All Products
Search
Document Center

Resolve the issue that you cannot connect to an RDS instance

Last Updated: Feb 25, 2021

This topic describes how to troubleshoot the failure to connect to apsaradb for RDS. 

You cannot access an RDS instance from an ECS instance through the intranet

Check region

The ECS instance and RDS instance must be located in the same region for intranet communication. It can be the same or different zones in the same region.

  • Make sure that the ECS and RDS instances reside in the same region:
    • View the region where the ECS instance is located.
    • View the region where the RDS instance is located.
  • If the ECS instance and RDS instance reside in different regions, they cannot directly communicate with each other over an internal network. To resolve this issue, see the following methods:
    • Method 1: release or refund the ECS or RDS instance and purchase a new instance in the same region.
    • Method 2: The ECS instance connects to the RDS instance by using its public endpoint. For more information about how to apply for an external network address, see apply for an external network address. This solution has the lowest security, stability, and performance.

Check the network type of an ECS instance

  1. Make sure that the network types of the ECS and RDS instances are the same (both are Virtual Private Cloud or both are classic network).
    • View the network type of the ECS instance.
    • Views the network type of an RDS instance.
  2. If one is classic network and the other is Virtual Private Cloud, see the following methods for processing:
    • Scenarios where ECS instances use the Virtual Private Cloud while RDS instances use the classic network:
      • Method 1 (recommended): switch the RDS instance from classic network to Virtual Private Cloud with the same Virtual Private Cloud ID. For more information, see switch network type.
      • Method 2: re-purchase classic network ECS instances. However, a VPC is more secure than a classic network. We recommend that you use a VPC.
        note: you cannot migrate an ECS instance from a VPC to a classic network.
      • Method 3: The ECS instance connects to the RDS instance by using the public endpoint of the RDS instance. For more information about how to apply for an outer network address, see apply for an outer network address. This solution has the lowest security, stability, and performance.
    • Scenarios where ECS instances use the classic network while RDS instances use the Virtual Private Cloud:
      • Method 1 (recommended): Migrate the ECS instance from classic network to Virtual Private Cloud (with the same Virtual Private Cloud ID). For details, see single ECS migration example.
      • Method 2: switch the RDS instance from its VPC to its classic network. However, a VPC is more secure than a classic network. We recommend that you use a VPC.
      • Method 3: activate the ClassicLink function to enable classic network ECS instances and RDS instances in the VPC to communicate with each other through the internal network.
        note: if the network is disconnected after the ClassicLink function is enabled, see troubleshooting ideas for classic network and VPC network after the ClassicLink connection is established.
      • Method 4: The ECS instance connects to the RDS instance by using the public endpoint of the RDS instance. For more information about how to apply for an outer network address, see apply for an outer network address. This solution has the lowest security, stability, and performance.
  3. If the network type for both the ECS instance and RDS instance is Virtual Private Cloud, verify that they reside in the same Virtual Private Cloud.
    • View the Virtual Private Cloud ID. of an ECS instance
    • View the Virtual Private Cloud ID. of an RDS instance
  4. If the Virtual Private Cloud are different, see the following methods:
    • Method 1 (recommended): Migrate the RDS instance to the VPC where the ECS instance is located. For more information about the operations, see switch Virtual Private Cloud and vSwitch.
    • Method 2: establish a Cloud Enterprise Network between two VPCs.
    • Method 3: The ECS instance connects to the RDS instance by using the public endpoint of the RDS instance. This solution has the lowest security, stability, and performance.
  5. If the ECS and RDS instances are in the same VPC and region, you cannot connect to the RDS instance by using the intranet address (which can be connected by using the internet address). Both ping and telnet fail. See why ECS cannot connect to RDS instance due to routing problem.

The RDS instance cannot be accessed through the external network.

Check the connection address

Make sure that you use the internet address of the RDS instance to connect to the RDS instance. You can view the external network address of the RDS on the database connection page of the RDS console.

Check the IP address whitelist of RDS

Make sure that you have added the correct local Device IP address to the IP whitelist of the RDS instance. Temporarily add a 0.0.0.0/0 to the whitelist of the database. If the database can be accessed normally after setting the whitelist, it indicates that a problem exists with the whitelist settings. You can use the following method to obtain the correct IP address of your local device and add this address to the whitelist. For more information about how to add a whitelist, see set whitelist.

Common connection failure errors

Select a solution based on the on-site conditions and specific error information.

Database Type Error message Cause Solution
MySQL or MariaDB TX
  • ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX '(10038 or 10060 or 110)
  • Cannot connect to the database: XXX
Network Intercommunication problems.

Click this to view

  • ERROR 1045 (HY000): #28000ip not in whitelist
  • ERROR 2801 (HY000): #RDS00ip not in whitelist, client ip is XXX
  • ERROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error:110
Whitelist settings. Click this to view
  • ERROR 1045 (28000): Access denied for user 'XXX '@ 'XXX' (using password: YES or NO)
  • ERROR 1045 (28000): Authentication Failed For RDS maybe username or password is incorrect
The username or password is incorrect. Click this to view
  • ERROR 2005 (HY000): Unknown MySQL server host 'XXX ' (110 or 11004)
  • SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known
  • Name or service not known
A Domain Name System (DNS) server fails to resolve an IP address. Click this to view
SQL Server Unable to connect to XXX. Cannot connect to XXX.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server is not found or cannot be accessed. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. ( provider: TCP Provider, error: 0-the connection attempt failed because the connecting party failed to reply correctly after a period of time or the connecting host did not respond.) ( Microsoft SQL Server, error: 10060 or 258)
Network Intercommunication problems.

Click this to view

Unable to connect to XXX. Cannot connect to XXX.

A connection was successfully established to the server, but an error occurred during the login. ( provider:TCP provider, error:0-the specified network name is no longer available.) ( Microsoft SQL Server, error: 64)

Whitelist settings.

Click this to view

Logon failed for login 'user' due to trigger execution The number of connections is full.

Click this to view

cannot open user default database.Login failed

Deleted the library where the account is logged in by default, causing logon failures.

Click this to view

PostgreSQL/PPAS

Unable to connect to server:

could not connect to server: Connection timed out (0x0000274C/10060)Is the server running on host “XXX.rds.aliyuncs.com” and acceptingTCP/IP connections on port XXX?

Network Intercommunication problems.

Click this to view

  • server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request.
  • Error connecting to the server: FATAL: no pg_hba.conf entry
Whitelist settings.

Click this to view

FATAL: remaining connection slots are reserved for non-replication superuser connections The number of connections is full.

Click to view

Connect to an RDS Database through DMS The user specified as a definer ('user'@'a.b.c.d') does not exist The error message returned because the account used for logon does not exist. The problem only occurs in RDS Database proxy mode (original high-security mode). Click to view
The MYSQL server is running with the --rds-deny-access option so it cannot execute this statement
  • The RDS instance expires.

  • The disk of the RDS instance is full.

Click this to view
Sorry, you are temporarily unable to access the instance through DMS. You are not the owner of the instance. The owner of the instance has not granted you the logon permission. Click this to view
Check the correctness of the connection address, the smooth network access, and the whitelist settings.

This problem usually occurs in a self-built MySQL server. The possible causes of the problem are as follows:

  • Firewall limits for ECS instances or Firewall limits for hosts where user-created MySQL servers reside.
  • The ECS Security Group is not open to DMS.
  • The MySQL server is not started.
  • MySQL servers only allow local logon by the root account.
Click this to view
max_user_connections The number of connections to the RDS Database is full. Click this to view
Unable to log on to the database due to whitelist issues

The IP address segment of the DMS service is not added to the RDS whitelist.

Click this to view

References

Applicability

  • RDS