Help Center > > FAQs> Network Configurations> Website or Application Access Failures> Troubleshooting a Website Access Error Occurred on an ECS

Troubleshooting a Website Access Error Occurred on an ECS

Updated at: May 06, 2020 GMT+08:00

Scenarios

If an error is displayed when you access a website, identify possible causes based on the error message.

Identify possible causes based on error code description in Returned Values for General Requests.

If the website is inaccessible, the network is disconnected. In such a case, check whether the routing, port, security groups, and system firewall are correctly configured.

Routing Configurations

  • Linux
    1. Run the route command to check the routing policy. Ensure that the default route of 0.0.0.0 is destined for the gateway and that the IP address and the gateway are in the same network segment, as shown in the first and third lines in the following figure.

    2. Run the ifconfig or ip addr command to obtain the ECS IP address.
      Figure 1 ifconfig command output
      Figure 2 ip addr command output
    3. Run the route -n command to obtain the gateway in the routing table.
      Figure 3 route -n command output
  • Windows
    1. Run cmd.exe.
    2. Run the ipconfig command to obtain the ECS IP address.
      Figure 4 ipconfig command output
    3. Run the route print command to obtain the gateway in the routing table.
      Figure 5 route print command output

Port Communication

Ensure that service processes and ports are in LISTEN state. The following table lists common TCP statuses.

TCP Status

Description

Application Scenario

LISTEN

Listens for network connection requests from a remote TCP port.

The TCP server is running properly.

ESTABLISHED

Indicates that a connection has been set up.

A TCP connection is properly set up.

TIME-WAIT

Waits until the remote TCP server receives the acknowledgement after sending a disconnection request.

The TCP connection is disconnected, and this state is cleared in 1 minute.

CLOSE-WAIT

Waits for a disconnection request sent by a local user.

An application program fault leads to an open socket. This state is displayed after the network is disconnected, indicating that a process is in a dead cycle or waiting for certain requirements to be met. To resolve this issue, restart the affected process.

FIN-WAIT-2

Waits for the network disconnection request from a remote TCP server.

The network has been disconnected and requires 12 minutes to automatically recover.

SYN-SENT

Waits for the matched network connection request after a network connection request is sent.

The TCP connection request failed, which is generally caused by the delayed handling of high CPU usage on the server or by a DDoS attack.

FIN-WAIT-1

Waits for the remote TCP disconnection request, or the acknowledgement for previous disconnection request.

If the network has been disconnected, this state may not automatically recover after 15 minutes. If the port has been used for a long period of time, restart the OS to resolve this issue.

  • Linux
    1. Run the netstat -antp command to check whether the port is in LISTEN state.
      Figure 6 Checking port listening status
  • Windows

    Perform the following operations to check port communication:

    1. Run cmd.exe.
    2. Run the Tasklist /svc | findstr "Ter" command to obtain the TermService PID.
      Figure 7 Checking the TermService PID
    3. Run the netstat -ano | findstr "PID" command to obtain the PID used by the process.
      Figure 8 Checking the PID used by the process

Security Group Rules

If the port used by the target website or remote connection tool is denied in the security group, add a rule to the security group to allow the access of the port.
  1. Log in to the management console.
  2. Under Computing, click Elastic Cloud Server.
  3. In the ECS list, click the name of the ECS with security group rules to be modified.
  4. Click the Security Groups tab and view security group rules.
  5. Click Modify Security Group Rule.
  6. Configure the rule to allow the access of the port used by the website.

Firewall Configurations

  • A Linux ECS cannot be logged in using SSH, and the login is successful after the system firewall is disabled.
    1. Run the iptables -nvL --line-number command to obtain firewall policies.
    2. Run the following commands to allow the access of default SSH port 22:

      iptables -A INPUT -p tcp --dport 22 -j ACCEPT

      iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

    3. Run the service iptables save command to save the added rules.
    4. Run the service iptables restart command to restart iptables.
    5. Run the iptables -nvL --line-number command to check whether the added rules have taken effect.
    6. Use SSH to access the ECS again.
  • A Windows ECS cannot be remotely logged in, and the login is successful after the OS firewall is disabled.
    1. Modify the firewall policy so that the remote access port on the local end is allowed on the firewall. The default port is TCP 3389.
    2. After the firewall policy is modified, log in to the ECS again.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel