This topic provides answers to commonly asked questions about remote connection to simple application servers. This topic also provides the troubleshooting procedure for remote connection failures of simple application servers.
Troubleshooting procedure
If you cannot connect to a simple application server, we recommend that you troubleshoot the problem based on the following procedure. The troubleshooting procedure is sorted by the probability of the causes in descending order. We recommend that you go by the sequence to efficiently troubleshoot the problem. If the problem persists after you fix a possible cause, proceed to the next cause until the problem is solved.
Procedure | Operation |
Check whether the server status is normal. | Only simple application servers that are in the Running state allow you to log on.
For information about how to view the status of a server, see View the information of a simple application server. |
Check whether the logon credentials are valid. | Make sure that you use a valid username and password or use a valid key pair to log on to the server.
|
Check whether the port configurations are correct. | Check whether the logon port is enabled on the firewall. The default logon port is port 22 for Linux servers and port 3389 for Windows servers. If the corresponding port is not enabled, enable it. For more information, see Manage the firewall of a simple application server. |
Check whether the firewall is enabled. | If the server runs a Windows OS, disable the firewall. |
Check whether the server is deployed outside the Chinese mainland. | If you are in the Chinese mainland and attempt to connect to a simple application server in a region outside the Chinese mainland, latency and packet loss may occur, which makes the server inaccessible. This is a problem with the Internet service providers and cannot be solved on the server. For more information, see What do I do if I am prompted that the connection has timed out when I connect to a simple application server deployed outside the Chinese mainland? |
Check whether the network is stable. | Use an on-premises host in another network environment to connect to the simple application server, or use another wireless network such as a mobile phone hotspot to test the access. This measure can help you find out whether the connection fails due to a local network problem. If the problem is not caused by the local network, perform further checks. If the local network causes the connection failure, we recommend that you contact the local network provider to solve the problem. |
Check whether the server is overloaded. | If the utilization of disks, disk BPS, bandwidth, or vCPUs of a simple application server is excessive, you may fail to log on to the server. To solve the problem, perform the following operations:
|
Check whether an antivirus software blocks the connection. | Third-party antivirus software may cause the failure of connection to the simple application server.
|
Check whether the server is infected by viruses such as mining viruses. | If blackhole filtering is triggered for the public IP address of the simple application server due to attacks, you can manually deactivate blackhole filtering and try the connection again. For more information, see Blackhole filtering policy of Alibaba Cloud. |
Check whether the Remote Desktop Protocol (RDP) of the server is enabled. | If the simple application server runs a Windows OS, check whether the RDP is enabled. If the RDP is disabled, enable it. For more information, see How do I troubleshoot the failure to connect to a Windows server while no error message appears? |
Check whether the system reports an error message about the connection. | Troubleshoot the problem based on the specific error message. For more information, see FAQ navigation. |
If the problem persists after you take the preceding measures, submit a ticket to obtain technical support.
FAQ navigation
Common issues about connections
Failure to connect to a Linux server
What do I do if the connection to a Linux server fails when SELinux is enabled on the Linux server?
You can also use Elastic Compute Service (ECS) connection solutions to troubleshoot problems. For more information, see What do I do if I cannot connect to a Linux instance?
Failure to connect to a Windows server
What do I do if I am prompted that the connection has timed out when I connect to a simple application server deployed outside the Chinese mainland?
If you are in the Chinese mainland and attempt to connect to a simple application server in a region outside the Chinese mainland, latency and packet loss may occur, which makes the server inaccessible. This is a problem with the Internet service providers and cannot be solved on the server. For information about the regions where Simple Application Server is supported, see Regions and network connectivity. You can use one of the following methods to solve this problem:
If the network inaccessibility problem is not a consistent problem, you can change the local network environment or try to connect to the server later.
If your server is not required to be deployed outside the Chinese mainland, we recommend that you request a refund for your server and purchase a server deployed in the Chinese mainland.
NoteIf you cannot request refunds for servers, submit a ticket.
How do I apply for unlocking the public IP address of the server?
If a server is locked due to infection by mining viruses or due to attacks, you can apply for unlocking the server. To apply for unlocking servers, go to the Penalties page in the Security Center console.
You can apply for unlocking servers in your account only once.
Within three days after a server is unlocked, the server is automatically checked. If a mining program is detected on the server again, the server is locked and cannot be unlocked.
After the server is unlocked, back up the data on the server at your earliest opportunity.
Why am I prompted that the connection is rejected when I fail to connect to my server?
This may be caused by one of the following issues. Fix the corresponding issue.
The remote service that corresponds to SSH or RDP is not enabled on the server.
Ports used for remote connection, such as SSH port 22 and RDP port 3389, are not enabled on the server.
Why am I prompted that the logon username or password is invalid when I fail to connect to the server?
This may be caused by one of the following issues. Fix the corresponding issue.
The username or password that you entered is invalid. The username is root for Linux servers and administrator for Windows servers.
The logon password that you entered is invalid. If you forget the logon password, you can reset the password. For more information, see Set or reset server passwords.
If you log on to a Windows server as a non-administrator user, the user must belong to the Remote Desktop Users group.
Why does the error message "An error occurred. Try again later" appear when I connect to the simple application server by using Virtual Network Console (VNC) or the workbench?
When you connect to the simple application server on the server card, the error message "An error occurred. Try again later" appears. 
To troubleshoot the issue, perform the following operations:
Connect to the server by using a third-party tool such as PuTTY.
Run the following command to check whether the SSH public key file authorized_keys exists:
cd /home/admin/.ssh/ llIf the SSH public key file does not exist, submit a ticket to obtain the SSH public key information, and restore the SSH public key file. Procedure:
Run the following command to restore the SSH public key file:
mkdir -p /home/admin/.ssh vim /home/admin/.ssh/authorized_keysPaste the public key information into the SSH public key file and save the file.
Run the following command to change the file group:
chown -R admin:admin /home/admin
If the SSH public key file authorized_keys exists, run the cat /home/admin/.ssh/authorized_keys command, copy the public key file information, and then submit a ticket that contains the public key file information to the technical support.
Check whether the /etc/sudoers file contains
admin ALL=(ALL) NOPASSWD:ALL.vim /etc/sudoersIf the /etc/sudoers file does not contain admin ALL=(ALL) NOPASSWD:ALL, add
admin ALL=(ALL) NOPASSWD:ALLto the file.Check whether the /home/admin/.ssh/authorized_keys file is granted the 644 permission.
cd /home/admin/.ssh llThe following command output is returned:
[root@iZd3ru25weg**** .ssh]# ll total 0 -rw-r--r-- 1 admin admin 272 Nov 3 10:52 authorized_keysIf the file is not granted the 644 permission, run the chmod 644 authorized_keys command to grant the 644 permission.
Why am I still unable to log on to my simple application server after I change the logon password online?
When a third-party antivirus software is installed on the server, the antivirus software may block the online password change operation, causing the operation to fail. In this case, we recommend that you change the password offline. Alternatively, you can call the UpdateInstanceAttribute API operation to reset the password. Then, you can restart the server and use the new password to log on to it.
What do I do if the connection to a Linux server fails when SELinux is enabled on the Linux server?
For information about how to solve the problem, see An SSH remote connection exception occurs in a Linux instance because the SELinux service is enabled.
If Security-Enhanced Linux (SELinux) is enabled, system security can be enhanced. However, after SELinux is enabled, the files of the operating system are damaged, and failures occur on system startup. We recommend that you enable or disable SELinux appropriately to prevent the system from failing to start up. For more information, see Enable or disable SELinux.
Why am I still unable to log on to my Linux server by using the correct username and password combination?
If the operating system of your server disables password-based logon, you cannot log on to the server even though you use the correct username and password. For information about how to enable password-based logon, see Re-enable password-based logon.
What do I do if an authentication problem occurs when I connect to a Windows server?
This problem may be caused by upgrade patches released by Windows. For information about how to solve the problem, see the following topics:
What do I do if I cannot connect to a Windows server by using the administrator account?
If you configure security policies on your Windows computer to deny logons from terminal services, you cannot use Remote Desktop Connection (RDC) on your Windows computer to connect to a Windows server by using the administrator account. For more information, see What do I do if the message "To sign in remotely, you need the right to sign in through Remote Desktop Services" appears when I connect to a Windows instance by using Remote Desktop?
How do I troubleshoot the failure to connect to a Windows server while no error message appears?
This problem occurs when you use the RDC tool on your Windows computer to connect to a Windows server. This may be because remote connection permissions are not enabled on the Windows server. In this example, Windows Server 2012 R2 64-bit is used to describe how to solve this problem.
Use the Simple Application Server console to connect to the Windows server.
For more information, see Connect to a Windows server.
Open This PC. In the left-side navigation pane, right-click This PC and select Properties.
In the left-side navigation pane of the System page, click Remote settings.
In the Remote Desktop section of the System Properties dialog box, select Allow remote connection to this computer.
Click Apply and then click OK.
After the configurations are complete, you can try to connect to the server again.
What do I do if the "The remote computer that you are trying to connect to requires Network Level Authentication (NLA)" message appears when I connect to a Windows server?
When you use the RDC tool on your Windows computer to connect to a Windows server, the message may be prompted. This may be because the RDC tool on your computer is of an earlier version. In this example, Windows Server 2012 R2 64-bit is used to describe how to solve this problem.
Use the Simple Application Server console to connect to the Windows server.
For more information, see Connect to a Windows server.
Open This PC. In the left-side navigation pane, right-click This PC and select Properties.
In the left-side navigation pane of the System page, click Remote settings.
In the Remote Desktop section of the System Properties dialog box, clear Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended).
Click Apply and then click OK.
After the configurations are complete, you can try to connect to the server again.
What do I do if the "The remote session was disconnected because there are no Remote Desktop client access licenses available for this computer" message appears when I connect to a Windows server?
For information about how to solve the problem, see What do I do if the "The remote session was disconnected because there are no Remote Desktop client access licenses available for this computer" message appears when I connect to a Windows instance by using Remote Desktop?
What do I do if I cannot connect to a Windows server and the server has no Internet access capability?
A possible cause of this problem is that network interface controllers (NICs) are disabled on the Windows server. In this example, Windows Server 2012 R2 64-bit is used to describe how to solve this problem.
Use the Simple Application Server console to connect to the Windows server.
For more information, see Connect to a Windows server.
In the lower-right corner of the desktop, right-click the
network icon and select Open Network and Sharing Center. In the left-side navigation pane, click Change adapter settings.
Find the disabled network, right-click the network, and then select Enable.
After the network is enabled, right-click the network and select Properties.
In the This connection uses the following items section, click Internet Protocol Version 4 (TCP/IPv4) and click Properties.
On the General tab, click Obtain an IP address automatically, click Obtain DNS server address automatically, and then click OK.
After the configurations are complete, you can try to connect to the server again.