interaction timeout period of the server ends. If the RDS instance runs MySQL, interactive_timeout or wait_timeout is used to specify an interaction timeout period. Check the configuration of the RDS instance and adjust the timeout settings based on your business requirements. This prevents unexpected disconnections.

Access denied for user 'root'@'XXX' (using password: YES) to database 'XX'

MySQL denies access to the RDS instance from the ECS instance by using the root account.

By default, MySQL allows only the logons that you initiate from the localhost by using the credentials of the root account. Logons from remote IP addresses are denied. In this case, create a dedicated account to connect to the RDS instance.

-- Create a dedicated account that is allowed to connect to the instance only from the IP address of the ECS instance.
CREATE USER '<user_name>'@'<172.16.XX.XX>' IDENTIFIED BY '<password>';
-- Grant permissions on the required database based on the Principle of Least Privilege (PoLP).
GRANT SELECT, INSERT, UPDATE, DELETE ON <database_name>.* TO '<user_name>'@'<172.16.XX.XX>';
FLUSH PRIVILEGES;

Error message

Cause

Solution

Cannot connect to XXX. A network-related or instance-specific error occurred while connecting to SQL Server. The server was not found or was inaccessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060 or 258)

Network communication is abnormal.

• Make sure that the ECS instance and the RDS instance reside in the same region.

• Make sure that the ECS instance and the RDS instance use the same network type.

• Make sure that the ECS instance and the RDS instance reside in the same VPC.

• Make sure that the private IP address of the ECS instance is added to an IP address whitelist of the RDS instance.

• Check whether the internal endpoint and port number of the RDS instance are correctly configured for the ECS instance.

For more information, see Solutions.

Cannot connect to XXX.

A connection was successfully established with the server, but an error occurred during the logon process. (provider: TCP Provider, error: 0 - The network name that you specified can no longer be used.) (Microsoft SQL Server, Error: 64)

The IP address whitelist is not correctly configured.

Check the IP address whitelist of the RDS instance.

Logon failed for login 'user' due to trigger execution

The number of connections to the RDS instance reaches the upper limit.

Check whether the number of connections to the RDS instance reaches the upper limit and whether blocked connections exist.

Error message

Cause

Solution

Unable to connect to server:

could not connect to server: Connection timed out (0x0000274C/10060)Is the server running on host "XXX.rds.aliyuncs.com" and acceptingTCP/IP connections on port XXX?

Network communication is abnormal.

• Confirm the connection method and select an endpoint. Obtain the endpoint on the Database Connection page of the ApsaraDB RDS console.

  • Internal Endpoint: You can connect to the RDS instance from an ECS instance that resides in the same region and use the same network type as the RDS instance. If the network type is VPC, the VPC IDs must also be the same.

  • Public Endpoint: You can connect to the RDS instance from an on-premises device or an ECS instance that does not meet the conditions for connections over internal networks.

    Note

    You must manually apply for a public endpoint. For more information, see Apply for or release a public endpoint.

• Check whether the IP address of the ECS instance on which your application resides or the IP address of the on-premises device is added to the IP address whitelist of the RDS instance. Alternatively, check whether the IP address whitelist of the RDS instance is correctly configured. For more information, see Configure an IP address whitelist.

  Note

  You can run the curl ipinfo.io/ip command to query the public IP address of the on-premises client.

• If you enable the enhanced whitelist mode, check whether the IP address whitelist is added to the required group. For more information, see Enhanced whitelist mode.

For more information, see Solutions.

• server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.

• Error connecting to the server: FATAL: no pg_hba.conf entry

The IP address whitelist is not correctly configured.

Configure an IP address whitelist for an RDS instance.

FATAL: remaining connection slots are reserved for non-replication superuser connections

The number of connections to the RDS instance reaches the upper limit.

Stop the process for adding connections

FATAL: password authentication failed for user "xxx".

The password is invalid.

Reset the password and try again.

For more information about how to reset a password, see Reset a password.