This topic describes how to resolve various issues that cause failures to connect to an ApsaraDB RDS instance.
Common connection errors
The following table describes common connection errors and the solutions to the errors.
ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB
Error message | Cause | Solution |
| Network communication is abnormal. |
For more information, see Solutions. |
ERROR 2013: Lost connection to server at 'handshake: reading initial communication packet', system error: XX | The network between the instance and the client is abnormal. | Check the network connection between the instance and the client. Note You can run the ping or telnet command to check whether the client is connected to the RDS instance. You can also use DMS to log on to the instance. |
| The IP address whitelist is not correctly configured. | |
| The username or password is invalid. | Check the username and password in the connection information.
|
| The Domain Name System (DNS) server cannot resolve the endpoint of the RDS instance. | Check the endpoint of the RDS instance or modify the IP address of the DNS server. |
[Note] [MY-010914] [Server] Aborted connection 671541 to db: 'XXX' user: 'XXX' host: 'XXX' (The client was disconnected by the server because of inactivity.). | The connection to the RDS instance is closed. | The error occurs because the client does not send requests for a long period of time and the interaction timeout period of the server ends. If the RDS instance runs MySQL, |
ApsaraDB RDS for SQL Server
Error message | Cause | Solution |
Cannot connect to XXX. A network-related or instance-specific error occurred while connecting to SQL Server. The server was not found or was inaccessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060 or 258) | Network communication is abnormal. |
For more information, see Solutions. |
Cannot connect to XXX. A connection was successfully established with the server, but an error occurred during the logon process. (provider: TCP Provider, error: 0 - The network name that you specified can no longer be used.) (Microsoft SQL Server, Error: 64) | The IP address whitelist is not correctly configured. | |
Logon failed for login 'user' due to trigger execution | The number of connections to the RDS instance reaches the upper limit. |
ApsaraDB RDS for PostgreSQL
Error message | Cause | Solution |
Unable to connect to server: could not connect to server: Connection timed out (0x0000274C/10060)Is the server running on host "XXX.rds.aliyuncs.com" and acceptingTCP/IP connections on port XXX? | Network communication is abnormal. |
For more information, see Solutions. |
| The IP address whitelist is not correctly configured. | |
FATAL: remaining connection slots are reserved for non-replication superuser connections | The number of connections to the RDS instance reaches the upper limit. | |
FATAL: password authentication failed for user "xxx". | The password is invalid. | Reset the password and try again. For more information about how to reset a password, see Reset a password. |
Errors reported when you connect to an RDS instance by using Data Management (DMS)
For more information, see Use DMS to log on to an ApsaraDB RDS for MySQL instance, Use DMS to log on to an ApsaraDB RDS for SQL Server instance, Use DMS to log on to an ApsaraDB RDS for PostgreSQL instance, and Use DMS to log on to an ApsaraDB RDS for MariaDB instance.
Error message | Cause | Solution |
The MYSQL server is running with the --rds-deny-access option so it cannot execute this statement |
| Renew the RDS instance or upgrade the storage capacity of the RDS instance |
You cannot use DMS to connect to the RDS instance. | You are not the owner of the RDS instance, and the owner of the RDS instance has not granted you the logon permissions. | |
Check whether the endpoint is valid, the IP address whitelists are correctly configured, and network communication is normal. | In most cases, this error occurs due to the following reasons when you connect a self-managed MySQL database that resides on an ECS instance or an on-premises host to the RDS instance:
|
For more information, see Solutions. |
max_user_connections | The number of connections to the RDS instance reaches the upper limit. | Resolve the issue that the number connections to the RDS instance reaches the upper limit. |
Cannot log on to the RDS instance due to issues related to the IP address whitelist. | The CIDR block of the DMS server is not added to an IP address whitelist of the RDS instance. | Add the CIDR block of the DMS server to an IP address whitelist of the RDS instance. |
Issues that cause failures to connect an ECS instance to an RDS instance over an internal network
Before you connect an ECS instance to an ApsaraDB RDS instance by using the internal endpoint of the ApsaraDB RDS instance, you must add the private IP address of the ECS instance to an IP address whitelist of the ApsaraDB RDS instance.
NoteFor more information about how to configure an IP address whitelist, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance, Configure an IP address whitelist for an ApsaraDB RDS for SQL Server instance, Configure an IP address whitelist for an ApsaraDB RDS for PostgreSQL instance, and Configure an IP address whitelist for an ApsaraDB RDS for MariaDB instance.
If you add the public IP address of the ECS instance to an IP address whitelist of the RDS instance, you cannot connect the ECS instance to the RDS instance over an internal network.
You can connect an ECS instance to an RDS instance over an internal network only when the instances reside in the same region. The instances can reside in the same zone or different zones of the same region.
Make sure that the ECS instance and the RDS instance reside in the same region.
View the region in which the ECS instance resides.
View the region in which the RDS instance resides.
If the ECS instance and the RDS instance reside in different regions, the instances cannot directly communicate with each other over an internal network. In this case, you can use one of the following methods to resolve the issue:
Method 1:
Method 2: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method delivers poor performance, security, and stability. For more information about how to apply for a public endpoint, see Apply for or release a public endpoint for an ApsaraDB RDS for MySQL instance, Apply for or release a public endpoint for an ApsaraDB RDS for SQL Server instance, Apply for or release a public endpoint for an ApsaraDB RDS for PostgreSQL instance, and Apply for or release a public endpoint for an ApsaraDB RDS for MariaDB instance.
Check network types
Make sure that the ECS instance and the RDS instance both reside in VPCs or in the classic network.
View the network type of the ECS instance.
View the network type of the RDS instance.
If one instance resides in the classic network and the other instance resides in a VPC, use one of the following methods to resolve the issue:
Methods suitable in scenarios in which the ECS instance resides in a VPC and the RDS instance resides in the classic network:
Method 1: Migrate the RDS instance from the classic network to the VPC in which the ECS instance to be connected resides. We recommend that you use this method. For more information, see Change the network type.
Method 2: Purchase an ECS instance that resides in the classic network. Take note that a VPC provides higher security than the classic network. We recommend that you use VPCs.
NoteECS instances cannot be migrated from VPCs to the classic network.
Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method delivers poor performance, security, and stability. For more information about how to apply for a public endpoint, see Apply for or release a public endpoint for an ApsaraDB RDS for MySQL instance, Apply for or release a public endpoint for an ApsaraDB RDS for SQL Server instance, Apply for or release a public endpoint for an ApsaraDB RDS for PostgreSQL instance, and Apply for or release a public endpoint for an ApsaraDB RDS for MariaDB instance.
Methods suitable in scenarios in which the ECS instance resides in the classic network and the RDS instance resides in a VPC:
Method 1: Migrate the ECS instance from the classic network to the VPC in which the RDS instance to be connected resides. You can click View Details to the right of the Network Type parameter to view the ID of the VPC in which the RDS instance resides. We recommend that you use this method. For more information, see Migrate an ECS instance.
Method 2: Change the network type of the RDS instance from VPC to classic network. Take note that a VPC provides higher security than the classic network. We recommend that you use VPCs.
Method 3: Use the ClassicLink feature to connect the classic network-type ECS instance to the VPC-type RDS instance over an internal network. For more information, see Enable ClassicLink.
NoteIf the instances cannot be connected after the ClassicLink feature is enabled, resolve the issue based on the descriptions in Troubleshoot connection issues between a classic network and a VPC after you establish a ClassicLink connection.
Method 4: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method delivers poor performance, security, and stability. For more information about how to apply for a public endpoint, see Apply for or release a public endpoint for an ApsaraDB RDS for MySQL instance, Apply for or release a public endpoint for an ApsaraDB RDS for SQL Server instance, Apply for or release a public endpoint for an ApsaraDB RDS for PostgreSQL instance, and Apply for or release a public endpoint for an ApsaraDB RDS for MariaDB instance.
If the ECS instance and the RDS instance both reside in VPCs, make sure that the instances reside in the same VPC.
View the ID of the VPC in which the ECS instance resides.
View the network type of the RDS instance.
If the ECS instance and the RDS instance reside in different VPCs, use one of the following methods to resolve the issue:
Method 1: Migrate the RDS instance to the VPC in which the ECS instance resides. We recommend that you use this method. For more information, see Change the VPC and vSwitch.
Method 2: Create a Cloud Enterprise Network (CEN) instance to establish a connection between the two VPCs. For more information about CEN, see Use CEN to enable intra-region network communication.
Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method delivers poor performance, security, and stability. For more information about how to apply for a public endpoint, see Apply for or release a public endpoint for an ApsaraDB RDS for MySQL instance, Apply for or release a public endpoint for an ApsaraDB RDS for SQL Server instance, Apply for or release a public endpoint for an ApsaraDB RDS for PostgreSQL instance, and Apply for or release a public endpoint for an ApsaraDB RDS for MariaDB instance.
If the ECS instance and the RDS instance reside in the same VPC and the same region, the ECS instance can connect to the RDS instance by using the public endpoint rather than the internal endpoint of the RDS instance, and both the ping and telnet commands return connection failures, you can resolve the issue based on the descriptions in What do I do if an ECS instance cannot connect to an ApsaraDB RDS instance due to routing problems?
Issues that cause failures to connect to an RDS instance over the internal network
Make sure that the public endpoint of the RDS instance is used for the connection. You can view the public endpoint of the RDS instance on the Database Connection page in the ApsaraDB RDS console.
Make sure that the public IP address of the on-premises device that you want to connect to the RDS instance is added to an IP address whitelist of the RDS instance. If the on-premises device can be connected to the RDS instance after 0.0.0.0/0
is added to the IP address whitelist of the RDS instance, the device IP address that you added to the IP address whitelist is incorrect. In this case, obtain the correct public IP address of an on-premises device and then add the public IP address to an IP address whitelist of the RDS instance. For more information about how to configure an IP address whitelist, see Configure an IP address whitelist for an ApsaraDB RDS for MySQL instance, Configure an IP address whitelist for an ApsaraDB RDS for SQL Server instance, Configure an IP address whitelist for an ApsaraDB RDS for PostgreSQL instance, and Configure an IP address whitelist for an ApsaraDB RDS for MariaDB instance.
A public IP address may change. If the public IP address is changed, you cannot use the original public IP address to establish a connection. To maintain a stable connection, we recommend that you use the internal endpoint of the RDS instance and add the internal IP address to the IP address whitelist of the RDS instance.
For more information, see the following topics:
Errors reported during the connection between the ECS instance and RDS instance that are created within different Alibaba Cloud accounts
You can use one of the following methods to connect the instances:
Method 1: Use a VPC peering connection. For more information, see VPC Peering Connection. We recommend that you use this method.
Method 2: Use a RAM role and RAM policy. For more information, see RAM roles.
Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method delivers poor performance, security, and stability. For more information about how to apply for a public endpoint, see Apply for or release a public endpoint for an ApsaraDB RDS for MySQL instance, Apply for or release a public endpoint for an ApsaraDB RDS for SQL Server instance, Apply for or release a public endpoint for an ApsaraDB RDS for PostgreSQL instance, and Apply for or release a public endpoint for an ApsaraDB RDS for MariaDB instance.
Reference
Troubleshoot issues due to which an ApsaraDB RDS instance cannot be connected
Application scope
ApsaraDB RDS