Help Center/ Server Migration Service/ User Guide(ME-Abu Dhabi Region)/ FAQs/ Migration Network/ How Do I Fix the Error "Failed to connect to the target ECS. Check whether its IP address is reachable and confirm that port XX is enabled"?
Updated on 2024-03-15 GMT+08:00

How Do I Fix the Error "Failed to connect to the target ECS. Check whether its IP address is reachable and confirm that port XX is enabled"?

Symptom

The target server could not be accessed, and either of the following messages was displayed:

  • Failed to connect to the target ECS. Check whether its IP address is reachable and confirm that port 8900 is enabled.
  • Failed to connect to the target ECS. Check whether its IP address is reachable and confirm that port 8899 is enabled.

Problem Analysis

For a Windows migration, ports 8899 and 8900 must be enabled on the target server for communicating with SMS and the source server. If communications cannot be established, this error occurs. You can locate the fault by:

Checking Whether the Source Server Can Connect to the Target Server

  1. Log in to the source server.
  2. Run telnet Target server IP address Port in the error message. If the port is not reachable, check the configurations of the DNS servers, firewalls, security groups, and local networks of the source and target servers.
  3. Run telnet Target server IP address Port in the error message. If the port is not reachable, check the configurations of the DNS servers, firewalls, security groups, and local networks of the source and target servers.

Checking Whether the Peagent on the Target Server Is Running Properly

After confirming the network is normal, forcibly restart the target server. Wait for about 3 minutes and start the migration again.

Checking Whether Ports 8899 and 8900 Are Enabled in the Security Group of the Target Server

  1. Log in to the management console.
  2. Under Compute, click Elastic Cloud Server. In the ECS list, click the name of the target ECS.
  3. On the ECS details page, click the Security Groups tab. Check whether ports 8899 and 8900 are opened and the source IP address is specified correctly.

    If port 8899 or 8900 is not opened, add an inbound rule for the port. If such rules exist but the source IP address is not 0.0.0.0/0 or the IP address of the source server, change it to 0.0.0.0/0.

    For detailed instructions, see How Do I Configure Security Group Rules for Target Servers?

Checking Whether Ports 8899 and 8900 Are Allowed in the Network ACL of the Subnet Where the Target Server Is Running

  1. Log in to the management console.
  2. Check whether the subnet of the target server is associated with a network ACL.

    If a network ACL has been associated and there are inbound rules configured for ports 8899 and 8900, change the action to Allow.

    For details, see "Modifying a Network ACL Rule" in Virtual Private Cloud User Guide.