:What do I do if the "Can't connect to MySQL server on 'XXX'" error message is displayed when I connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB instance?

Description

When you connect to an ApsaraDB RDS for MySQL instance or an ApsaraDB RDS for MariaDB instance, the following error message is displayed:

• ERROR 2003 (HY000): Can't connect to MySQL server on 'XXX'(10038, 10060, or 110)

• Cannot connect to a database: XXX

Solution

This topic describes the following two methods:

• Issues due to which you cannot connect an ECS instance to an RDS instance over an internal network

• Issues due to which you cannot connect a device rather than an ECS instance to an RDS instance over the Internet

Issues due to which you cannot connect an ECS instance to an RDS instance over an internal network

1. Make sure that the ECS instance and the RDS instance reside in the same region. If the ECS instance and the RDS instance reside in different regions, these instances cannot directly communicate over an internal network. In this case, use one of the following methods to resolve the issue:

   • Method 1: Release or unsubscribe from the ECS instance or the RDS instance. Then, purchase an ECS instance or an RDS instance that resides in the specified region.

   • Method 2: Change the network types of the ECS instance and the RDS instance to Virtual Private Cloud (VPC). For more information, see Change the network type of an RDS instance. In addition, establish a connection by using Express Connect between the VPCs of the ECS instance and the RDS instance.

   • Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances. If you use Method 3, we recommend that you configure the reasonable network settings for the ECS instance and the RDS instance.

2. Make sure that the ECS instance and the RDS instance reside in the same type of network. If one instance resides in the classic network and the other instance resides in a VPC, use one of the following methods to resolve the issue:

   • Methods suitable in scenarios in which the ECS instance resides in a VPC and the RDS instance resides in the classic network:

     • Method 1: This is the recommended method. Change the network type of the RDS instance from classic network to VPC.

       Note

       The ECS instance and the RDS instance must reside in the same VPC to communicate with each other over an internal network.

     • Method 2: Purchase an ECS instance that resides in the classic network. However, a VPC provides higher security than the classic network. We recommend that you use VPCs.

       Note

       ECS instances cannot be migrated from VPCs to the classic network.

     • Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances.

   • Methods suitable in scenarios in which the ECS instance resides in the classic network and the RDS instance resides in a VPC:

     • Method 1: This is the recommended method. Change the network type of the ECS instance from classic network to VPC.

       Note

       The ECS instance and the RDS instance must reside in the same VPC to communicate with each other over an internal network.

     • Method 2: Change the network type of the RDS instance from VPC to classic network. However, a VPC provides higher security than the classic network. We recommend that you use VPCs.

     • Method 3: Use the ClassicLink feature to establish an internal network connection between the ECS instance and the RDS instance.

       Note

       If an internal network connection cannot be established between the ECS instance and the RDS instance after the ClassicLink feature is enabled.

     • Method 4: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances.

3. If the ECS instance and the RDS instance both reside in VPCs, make sure that these instances reside in the same VPC. If the ECS instance and the RDS instance reside in different VPCs, use one of the following methods to resolve the issue:

   • Method 1: This is the recommended method. Migrate the RDS instance to the VPC to which the ECS instance belongs. Change the network type of the RDS instance from VPC to classic network. Then, change the network type of the RDS instance back to VPC. When you change the network type of the RDS instance back to VPC, select the VPC to which the ECS instance belongs.

   • Method 2: Create an Cloud Enterprise Network (CEN) instance to establish a private connection between the VPCs of the ECS instance and the RDS instance.

   • Method 3: Connect the ECS instance to the RDS instance by using the public endpoint of the RDS instance. This method cannot ensure optimal performance, security, or stability of the instances.

4. Make sure that the IP address of the ECS instance is added to an IP address whitelist of the RDS instance. For more information about how to configure an IP address whitelist for an RDS instance, see Configure an IP address whitelist for an ApsaraDB RDS instance.

5. Check the connection between the RDS instance and the ECS instance. Run the following command on the ECS instance to test whether the ECS instance can connect to the port that is associated with the endpoint of the RDS instance.

   telnet [$RDS_IP] [$Port]

   Note

   • [$RDS_IP] is the endpoint of the RDS instance.

   • [$Port] is the port number of the RDS instance. If the port of the RDS instance has been modified, replace the port number with the new port number. The default port number of an ApsaraDB RDS for MySQL instance is 3306, and the default port number of an ApsaraDB RDS for SQL Server instance is 3433.

   • If the ECS instance can connect to the port that is associated with the endpoint of the RDS instance, the ECS instance can connect to the RDS instance over an internal network.

   • If the ECS instance cannot connect to the port that is associated with the endpoint of the RDS instance, you must troubleshoot the network issues of the ECS instance. For more information, see What do I do if I cannot connect to an RDS instance?.

Issues due to which you cannot connect a device rather than an ECS instance to an RDS instance over the Internet

You can connect a device rather than an ECS instances to an RDS instance only over the Internet. If the connection fails, use one of the following methods to resolve the issue:

1. Check whether the IP address of the device is added to an IP address whitelist of the RDS instance. If the IP address of the device is not added to an IP address whitelist of the RDS instance, you must add the IP address to an IP address whitelist of the RDS instance. For more information, see Configure an IP address whitelist for an ApsaraDB RDS instance.

2. If the enhanced whitelist mode is enabled, make sure that the public IP address of the device is added to an IP address whitelist of the classic network type.

   Note

   IP addresses of the VPC whitelist group are invalid for the classic network whitelist group.

3. If the IP address of the device is added to an IP address whitelist of the RDS instance, the connections fails probably because the public IP address of the device that you added to the IP address whitelist is incorrect. The connection failure is due to the following reasons:

   Note

   For more information about how to confirm the public IP address of a device, see Why am I unable to connect to my ApsaraDB RDS for MySQL or ApsaraDB RDS for MariaDB instance from a local server over the Internet? or How does SQL Server determine the public IP address of an external Server or client?

   • Public IP addresses dynamically change.

   • The tool or website that is used to query public IP addresses returns inaccurate results.

4. Check whether the endpoint that you use for the connection is the internal endpoint of the RDS instance. You must use the public endpoint of the RDS instance for the connection.

   Note

   • If the RDS instance does not have a public endpoint, you must apply for a public endpoint. For more information about how to apply for a public endpoint for an RDS instance, see Apply for a public endpoint for an ApsaraDB RDS instance.

   • Devices rather than an ECS instance and Data Management (DMS) cannot connect to the RDS instance by using the internal endpoint unless Express Connect circuits are used for a connection. For more information, see Use DMS to log on to an ApsaraDB RDS for MySQL instance and What is a connection over an Express Connect circuit?

Applicable scope

• ApsaraDB RDS for MySQL

• ApsaraDB RDS for MariaDB