All Products
Search
Document Center

Error 2003 (HY000): Failed to connect to the MySQL server

Last Updated: Jan 09, 2020

Symptom

When you connect to an RDS for MySQL or MariaDB TX instance, one of the following two errors is reported:

  • ERROR 2003 (HY000): Can’t connect to MySQL server on ‘XXX’ (10038, 10060, or 110)

  • Can’t connect to ApsaraDB: XXX

Solution

An ECS instance cannot connect to an RDS instance via an intranet

  1. Check whether the ECS instance is located in the same region as the RDS region. If they are located in different regions, see the specific solution

    s3

    s4

  2. Check whether the ECS instance runs in a different type of network from the RDS instance. If one of them runs in a classic network and the other runs in a Virtual Private Cloud (VPC), see the specific solution

    s6

    s7

  3. If the network types of the ECS instance and RDS instance are both VPC, check whether the two instances run in the same VPC. If they run in different VPCs, see the specific solution

    s8

    s9

  4. Check whether the private IP address of the ECS instance is added to the IP address whitelist for the RDS instance. If the whitelist does not contain this private IP address, see the specific solution

    s10

    s11

  5. Check whether the whitelist follows the 0.0.0.0 format.

    The valid format is 0.0.0.0/0, which indicates that all devices are allowed to connect to the RDS instance. This format has security risks. Exercise caution when you use this format.

  6. If the whitelist is set to the enhanced security mode, take these steps:

    • If you want to establish a connection via a VPC by using the private IP address of the ECS instance, ensure that this private IP address is added to the VPC group.
    • If you want to establish a connection via a classic network by using the private IP address of the ECS instance, ensure that this private IP address is added to the classic network group.
  7. Check whether the private IP address and port of the RDS instance are correct in the ECS instance configuration.

    For example, you may add the private IP address of the ECS instance to the whitelist for the RDS instance but use the public IP address of the RDS instance to establish a connection.

    s12

A device rather than an ECS instance cannot connect to an RDS instance

A device rather than an ECS instance can connect to an RDS instance only via the Internet. If the connection fails, take these steps:

  1. Check whether the IP address whitelist for the RDS instance is set. If the whitelist is not set, see Set the whitelist.

  2. Check whether the whitelist follows the 0.0.0.0 format.

    The valid format is 0.0.0.0/0, which indicates that all devices are allowed to connect to the RDS instance. This format has security risks. Exercise caution when you use this format.

  3. If the whitelist is set to the enhanced security mode, ensure that the public IP address of the device is added to the classic network group.

    The VPC group is unsuitable for communication via the Internet.

  4. If the whitelist is set, the connection fails probably because the public IP address of the device in the whitelist is not the real outbound IP address:

    • The public IP address is not fixed and may change.
    • The IP address query tool or website yields inaccurate results.

      For more information, see locate the local IP address.

  5. Check whether you are using the private IP address of the RDS instance to establish a connection. If so, use the public IP address of the RDS instance instead.

    If the RDS instance does not have a public IP address, see Set intranet and Internet addresses.

    Devices rather than ECS and DMS instances can connect to RDS instances only via physical connections.