Help Center/ Data Admin Service/ FAQs/ Managing connections/ What Should I Do If I Can't Connect to My RDS for MySQL Instance?
Updated on 2024-07-17 GMT+08:00

What Should I Do If I Can't Connect to My RDS for MySQL Instance?

  1. Error message: Access denied for user 'user_name'@'100.xxx.xx.xx' (using password: YES)
    1. Error cause: The username or password of the RDS instance is incorrect.
      Solution: Check whether the username and password are correct. If you are not sure, log in to the RDS console to reset the password.

      Changing the password may affect services.

      If the username and password are correct, log in to the database using a client or CLI tool and run select * from mysql.user where user = 'user_name' to view the account. Make sure that the DAS CIDR block is within the CIDR block of the user. user_name @ % and user_name @100.% are two different users whose passwords and permissions are independent. Enter the password of user user_name @100.%.

    2. Error cause: The IP address of the DAS server is not in the whitelist of the login user.
      Solution: Log in to the database using the client or CLI tool, and create a user account that can be used to access the database through DAS.
      create user 'user_name'@'100.%' identified by 'password'; 
      grant select on *.* to 'user_name'@'100.%';
      • Ensure that the IP address of the DAS server is in a CIDR block starting with 100. Add the IP address to the whitelist of the login user.
      • Grant permissions to user user_name@100.% based on service requirements.
    3. Error cause: The SSL function is not enabled on the server.

      Solution: Run the following statement to check whether the user is an SSL user. If yes, enable SSL on the RDS instance details page. The user is an SSL user if the ssl_type field has a value.

      select user, host, ssl_type from mysql.user where user = 'user_name';
  2. Error message: Trying to connect with ssl, but ssl not enabled in the server

    Error cause: The SSL function is not enabled on the server.

    Solution: Run the following SQL statement to check whether the user is an SSL user. If yes, enable SSL on the RDS instance details page. The user is an SSL user if the ssl_type field has a value.
    select user, host, ssl_type from mysql.user where user = 'user_name';
  3. Error message: Client does not support authentication protocol requested by server. plugin type was = 'sha256_password'

    Error cause: DAS does not allow you to connect to the database whose password is encrypted with SHA-256.

    Solution: Execute the following SQL statements to change the password encryption method to mysql_native_password.
    alter user 'user_name'@'%' identified with mysql_native_password by 'password';
  4. Error message: Communications link failure The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server

    Error cause: The network between the DAS server and the target instance is disconnected.

    Solution: Submit a work ticket to contact customer service.

  5. Error message: Instance connect timeout, please login again

    Error cause: The connection to the DAS server timed out.

    Solution: Submit a work ticket to contact customer service.

  6. Error information: RSA public key is not available client side (option serverRsaPublicKeyFile not set).
    Error cause: The identity authentication mode of the database user has high requirements on password security. The password transmitted over the network during user authentication must be encrypted.
    • If the connection is an SSL encrypted connection, the SSL certificate and key pair are used to exchange the symmetric encryption key pair (generated in the TSL handshake). Later, the symmetric encryption key pair is used to encrypt the password and data.
    • For a non-SSL encrypted connection, the client uses the RSA public key of the MySQL server to encrypt the user password, and the server uses the RSA private key to decrypt and verify the password. This protects the password against snooping during network transmission.

    Solution: Enable SSL for the instance or change the identity authentication mode of the database user.