Why Can't My Windows ECS Access the Internet?
Symptom
Your attempt to access the Internet from your Windows ECS failed.
Fault Locating
The following fault causes are sequenced based on their occurrence probability.
If the fault persists after you have ruled out a cause, check other causes.
Possible Cause |
Solution |
---|---|
The ECS is frozen or stopped, or has no EIP bound. |
Check whether the ECS is in Running state and has an EIP bound. For details, see Checking the ECS Status. |
The ECS is overloaded. |
Check whether the bandwidth and vCPU usage of the ECS are too high. For details, see Checking Whether the ECS Is Overloaded. |
The EIP bandwidth exceeds the limit. |
Increase the bandwidth and try again. For details, see Checking Whether the EIP Bandwidth Exceeded the Limit. |
The access is blocked by the ISP. |
Check whether you can access the ECS using another hotspot or network. For details, see Checking Whether the ISP Network Is Functional. |
The network configuration on the ECS is incorrect. |
Check whether the NIC and DNS configurations are correct. For details, see Checking the NIC Configuration. |
Routing is incorrectly configured. |
Check whether the default route of 0.0.0.0 designates to the default gateway. For details, see Checking Whether the Default Route Is Destined for the Default Gateway. |
The security group is incorrectly configured. |
Check whether the security group allows the network traffic in the outbound direction. For details, see Checking Whether the Security Group Is Correctly Configured. |
A network ACL has been associated with the ECS. |
Disassociate the network ACL with the ECS and try again. For details, see Checking ACL Rules. |
The website you want to visit is outside the Chinese mainland. |
Optimize the website link configurations and try again. For details, see Checking Whether the Website to Be Visited Is Outside the Chinese Mainland. (This solution is used when you intend to access the websites outside the Chinese mainland.) |
The EIP is blocked. |
If the EIP is blocked, the ECS cannot access the Internet. For details, see Checking Whether the EIP Is Blocked. |
The access is blocked by the firewall. |
Disable the firewall and try again. For details, see Checking the Firewall Configuration. |
The gateway is inaccessible. |
Run the ping command to check whether the DNS server is running properly. For details, see Checking Whether the Gateway Is Accessible. |
The ECS performance cannot meet service requirements. |
Run the netstat command to check the network connection status. For details, see Checking the ECS Performance. |
The access is blocked by third-party antivirus software. |
Disable or uninstall the third-party antivirus software and try again. For details, see Checking Whether the Access Is Blocked by Antivirus Software. |
The ECS has been attacked by viruses or Trojan horses. |
Check whether the ECS is affected by viruses or Trojan horses. For details, see Checking the ECS Security Status. |
Checking the ECS Status
- Check whether the ECS is in the Running state on the management console.
- Check whether an ECS has an EIP bound.
An ECS can access the Internet only if it has an EIP bound.
For details about how to bind an EIP to the ECS, see Assigning an EIP.
Checking Whether the ECS Is Overloaded
If the bandwidth and CPU usage of an ECS are too high, the network may be disconnected.
If you have created an alarm rule in Cloud Eye, the system automatically sends an alarm notification to you when the bandwidth or CPU usage reaches the threshold specified in the rule.
To resolve this issue, perform the operations described in Why Is My Windows ECS Running Slowly?
Checking Whether the EIP Bandwidth Exceeded the Limit
An ECS with an EIP bound accesses the Internet using the bandwidth configured for the EIP.
If Internet access fails, check whether the EIP bandwidth exceeds the limit.
Check whether the bandwidth exceeds the configured bandwidth size. For details, see How Do I Know If My EIP Bandwidth Limit Has Been Exceeded?
If the bandwidth exceeds the limit, increase the bandwidth. For details, see Changing an EIP Bandwidth.
Checking Whether the ISP Network Is Functional
Check whether the fault occurs for a specific IP address. If so, the IP address may be blocked by the ISP.
Try another hotspot for access. If the access is successful, the fault may lie in the local carrier network. Contact the carrier to resolve this issue.
Checking the NIC Configuration
- Check whether the NIC and DNS configurations on the ECS are consistent with those displayed on the ECS management console.
- On the CLI of the ECS, run the ipconfig /all command to check whether the NIC and DNS configurations are correct, as shown in Figure 1.
- Log in to the management console. On the ECS list page, click the name of the target ECS.
- On the page providing details about the ECS, click the VPC name.
Figure 2 ECS details page
- On the VPC list page, click the number displayed in the Subnets column.
- On the subnet list page, click the name of the target subnet. The subnet details page is displayed , as shown in Figure 3.
- Open the cmd window, run the ncpa.cpl command to start Network and Sharing Center, and check whether the NIC is functional.
Figure 4 NIC status
Checking Whether the Default Route Is Destined for the Default Gateway
Run the route print command to obtain the routing table of the ECS and check whether the default route of 0.0.0.0 is destined for the default gateway.
Checking Whether the Security Group Is Correctly Configured
Check whether the security group of the ECS is correctly configured. If an allowlist is configured for the outbound rules of the security group, the network traffic in the outbound direction is permitted.
As shown in Figure 6, all network traffic in the outbound direction is permitted.
For instructions about how to permit a protocol or port, see Configuring Security Group Rules.
Checking ACL Rules
By default, no ACL rules are configured for a VPC. If a network ACL is associated with a VPC, check the ACL rules.
- Check whether the subnet of the ECS has been associated with a network ACL.
If an ACL name is displayed, the network ACL has been associated with the ECS.
Figure 7 Network ACL
- Click the ACL name to view its status.
Figure 8 Enabled network ACL
- Disassociate the network ACL from the subnet of the ECS.
- Try to access the Internet through the ECS again.
Checking Whether the Website to Be Visited Is Outside the Chinese Mainland
Websites outside the Chinese mainland may not be accessible or respond slowly when you access them through an ECS. This is caused by the slow access of a DNS server outside the Chinese mainland.
If you intend to access websites outside the Chinese mainland, select a region according to the website when purchasing an ECS.
To speed up the access to a website outside the Chinese mainland, see Why Accessing a Website Outside the Chinese Mainland Is Slow on an ECS?
Checking Whether the EIP Is Blocked
IP address blocking indicates that all traffic is destined to a null route. If the EIP is blocked, the ECS cannot access the Internet.
Generally, blocked EIPs will be automatically unblocked after 24 hours if no subsequent attack occurs.
It is recommended that you use Advanced Anti-DDoS (AAD) to prevent attacks.
Checking the Firewall Configuration
Disable firewall rules for the ECS and check whether the Internet connection is restored.
If the connection is restored, check the firewall settings.
- Log in to the Windows ECS.
- Click the Windows icon in the lower left corner of the desktop and choose Control Panel > System and Security > Windows Firewall.
Figure 10 Windows Firewall
- Choose Check firewall status > Turn Windows Firewall on or off.
View and set the firewall status.
Figure 11 Turn off Windows Firewall
Checking Whether the Gateway Is Accessible
- Run the ping command to check whether data can be exchanged between the ECS and the gateway.
Use an IP address in a different network segment to ping the gateway to check network connections.
- Run the ping command to obtain the IP address of the DNS server.
Compare the time required for pinging the DNS server and the time for pinging a specific IP address, and determine whether the DNS server is running properly.
Checking the ECS Performance
Run the netstat command to check whether SYN-SENT, CLOSE_WAIT, or FIN_WAIT is found.
If any of them is found, port resources are used up. This issue is generally caused by a software bug. After the bug is fixed, restart the ECS.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot