All Products
Search
Document Center

"Can't connect to MySQL server on 'XXX'" is reported when you connect to an RDS MySQL or MariaDB instance"

Last Updated: Oct 09, 2020

Problem description

When you connect to an RDS MySQL or MariaDB instance, one of the following error messages is displayed:

  • ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX'(10038, 10060, or 110)
  • Cannot connect to the database: XXX

New solution dialog box

Alibaba Cloud reminds you that:

  • Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
  • You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
  • If you have authorized or submitted sensitive information such as the logon account and password in the Alibaba Cloud Management Console, we recommend that you modify such information in a timely manner.

This article mainly introduces the following two methods:

Solution to the problem that ECS instances cannot access RDS instances through the internal network

  1. Check whether the ECS and RDS instances are in the same region. If not, see solve the instance connection failure.
  2. Check whether the ECS and RDS instances have the same network type. If both, for example, one is classic network and the other is a proprietary network, see solve the instance connection failure.
  3. If both the ECS instance and RDS instance are in a VPC, check whether the ECS instance and RDS instance are in different VPCs. If not, see solve the instance connection failure.
  4. Check whether the private IP address of the ECS instance is added to the whitelist of the RDS instance. If not, see set a whitelist.
  5. Check whether the whitelist is 0.0.0.0. The correct format is 0.0.0.0/0.
    Description: This IP address allows any device to access the RDS instance, which poses a security risk. Use this IP address with caution.
  6. If enabled enhanced whitelist mode, please check as follows:

    • If your RDS instance resides in a VPC and is accessed by using its internal endpoint, make sure that the internal IP address of your ECS instance is added to the IP address whitelist labeled default VPC.
    • If your RDS instance resides in the classic network and is accessed by using its internal endpoint, make sure that the internal IP address of your ECS instance is added to the IP address whitelist labeled default Classic Network.
  7. Check whether the internal IP address and port of the RDS instance are correct.
    Tips you may have added the internal IP address of the ECS instance to the RDS whitelist, but you have used the public IP address of the RDS instance.

Solution: RDS instances cannot be accessed from devices outside the ECS instance

When you access the RDS instance from a device that is not included in the ECS instance, you can access the RDS instance only through the Internet. If the connection fails, the solution is as follows.

  1. Check whether an RDS whitelist is configured. If not, see set a whitelist.
  2. Check whether the whitelist is set to 0.0.0.0. An IP address whitelist must contain entries similar to 0.0.0.0/0.
    Description: This IP address allows any device to access the RDS instance, which poses a security risk. Use this IP address with caution.
  3. If enabled enhanced whitelist mode the public IP address of the device is added to the Group of the classic network.
    Description: The VPC group is not applicable to the Internet.
  4. If you have configured a whitelist, the connection may fail because the public IP address you added to the whitelist is not the real egress IP address of the SAG device. The reasons are as follows:
    Description: For the method of confirming the public IP address of the device, see locate the local IP address.
    • Public IP addresses dynamically change.
    • The tool or website that you use to query public IP addresses returns inaccurate results.
  5. Check whether the connection address is the intranet address of the RDS instance. If so, you need to change it to the Internet address.
    Note:

Application scope

  • ApsaraDB RDS for MySQL
  • Apsaradb for MariaDB TX