Help Center> Relational Database Service> FAQs> Database Connection> What Should I Do If I Fail to Connect to an RDS DB Instance?
View PDF

What Should I Do If I Fail to Connect to an RDS DB Instance?

Possible Causes

Locate the fault from the following aspects:

  1. Check whether the DB instance is available.

    For example, if the system is faulty, the DB instance is abnormal, or the DB instance or a table is locked.

  2. (Common) Check whether the client connection is correct.
    • If you connect to a DB instance over a private network, ensure that the DB instance and ECS are in the same region and VPC.
    • If you connect to a DB instance over a public network, bind an EIP to the DB instance and then connect to the DB instance through the EIP.
  3. Check the connection method.

    Run either of the following example commands to connect to the DB instance:

    • SSL enabled: mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem
    • SSL disabled: mysql -h 172.16.0.31 -P 3306 -u root -p
  4. Check whether the parameters in the connection command are correct.

    Check whether the following parameters are configured correctly: connection address, port number, username, password, and connection method.

  5. (Common) Check whether the network connectivity is normal.

    For private network connection:

    1. Check whether the ECS and DB instance are in the same region and VPC.
    2. Check security group rules.

      To access DB instances in a different security group from the ECS, add an inbound rule for the security group.

    3. On the ECS, check whether the DB instance port can be connected.

    For public network connection

    1. Check security group rules.

      To access DB instances in a security group from a public network, add an inbound rule for the security group.

    2. Check network ACL rules.
    3. Ping the ECSs in the same region to the DB instance.
  6. (Common) Check whether the number of connections to the DB instance reaches the upper limit.

    If there is an excessive number of database connections, applications may fail to be connected.

  7. (Common) Check whether the DB instance is in the Storage full state.

    If the DB instance is in the Storage full state, data read and write performance is affected.

  8. View the common connection error messages

    Find corresponding solutions based on connection error messages.

Fault Locating

Figure 1 Locating instance connection failures
  1. Check whether the DB instance is available.

    Check method: Check whether the DB instance is in the Available state.

    Possible cause: The RDS system is faulty, the DB instance is abnormal, or the DB instance or a table is locked.

    Solution: If the DB instance is abnormal, reboot it.

    Figure 2 Checking DB instance status

  2. Check whether the client connection is correct.

    You are advised to install an engine client whose version is later than or equal to the DB instance version.

    For details about how to connect to a DB instance over a private or public network, see Can an External Server Access the RDS Database?

    Table 1 Connection model

    Connect Through

    Scenarios

    Example

    Private network

    A floating IP address is provided by default.

    If your applications are deployed on an ECS that is in the same region and VPC as the DB instance, you are advised to connect to the ECS and DB instance through a floating IP address.

    Take MySQL as an example:

    mysql -h < floating IP address > -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

    Public network

    If you cannot access the DB instance over a private (floating) IP address, you are advised to bind an EIP to the DB instance and then connect to the DB instance through the EIP.

    For EIP pricing details, see EIP billing details.

    Take MySQL as an example:

    mysql -h < EIP> -P 3306 -u root -p --ssl-ca=/tmp/ca.pem
  3. Check the connection method.
    • SSL connection is recommended. Enable SSL on the Connection Management page and upload the certificate to the ECS.

      mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem

      Figure 3 Enabling SSL
    • Common connection: Disable SSL on the Connection Management page.

      mysql -h 172.16.0.31 -P 3306 -u root -p

  4. Check whether the parameters in the connection command are correct.

    Ensure that the connection address, port, username and password are correct, and try to connect to the DB instance again.

    If you use a private connection with SSL enabled, run the following example command: mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=/tmp/ca.pem. Obtain the parameters as follows:

    • Floating IP Address

      On the Private Connection tab of the Connection Management page, obtain the floating IP address in the Connection Information area.

      Figure 4 Floating IP address
    • Database Port

      On the Private Connection tab of the Connection Management page, obtain the database port in the Connection Information area.

    • Username and password

      Enter the username and password of the root user.

    • Certificate

      Obtain the SSL certificate name from the directory where the command is executed.

    If you use a public connection with SSL enabled, run the following example command: mysql -h EIP -P 3306 -u root -p --ssl-ca=/tmp/ca.pem. Obtain the parameters as follows:

    • EIP

      On the Public Connection tab of the Connection Management page, obtain the EIP in the Connection Information area.

      Figure 5 EIP
    • Database Port

      On the Public Connection tab of the Connection Management page, obtain the database port in the Connection Information area.

    • Username and password

      Enter the username and password of the root user.

    • Certificate

      Obtain the SSL certificate name from the directory where the command is executed.

  5. Check whether the network connection is normal.
    Private network connection
    1. Check whether the ECS and DB instance are in the same region and VPC.
    2. Check security group rules.

      To access DB instances in a different security group from the ECS, add an inbound rule for the security group.

    3. On the ECS, check whether the DB instance port can be connected.
      telnet <IP address> <port number>
      • If the connection is normal, the network is normal.
      • If the connection fails, create a service ticket to customer service for assistance.

    Public network connection

    1. Check security group rules.

      To access DB instances in a different security group from the ECS, add an inbound rule for the security group.

    2. Check network ACL rules.
      1. Go to the Network ACLs.
      2. Check whether the NIC bound to the EIP is in the subnet associated with the network ACL.
      3. Check whether the network ACL is enabled.

        If the network ACL is enabled, add an ICMP rule to allow traffic.

      The default network ACL rule denies all inbound and outbound packets. After the network ACL is disabled, the default rule still takes effect.

    3. Ping the ECSs in the same region to the DB instance.

      If you cannot ping the EIP on the original ECS, select another ECS in the same region and ping the EIP again. If the ping is successful, the network is normal. If the ping failed, create a service ticket.

  6. Check whether the number of connections to the DB instance reaches the upper limit.

    Check method: Check whether the total connections and current active connections have reached the upper limit by referring to View monitoring metrics. If the maximum number of database connections specified in What Is the Maximum Number of Connections to an RDS DB Instance? has been reached, release unnecessary connections.

    Possible cause: If there are excessive database connections, applications may fail to be connected, and the full and incremental backups may fail, affecting service running.

    Solution:
    1. Check whether applications are connected, optimize the connections, and release unnecessary connections.
    2. Check whether any metrics are abnormal and whether any alarms are generated on the Cloud Eye console. Cloud Eye monitors database metrics, such as the CPU usage, memory usage, storage space usage, and database connections, and allows you to set alarm policies to identify risks in advance if any alarms are generated. For details about supported monitoring metrics, see Configuring Displayed Metrics.
    3. If the DB instance specifications are too small, scale to larger specifications. For details, see Changing DB Instance Specifications.
  7. (Common) Check whether the DB instance is in the Storage full state.
    Check method: View the storage space usage on the RDS console or Cloud Eye.
    • On the RDS console

      Click a DB instance to go to the Basic Information page. In the Storage Space area, view the storage space usage.

      Figure 6 Storage space usage
    • On Cloud Eye

      Locate a DB instance and click View Metric in the Operation column. On the displayed page, view the storage space usage.

    Possible cause: When the DB instance status is Storage full, the DB instance needs to preserve at least 15% of its capacity to work properly.

    Solution:

    1. As your service data grows, the original storage space may be insufficient. You are advised to scale up storage space.

      For operation details, see Scaling Up Storage Space.

    2. Shorten the local retention period of binlogs.

      For operation details, see Setting a Local Retention Period for MySQL Binlogs.

    3. Process expired data files in a timely manner.
    4. Check whether any metrics are abnormal and whether any alarms are generated on the Cloud Eye console. Cloud Eye monitors database metrics, such as the CPU usage, memory usage, storage space usage, and database connections, and allows you to set alarm policies to identify risks in advance if any alarms are generated.

      For details about supported monitoring metrics, see Configuring Displayed Metrics.

  8. View common connection error messages.

    When you run commands to connect to a DB instance, the possible errors and and solutions are provided in the following:

    • ERROR 2013: Lost connection to MySQL server during query

      If the values of wait_timeout and interactive_timeout are too small, MySQL client will automatically disconnect the timeout empty connection. For details, see MySQL Client Automatically Disconnected from a DB Instance.

    • ERROR 1045 (28000): Access denied for user 'root'@'192.168.0.30' (using password:YES)

      Check whether the password is correct, whether the ECS has the permission to connect to the DB instance, and whether the MySQL client can ping the DB instance's floating IP address. For details, see MySQL DB Instance Inaccessible.

    • ERROR 1226 (42000): User 'test' has exceeded the 'max_user_connections' resource (current value:10)

      Check whether the number of connections to the DB instance is limited. For details, see MySQL DB Instance Inaccessible.

    • ERROR 1129 (HY000): Host '192.168.0.111' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'

      Check whether the number of failed MySQL client connection attempts (not caused by incorrect passwords) exceeds the value of max_connection_errors. For details, see MySQL DB Instance Inaccessible.

    • [Warning] Access denied for user 'username'@'yourIp' (using password: NO)

      If this error message is displayed when you attempt to connect to a MySQL or PostgreSQL DB instance, check whether the username or password is correct.

    • [Warning] Access denied for user 'username'@'yourIp' (using password: YES)

      If this error message is displayed when you attempt to connect to a MySQL or PostgreSQL DB instance, check whether the username or password is correct.

    • Login failed for user 'username'

      If this error message is displayed when you attempt to connect to a Microsoft SQL Server DB instance, check whether the username or password is correct.

  9. If the problem persists, create a service ticket.
Parent topic: Database Connection