The failure of an on-premises device to connect to an ApsaraDB for Redis instance over the Internet may be caused by various reasons, such as using an incorrect endpoint, not adding the public IP address of the device to a whitelist of the instance, or using incorrect credentials. This topic describes the common issues that may occur when you connect an on-premises device to an ApsaraDB for Redis instance over the Internet and the solutions to the issues.
Troubleshooting process for Internet connection issues of an on-premises device
Step 1: Check whether the error message is invalid password, WRONGPASS, or NOAUTH Authentication required
If the error message is connection timed out or no explicit error message is displayed, skip Step 1 and proceed to Step 2.
Error description
If the error message is invalid password, WRONGPASS invalid username-password pair, or NOAUTH Authentication required, the account and password are incorrect.
Solution
Use a password in the
<user>:<password>format to re-establish the connection. For example, if the username of a custom account istestaccountand the password isRp829dlwa, entertestaccount:Rp829dlwaas the password.If a password error is still reported when you use a password in the
<user>:<password>format to reconnect the on-premises device to the ApsaraDB for Redis instance, you may have entered a wrong password. In this case, reset the password and use the new password to re-establish the connection. For more information about how to reset the password, see Change or reset the password.
Step 2: Run the ping command to check whether the on-premises device is connected to the ApsaraDB for Redis instance
Procedure
Run the ping command on the on-premises device.
ping <host>Example: ping r-bp1zx****.redis.rds.aliyuncs.com
Result description
If the ping operation is successful, the network is connected, as shown in the following figure. You can proceed to Step 3 for further troubleshooting.
Linux
In Linux, the system continuously sends ping requests after the ping command is run. You can press Ctrl+C to stop the execution and collect statistics, as shown in the following figure.
Windows
In Windows, the system returns the test result after the ping command is run four times, as shown in the following figure.
If a message similar to
0 packets received,100.0% packet lossis returned, the network is not connected.Check whether the endpoint that you use is the public endpoint of the instance.
If a message similar to
Unknown hostorName or service not knownis returned, an error occurs during address resolution.Check whether the endpoint that you use has spelling mistakes.
Common causes
A Virtual Private Cloud (VPC) endpoint is used to connect to the ApsaraDB for Redis instance.
To connect an on-premises device to an ApsaraDB for Redis instance, you must use a public endpoint.
The endpoint has spelling mistakes.
The IP address cannot be resolved because the endpoint is misspelled or the domain name fails to be resolved.
Solution
In the Connection Information section of the Instance Information page in the ApsaraDB for Redis console, view the public endpoint of the ApsaraDB for Redis instance. Copy the public endpoint and rerun the ping command.
ImportantIf the public endpoint is not displayed in the console, click Apply for Endpoint in the Actions column. For more information, see Apply for a public endpoint for an ApsaraDB for Redis instance.
You cannot apply for public endpoints for cloud-native cluster instances in direct connection mode.
If the public endpoint used to connect to the instance is correct but the instance still fails to be pinged, check whether the domain name resolution fails. For more information, see Troubleshoot connection issues caused by failed DNS resolution.
Step 3: Run the telnet command to check whether the service port is available
Procedure
Run the telnet command on the on-premises device.
telnet <host> <port>Example: telnet r-bp1zx****.redis.rds.aliyuncs.com 6379
Result description
If Connected to ... is returned or the telnet interface is displayed as shown in the following figure, the connection is established.
If the instance is a classic instance, you must check the whitelist even after the telnet operation is successful. Only the IP addresses in the whitelist can access the database. For information about how to check the whitelist, see Step 4: Check the whitelist.
Linux
The following output indicates that the connection is established by using telnet on a Linux system.
Windows
The following output indicates that the connection is established by using telnet on a Windows system.
If the "Connection timed out" or "Connect failed" message is displayed, the connection fails.
Common causes and solutions
The whitelist is incorrectly configured or no whitelist is configured. For more information, see Step 4: Check the whitelist.
Step 4: Check the whitelist
In most cases, connection failure occurs because the whitelist is incorrectly configured or no whitelist is configured. In the following two scenarios, we recommend that you check the whitelist:
The domain name can be pinged, but the telnet operation fails.
If you use redis-cli to connect to the public endpoint of the ApsaraDB for Redis instance from the on-premises device, the
(error) ERR illegal addressor(error) ERR client ip is not in whitelisterror message appears.
Common causes
The whitelist is incorrectly configured. The public IP address of the on-premises device is not added to the whitelist.
No whitelist is configured.
Solution
Query the public IP address of the on-premises device.
Linux: Open the CLI, enter the
curl ifconfig.mecommand, and then press Enter.Windows: Open Command Prompt, enter the
curl ip.mecommand, and then press Enter.macOS: Start Terminal, enter the
curl ifconfig.mecommand, and then press Enter.
Add the retrieved public IP address to the whitelist of the ApsaraDB for Redis instance. For more information, see Configure whitelists.