Help Center > > FAQs> Network Configurations> Website or Application Access Failures> What Should I Do If My Windows ECS Cannot Access the Internet?

What Should I Do If My Windows ECS Cannot Access the Internet?

Updated at: Mar 17, 2020 GMT+08:00

If you failed to access the Internet on a Windows ECS, following the operations provided in this section for troubleshooting.

Possible Causes

  • The ECS has not had an EIP bound.
  • The EIP exceeds the bandwidth limit.
  • The access is blocked by the Internet service provider (ISP).
  • The abnormal operation performed on the ECS triggers the security rule that denies the Internet access.
  • The security group is incorrectly configured.
  • The ECS performance cannot meet service requirements.
  • The Internet access request is blocked by the firewall rule configured for the ECS.
  • Third-party antivirus software installed on the ECS blocked the Internet access.
  • The ECS has been attacked by viruses or Trojan horses.
  • The network configuration on the ECS is incorrect.

Solution

Perform the following operations for troubleshooting:

  1. Check whether the ECS has an EIP bound. If not, bind an EIP to it and check whether the fault is rectified.

    For instructions about how to bind an EIP, see Binding an EIP.

  2. Check whether the ECS can access the Internet with the EIP bandwidth.

    If accessing the Internet failed, check whether the EIP bandwidth exceeds the bandwidth limit.

    For details, see How Do I Check Whether the Bandwidth Exceeds the Limit?

    For instructions about how to increase the bandwidth, see Changing an EIP Bandwidth.

  3. Check whether the fault occurs on specific IP addresses. If so, these IP addresses may be blocked by the ISP.
  4. On the CLI of the ECS, run the ipconfig /all command to check whether the NIC configuration is correct. Run the ncpa.cpl command to start Network and Sharing Center and check whether the NIC is functional.
  5. Run the route print command to obtain the routing table of the ECS and check whether the default route of 0.0.0.0 designates to the default gateway.
  6. Run the ping command to check whether data can be exchanged between the ECS and the gateway.
  7. Run the ping command to obtain the IP address of the DNS server.

    Compare the time required for pinging the DNS server and the time for pinging a specific IP address, and determine whether the DNS server is running properly.

  8. Run the netstat command to detect SYN-SENT, CLOSE_WAIT, or FIN_WAIT.

    If such information is detected, port resources are exhausted. This issue is generally caused by a software bug. To handle this issue, rectify the fault and restart the ECS.

  9. Check whether the security group of the ECS is correctly configured. If a whitelist is configured for the outbound rules of the security group, the network traffic in the outbound direction is permitted. As shown in Figure 1, all network traffic in the outbound direction is permitted.

    For instructions about how to permit a protocol or port, see Configuring Security Group Rules.

    Figure 1 Permitting all network traffic in the outbound direction
  10. Disable firewall rules for the ECS and check whether the fault is rectified.

    If the fault is rectified, check the firewall rules.

  11. Disable or uninstall the third-party antivirus software on the ECS, and check whether the fault is rectified.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel