Help Center > > FAQs> Network Configurations> Website or Application Access Failures> Why Does My Windows ECS Fail to Access the Internet?

Why Does My Windows ECS Fail to Access the Internet?

Updated at: Sep 02, 2021 GMT+08:00

Symptom

You attempt to access the Internet on your Windows ECS, but Internet access fails.

Fault Locating

The following fault causes are sequenced based on their occurrence probability.

If the fault persists after you have ruled out a cause, check other causes.

Figure 1 Fault locating
Table 1 Possible causes and solutions

Possible Cause

Solution

The ECS is frozen or stopped, or has no EIP bound.

Check whether the ECS is running and has an EIP bound. For details, see Checking the ECS Status.

The ECS is overloaded.

Check whether the bandwidth and vCPU usage of the ECS are too high. For details, see Checking Whether the ECS Is Overloaded.

The EIP bandwidth exceeds the bandwidth limit.

Increase the bandwidth and try again. For details, see Checking Whether the EIP Bandwidth Exceeded the Limit.

The access is blocked by the ISP.

Check whether you can access the ECS using another hotspot or network. For details, see Checking Whether the ISP Network Is Functional.

The network configuration on the ECS is incorrect.

Check whether the NIC and DNS configurations are correct. For details, see Checking the NIC Configuration.

Routing is incorrectly configured.

Check whether the default route of 0.0.0.0 designates to the default gateway. For details, see Checking Whether the Default Route Is Destined for the Default Gateway.

The security group is incorrectly configured.

Check whether the security group allows the network traffic in the outbound direction. For details, see Checking Whether the Security Group Is Correctly Configured.

A network ACL has been associated with the ECS.

Disassociate the network ACL with the ECS and try again. For details, see Checking ACL Rules.

The website you want to visit is outside the Chinese Mainland.

Optimize the website link configurations and try again. For details, see Checking Whether the Website to Be Visited Is Outside the Chinese Mainland.

(Applicable to access to websites outside the Chinese mainland)

The EIP is blocked.

If the EIP is blocked, the ECS cannot access the Internet. For details, see Checking Whether the EIP Is Blocked.

The access is blocked by the firewall.

Disable the firewall and try again. For details, see Checking the Firewall Configuration.

The gateway is inaccessible.

Run the ping command to check whether the DNS server is running properly. For details, see Checking Whether the Gateway Is Accessible.

The ECS performance cannot meet service requirements.

Run the netstat command to check the network connection status. For details, see Checking the ECS Performance.

The access is blocked by third-party antivirus software.

Disable or uninstall the third-party antivirus software and try again. For details, see Checking Whether the Access Is Blocked by Antivirus Software.

The ECS has been attacked by viruses or Trojan horses.

Check whether the ECS is affected by viruses or Trojan horses. For details, see Checking the ECS Security Status.

Checking the ECS Status

  • Check whether the ECS is in the Running state on the management console.
  • Check whether an EIP has been bound to the ECS.

    An ECS can access the Internet only if it has an EIP bound.

    For details about how to bind an EIP to the ECS, see Assigning an EIP and Binding It to an ECS.

Checking Whether the ECS Is Overloaded

If the bandwidth and CPU usage of an ECS are too high, the network may be disconnected.

If you have created an alarm rule using Cloud Eye, the system will automatically send an alarm notification to you when the bandwidth or CPU usage reaches the threshold specified in the rule.

To handle this issue, perform the operations described in Why Is My Linux ECS Running Slowly?.

Checking Whether the EIP Bandwidth Exceeded the Limit

An ECS with an EIP bound accesses the Internet using the bandwidth configured for the EIP.

If Internet access fails, check whether the EIP bandwidth exceeds the bandwidth limit.

For details, see How Do I Check Whether the Bandwidth Exceeds the Limit?

For instructions about how to increase the bandwidth, see Changing an EIP Bandwidth.

Checking Whether the ISP Network Is Functional

Check whether the fault occurs for a specific IP address. If so, the IP address may be blocked by the ISP.

Try another hotspot for access. If the access is successful, the fault may lie in the local carrier network. Contact the carrier to resolve this issue.

Checking the NIC Configuration

  • Check whether the NIC and DNS configurations on the ECS are consistent with those displayed on the ECS management console.
    1. On the CLI of the ECS, run the ipconfig /all command to check whether the NIC and DNS configurations are correct, as shown in Figure 2.
      Figure 2 NIC and DNS configurations
    1. Log in to the management console. On the ECS list page, click the name of the target ECS.
    2. On the page providing details about the ECS, click the VPC name.
      Figure 3 ECS details page
    3. On the VPC list page, click the number displayed in the Subnets column.
    4. On the subnet list page, click the name of the target subnet. The subnet details page is displayed, as shown in Figure 4.
      Figure 4 Subnet details
  • Open the cmd window, run the ncpa.cpl command to start Network and Sharing Center, and check whether the NIC is functional.
    Figure 5 NIC status

Checking Whether the Default Route Is Destined for the Default Gateway

Run the route print command to obtain the routing table of the ECS and check whether the default route of 0.0.0.0 is destined for the default gateway.

Figure 6 Default route settings

Checking Whether the Security Group Is Correctly Configured

Check whether the security group of the ECS is correctly configured. If an allowlist is configured for the outbound rules of the security group, the network traffic in the outbound direction is permitted.

As shown in Figure 7, all network traffic in the outbound direction is permitted.

For instructions about how to permit a protocol or port, see Configuring Security Group Rules.

Figure 7 Permitting all network traffic in the outbound direction

Checking ACL Rules

By default, no ACL rules are configured for a VPC. If a network ACL is associated with a VPC, check the ACL rules.

  1. Check whether the subnet of the ECS has been associated with a network ACL.

    If an ACL name is displayed, the network ACL has been associated with the ECS.

    Figure 8 Network ACL
  2. Click the ACL name to view its status.
    Figure 9 Enabled network ACL
  3. Disassociate the network ACL from the subnet of the ECS.
    On the page providing details about the network ACL, choose Associated Subnets > Disassociate.
    Figure 10 Disassociating a Network ACL

    The default network ACL rule denies all incoming and outgoing packets. If a network ACL is disabled, the default rule is still effective.

  4. Try to access the Internet through the ECS again.

Checking Whether the Website to Be Visited Is Outside the Chinese Mainland

Websites outside the Chinese mainland may not be accessible or respond slowly when accessed through an ECS. This is because access of a DNS server outside the Chinese Mainland is slow.

If you are required to access websites outside the Chinese Mainland, purchase an ECS in a region outside the Chinese Mainland.

To speed up the access to a website outside the Chinese Mainland, see Troubleshooting Slow Access of a Website Outside the Chinese Mainland over an ECS.

Checking Whether the EIP Is Blocked

IP address blocking indicates that all traffic is destined to a null route. If the EIP is blocked, the ECS cannot access the Internet.

Generally, blocked EIPs will be automatically unblocked after 24 hours if no subsequent attack occurs.

It is recommended that you use Advanced Anti-DDoS to prevent attacks.

Checking the Firewall Configuration

Disable firewall rules for the ECS and check whether the fault is rectified.

If the fault is rectified, check the firewall rules.

  1. Log in to the Windows ECS.
  2. Click the Windows icon in the lower left corner of the desktop and choose Control Panel > System and Security > Windows Firewall.
    Figure 11 Windows Firewall
  3. Choose Check firewall status > Turn Windows Firewall on or off.

    View and set the firewall status.

    Figure 12 Turn off Windows Firewall

Checking Whether the Gateway Is Accessible

  1. Run the ping command to check whether data can be exchanged between the ECS and the gateway.

    Use an IP address in a different network segment to ping the gateway to check network connections.

  2. Run the ping command to obtain the IP address of the DNS server.

    Compare the time required for pinging the DNS server and the time for pinging a specific IP address, and determine whether the DNS server is running properly.

Checking the ECS Performance

Run the netstat command to detect SYN-SENT, CLOSE_WAIT, or FIN_WAIT.

If such information is detected, port resources are exhausted. This issue is generally caused by a software bug. To handle this issue, rectify the fault and restart the ECS.

Figure 13 Checking network connection

Checking Whether the Access Is Blocked by Antivirus Software

Disable or uninstall the third-party antivirus software on the ECS, and check whether the fault is rectified.

Checking the ECS Security Status

Check the ECS security status and determine whether the ECS is affected by viruses or Trojan horses.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel