What Should I Do If My Windows ECS Cannot Access the Internet?
If you failed to access the Internet on a Windows ECS, following the operations provided in this section for troubleshooting.
- The ECS has not had an EIP bound.
- The EIP exceeds the bandwidth limit.
- The access is blocked by the Internet service provider (ISP).
- The abnormal operation performed on the ECS triggers the security rule that denies the Internet access.
- The security group is incorrectly configured.
- The ECS performance cannot meet service requirements.
- The Internet access request is blocked by the firewall rule configured for the ECS.
- Third-party antivirus software installed on the ECS blocked the Internet access.
- The ECS has been attacked by viruses or Trojan horses.
- The network configuration on the ECS is incorrect.
Perform the following operations for troubleshooting:
- Check whether the ECS has an EIP bound. If not, bind an EIP to it and check whether the fault is rectified.
For instructions about how to bind an EIP, see Binding an EIP.
- Check whether the ECS can access the Internet with the EIP bandwidth.
If accessing the Internet failed, check whether the EIP bandwidth exceeds the bandwidth limit.
For details, see How Do I Check Whether the Bandwidth Exceeds the Limit?
For instructions about how to increase the bandwidth, see Changing an EIP Bandwidth.
- Check whether the fault occurs on specific IP addresses. If so, these IP addresses may be blocked by the ISP.
- On the CLI of the ECS, run the ipconfig /all command to check whether the NIC configuration is correct. Run the ncpa.cpl command to start Network and Sharing Center and check whether the NIC is functional.
- Run the route print command to obtain the routing table of the ECS and check whether the default route of 0.0.0.0 designates to the default gateway.
- Run the ping command to check whether data can be exchanged between the ECS and the gateway.
- Run the ping command to obtain the IP address of the DNS server.
Compare the time required for pinging the DNS server and the time for pinging a specific IP address, and determine whether the DNS server is running properly.
- Run the netstat command to detect SYN-SENT, CLOSE_WAIT, or FIN_WAIT.
If such information is detected, port resources are exhausted. This issue is generally caused by a software bug. To handle this issue, rectify the fault and restart the ECS.
- Check whether the security group of the ECS is correctly configured. If a whitelist is configured for the outbound rules of the security group, the network traffic in the outbound direction is permitted. As shown in Figure 1, all network traffic in the outbound direction is permitted.
For instructions about how to permit a protocol or port, see Configuring Security Group Rules.
- Disable firewall rules for the ECS and check whether the fault is rectified.
If the fault is rectified, check the firewall rules.
- Disable or uninstall the third-party antivirus software on the ECS, and check whether the fault is rectified.