All Products
Search
Document Center

Error 10060 or 258: Failed to connect to the SQL Server

Last Updated: Jul 21, 2020

Symptom

When you connect an ECS instance to an RDS for SQL Server instance, the following error is reported:

A network-related or instance-specific error occurred while establishing a connection to SQL server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - No connection could be made because the target machine actively refused it.)

  • ERROR 2003 (HY000): Can’t connect to MySQL server on ‘XXX’ (10038, 10060, or 110)

  • Can’t connect to ApsaraDB: XXX

Solution

An ECS instance cannot connect to an RDS instance via an intranet

  1. Check whether the ECS instance is located in the same region as the RDS region. If they are located in different regions, see the specific solution

    s3

    s4

  2. Check whether the ECS instance runs in a different type of network from the RDS instance. If one of them runs in a classic network and the other runs in a Virtual Private Cloud (VPC), see the specific solution

    s6

    s7

  3. If the network types of the ECS instance and RDS instance are both VPC, check whether the two instances run in the same VPC. If they run in different VPCs, see the specific solution

    s8

    s9

  4. Check whether the private IP address of the ECS instance is added to the IP address whitelist for the RDS instance. If the whitelist does not contain this private IP address, see the specific solution

    s10

    s11

  5. Check whether the whitelist follows the 0.0.0.0 format.

    The valid format is 0.0.0.0/0, which indicates that all devices are allowed to connect to the RDS instance. This format has security risks. Exercise caution when you use this format.

  6. If the whitelist is set to the enhanced security mode, take these steps:

    • If you want to establish a connection via a VPC by using the private IP address of the ECS instance, ensure that this private IP address is added to the VPC group.
    • If you want to establish a connection via a classic network by using the private IP address of the ECS instance, ensure that this private IP address is added to the classic network group.
  7. Check whether the private IP address and port of the RDS instance are correct in the ECS instance configuration.

    For example, you may add the private IP address of the ECS instance to the whitelist for the RDS instance but use the public IP address of the RDS instance to establish a connection.

    s12

A device rather than an ECS instance cannot connect to an RDS instance

A device rather than an ECS instance can connect to an RDS instance only via the Internet. If the connection fails, take these steps:

  1. Check whether the IP address whitelist for the RDS instance is set. If the whitelist is not set, see Set the whitelist.

  2. Check whether the whitelist follows the 0.0.0.0 format.

    The valid format is 0.0.0.0/0, which indicates that all devices are allowed to connect to the RDS instance. This format has security risks. Exercise caution when you use this format.

  3. If the whitelist is set, the connection fails probably because the public IP address of the device in the whitelist is not the real outbound IP address:

    • The public IP address is not fixed and may change.
    • The IP address query tool or website yields inaccurate results.

      For more information, see locate the local IP address.

  4. Check whether you are using the private IP address of the RDS instance to establish a connection. If so, use the public IP address of the RDS instance instead.If the RDS instance does not have a public IP address, see Set intranet and Internet addresses.