Help Center/ Elastic Cloud Server/ FAQs/ Internet Inaccessible FAQ/ Why Can't My Windows ECS Access the Internet?
Updated on 2024-09-29 GMT+08:00

Why Can't My Windows ECS Access the Internet?

Symptom

Your attempt to access the Internet from your Windows ECS failed.

Fault Locating

The following fault causes are sequenced based on their occurrence probability.

If the fault persists after you have ruled out a cause, check other causes.

Table 1 Possible causes and solutions

Possible Cause

Solution

The ECS is frozen or stopped, or has no EIP bound.

Check whether the ECS is in Running state and has an EIP bound. For details, see Checking the ECS Status.

The ECS is overloaded.

Check whether the bandwidth and vCPU usage of the ECS are too high. For details, see Checking Whether the ECS Is Overloaded.

The EIP bandwidth exceeds the limit.

Increase the bandwidth and try again. For details, see Checking Whether the EIP Bandwidth Exceeded the Limit.

The access is blocked by the ISP.

Check whether you can access the ECS using another hotspot or network. For details, see Checking Whether the ISP Network Is Functional.

The network configuration on the ECS is incorrect.

Check whether the NIC and DNS configurations are correct. For details, see Checking the NIC Configuration.

Routing is incorrectly configured.

Check whether the default route of 0.0.0.0 designates to the default gateway. For details, see Checking Whether the Default Route Is Destined for the Default Gateway.

The security group is incorrectly configured.

Check whether the security group allows the network traffic in the outbound direction. For details, see Checking Whether the Security Group Is Correctly Configured.

A network ACL has been associated with the ECS.

Disassociate the network ACL with the ECS and try again. For details, see Checking ACL Rules.

The website you want to visit is outside the Chinese mainland.

Optimize the website link configurations and try again. For details, see Checking Whether the Website to Be Visited Is Outside the Chinese Mainland.

(This solution is used when you intend to access the websites outside the Chinese mainland.)

The EIP is blocked.

If the EIP is blocked, the ECS cannot access the Internet. For details, see Checking Whether the EIP Is Blocked.

The access is blocked by the firewall.

Disable the firewall and try again. For details, see Checking the Firewall Configuration.

The gateway is inaccessible.

Run the ping command to check whether the DNS server is running properly. For details, see Checking Whether the Gateway Is Accessible.

The ECS performance cannot meet service requirements.

Run the netstat command to check the network connection status. For details, see Checking the ECS Performance.

The access is blocked by third-party antivirus software.

Disable or uninstall the third-party antivirus software and try again. For details, see Checking Whether the Access Is Blocked by Antivirus Software.

The ECS has been attacked by viruses or Trojan horses.

Check whether the ECS is affected by viruses or Trojan horses. For details, see Checking the ECS Security Status.

Checking the ECS Status

  • Check whether the ECS is in the Running state on the management console.
  • Check whether an ECS has an EIP bound.

    An ECS can access the Internet only if it has an EIP bound.

    For details about how to bind an EIP to the ECS, see Assigning an EIP.

Checking Whether the ECS Is Overloaded

If the bandwidth and CPU usage of an ECS are too high, the network may be disconnected.

If you have created an alarm rule in Cloud Eye, the system automatically sends an alarm notification to you when the bandwidth or CPU usage reaches the threshold specified in the rule.

To resolve this issue, perform the operations described in Why Is My Windows ECS Running Slowly?

Checking Whether the EIP Bandwidth Exceeded the Limit

An ECS with an EIP bound accesses the Internet using the bandwidth configured for the EIP.

If Internet access fails, check whether the EIP bandwidth exceeds the limit.

Check whether the bandwidth exceeds the configured bandwidth size. For details, see How Do I Know If My EIP Bandwidth Limit Has Been Exceeded?

If the bandwidth exceeds the limit, increase the bandwidth. For details, see Changing an EIP Bandwidth.

Checking Whether the ISP Network Is Functional

Check whether the fault occurs for a specific IP address. If so, the IP address may be blocked by the ISP.

Try another hotspot for access. If the access is successful, the fault may lie in the local carrier network. Contact the carrier to resolve this issue.

Checking the NIC Configuration

  • Check whether the NIC and DNS configurations on the ECS are consistent with those displayed on the ECS management console.
    1. On the CLI of the ECS, run the ipconfig /all command to check whether the NIC and DNS configurations are correct, as shown in Figure 1.
      Figure 1 NIC and DNS configurations
    1. Log in to the management console. On the ECS list page, click the name of the target ECS.
    2. On the page providing details about the ECS, click the VPC name.
      Figure 2 ECS details page
    3. On the VPC list page, click the number displayed in the Subnets column.
    4. On the subnet list page, click the name of the target subnet. The subnet details page is displayed , as shown in Figure 3.
      Figure 3 Subnet details
  • Open the cmd window, run the ncpa.cpl command to start Network and Sharing Center, and check whether the NIC is functional.
    Figure 4 NIC status

Checking Whether the Default Route Is Destined for the Default Gateway

Run the route print command to obtain the routing table of the ECS and check whether the default route of 0.0.0.0 is destined for the default gateway.

Figure 5 Default route settings

Checking Whether the Security Group Is Correctly Configured

Check whether the security group of the ECS is correctly configured. If an allowlist is configured for the outbound rules of the security group, the network traffic in the outbound direction is permitted.

As shown in Figure 6, all network traffic in the outbound direction is permitted.

For instructions about how to permit a protocol or port, see Configuring Security Group Rules.

Figure 6 Permitting all network traffic in the outbound direction

Checking ACL Rules

By default, no ACL rules are configured for a VPC. If a network ACL is associated with a VPC, check the ACL rules.

  1. Check whether the subnet of the ECS has been associated with a network ACL.

    If an ACL name is displayed, the network ACL has been associated with the ECS.

    Figure 7 Network ACL
  2. Click the ACL name to view its status.
    Figure 8 Enabled network ACL
  3. Disassociate the network ACL from the subnet of the ECS.
    On the page providing details about the network ACL, choose Associated Subnets > Disassociate.
    Figure 9 Disassociating a network ACL

    The default network ACL rule denies all incoming and outgoing packets. If a network ACL is disabled, the default rule is still effective.

  4. Try to access the Internet through the ECS again.

Checking Whether the Website to Be Visited Is Outside the Chinese Mainland

Websites outside the Chinese mainland may not be accessible or respond slowly when you access them through an ECS. This is caused by the slow access of a DNS server outside the Chinese mainland.

If you intend to access websites outside the Chinese mainland, select a region according to the website when purchasing an ECS.

To speed up the access to a website outside the Chinese mainland, see Why Accessing a Website Outside the Chinese Mainland Is Slow on an ECS?

Checking Whether the EIP Is Blocked

IP address blocking indicates that all traffic is destined to a null route. If the EIP is blocked, the ECS cannot access the Internet.

Generally, blocked EIPs will be automatically unblocked after 24 hours if no subsequent attack occurs.

It is recommended that you use Advanced Anti-DDoS (AAD) to prevent attacks.

Checking the Firewall Configuration

Disable firewall rules for the ECS and check whether the Internet connection is restored.

If the connection is restored, check the firewall settings.

  1. Log in to the Windows ECS.
  2. Click the Windows icon in the lower left corner of the desktop and choose Control Panel > System and Security > Windows Firewall.
    Figure 10 Windows Firewall
  3. Choose Check firewall status > Turn Windows Firewall on or off.

    View and set the firewall status.

    Figure 11 Turn off Windows Firewall

Checking Whether the Gateway Is Accessible

  1. Run the ping command to check whether data can be exchanged between the ECS and the gateway.

    Use an IP address in a different network segment to ping the gateway to check network connections.

  2. Run the ping command to obtain the IP address of the DNS server.

    Compare the time required for pinging the DNS server and the time for pinging a specific IP address, and determine whether the DNS server is running properly.

Checking the ECS Performance

Run the netstat command to check whether SYN-SENT, CLOSE_WAIT, or FIN_WAIT is found.

If any of them is found, port resources are used up. This issue is generally caused by a software bug. After the bug is fixed, restart the ECS.

Figure 12 Checking network connection

Checking Whether the Access Is Blocked by Antivirus Software

Disable or uninstall the third-party antivirus software on the ECS, and check whether the fault is rectified.

Checking the ECS Security Status

Check the ECS security status and determine whether the ECS is affected by viruses or Trojan horses.