ApsaraDB RDS:A network-related or instance-specific error occurred while establishing a connection to SQL Server

Problem description

When you connect to an apsaradb RDS for SQL Server instance from your ECS instance over the internal network, the following error message is displayed.

Unable to connect to XXX. Cannot connect to XXX.
A network-related or instance-specific error occurred while establishing a connection with SQL Server. The server was not found or could not be accessed. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0-the connection attempt fails because the receiver does not reply correctly after a certain period of time or the connected host does not respond.) (Microsoft SQL Server, error: 10060 or 258)

New solution dialog box

Alibaba Cloud reminds you that:

• Before you perform operations that may cause risks, such as modifying instance configurations or data, we recommend that you check the disaster recovery and fault tolerance capabilities of the instances to ensure data security.
• You can modify the configurations and data of instances including but not limited to Elastic Compute Service (ECS) and Relational Database Service (RDS) instances. Before the modification, we recommend that you create snapshots or enable RDS log backup.
• If you have authorized or submitted security information such as the logon account and password in the Alibaba Cloud Management console, we recommend that you modify such information in a timely manner.

This article introduces solutions to the following two types of scenarios:

• Solution to the problem that ECS instances cannot access RDS instances through the internal network
• Solution: RDS instances cannot be accessed from devices outside the ECS instance

Solution to the problem that ECS instances cannot access RDS instances through the internal network

1. Check whether the ECS and RDS instances are in the same region. If not, see solve the instance connection failure.
2. Check whether the ECS and RDS instances have the same network type. If both, for example, one is classic network and the other is a proprietary network, see solve the instance connection failure.
3. If both the ECS instance and RDS instance are in a VPC, check whether the ECS instance and RDS instance are in different VPCs. If not, see solve the instance connection failure.
4. Check whether the private IP address of the ECS instance is added to the whitelist of the RDS instance. If not, see set a whitelist.
5. Check whether the whitelist is 0.0.0.0. The correct format is 0.0.0.0/0.
   

   Description: This IP address allows any device to access the RDS instance, which poses a security risk. Use this IP address with caution.

6. Check whether the internal IP address and port of the RDS instance are correct.

Solution: RDS instances cannot be accessed from devices outside the ECS instance

When you access the RDS instance from a device that is not included in the ECS instance, you can access the RDS instance only through the Internet. If the connection fails, the solution is as follows.

1. Check whether the connection address is the intranet address of the RDS instance. If so, you need to change it to the Internet address.
   

   Note:
   

   • If the RDS instance does not have an Internet address, please apply public IP address.
   • ECS and DMS devices outside of the cluster cannot access RDS through the intranet express Connect circuit).

2. Check whether an RDS whitelist is configured. If not, see set a whitelist.
3. Check whether the whitelist is set to 0.0.0.0. An IP address whitelist must contain entries similar to 0.0.0.0/0.
   

   Description this IP address allows all devices to access the RDS instance. Use this IP address with caution because it poses a security risk.

4. If you have configured a whitelist, the connection may fail because the public IP address you added to the whitelist is not the real egress IP address of the SAG device. The reason is shown below.
   

   Description: For the method of confirming the public IP address of the device, see locate the local IP address.

   • Public IP addresses dynamically change.
   • The tool or website that you use to query public IP addresses returns inaccurate results.

Application scope

• Apsaradb for SQL Server