tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
TencentDB for MySQL
    Documentation
    Download PDF

    Private Network Connection Failure

    Last updated: 2023-12-27 10:34:49
    Download PDF

      ##Symptom

      Failed to connect a CVM instance to a TencentDB for MySQL instance through the private network address.
      Note:
      There are various methods to connect to a TencentDB for MySQL instance, including connecting through private network, public network, or CCN, each requiring different connection conditions. For instance, if you attempt to connect to TencentDB for MySQL instance through a public network but you entered the instance's private network address in the command line, the connection will fail. Similarly, if you are using a Lighthouse instance to connect directly to TencentDB for MySQL without going through CCN, the connection will also fail. Therefore, in case of a connection failure, we recommend you first refer to the connection methods and application scenarios in Getting Started > Connecting to MySQL Instances > Overview to check whether you are adopting a proper connection method.

      Causes

      Possible Causes
      Description
      The password is incorrect.
      The CVM and MySQL instances are in the same region but belong to different VPC networks.
      The CVM and MySQL instances are in different regions and belong to separate VPC networks.
      The configuration for CVM security group is incorrect.
      The configuration of MySQL security group is incorrect.
      The database account has restricted the access to specific host addresses.
      The connection command is incorrect.
      The IP and port in the command line or configuration file are incorrect.
      The MySQL instance's disk is full; maximum connections have been reached; the timeout parameter setting is incorrect; a master/slave switch is undergoing, or other possible issues.
      MySQL Instance Operating Status Issues
      The MySQL instance is in isolation. It can be restored from the Recycle Bin.
      CVM Instance Status Issues
      The CVM instance is in isolation or shut down. It can be restored or powered on through the Console.

      Solution

      1. Locate the cause through a check tool. The TencentDB console provides a one-click connection check tool to help locate the possible causes of connection failures, allowing you to, based on the prompts, make modifications before reconnecting to the instance.
      2. Self-Check If the One-Click Connection Check tool fails to locate the problem, or if you require solutions to the potential causes, you may locate the cause by yourself according to the following failure causes.

      Processing Steps

      I. Utilizing the One-Click Connection Check Tool to Locate the Cause and Implementing Corresponding Actions

      1. Log in to the TencentDB for MySQL console, choose the instance to be checked, and click the instance ID to access the instance management page.
      2. On the instance management page, select Connection Check > Private Network Check.
      Note:
      To distinguish between private and public network addresses, please refer to the basic information on the instance details page.
      3. Add the CVM instance that will access the MySQL instance.
      4. After the addition, click Start Check. A check report will be generated once the check task is completed.
      5. Based on the check report, locate the issue, make adjustments according to the recommendations, and then reconnect to MySQL.
      Check Items
      Exception Handling
      MySQL Instance Status
      It is detected that your MySQL instance has been terminated. You can restore it from the Recycle Bin.
      CVM Instance Status Issues
      It is detected that your CVM instance has been terminated. You can restore it from the Recycle Bin.
      It is detected that your CVM instance has been powered off. If you wish to continue to use this CVM instance, please proceed to the console to start the CVM instance.
      The CVM and MySQL instances are under the same VPC.
      It is detected that your CVM and MySQL instances are not under the same VPC network segment. The CVM needs to be placed in the same VPC in the same region as MySQL. Please refer to Network Issues to modify the VPC.
      CVM Security Group Policy
      It is detected that the outbound rule of the security group bound to your CVM instance has blocked the IP port access. Please refer to Incorrect CVM Security Group Configuration to release the IP port access.
      MySQL Security Group Policy
      It is detected that the inbound rule of the security group bound to your MySQL instance has blocked the IP port access. Please refer to Incorrect MySQL Security Group Configuration to release the IP port access.
      

      II. If the tool check fails to resolve the issue, consider the following causes.

      Password issue: The password is incorrect.

      If the password used during the connection is incorrect, you can either reset your password or create a temporary account with necessary permissions to log in the database.

      Network issue 1: CVM and MySQL are in the same region but under different VPC networks.

      By default, both the CVM and MySQL instances are under the VPC network and can directly interconnect via a private network when they are under the same VPC. If they are in the same region but different VPCs, you could migrate MySQL to the VPC where the CVM resides, enabling intercommunication between CVM and MySQL. For the operations, please refer to Switching Networks.

      Network issue 2: The CVM and MySQL are in different regions and are under different VPC networks.

      If the CVM and MySQL are in different regions and are under different VPC networks, the CVM cannot connect to MySQL directly through the private network. We recommend using a CVM in the same VPC as MySQL for connection. If there is no CVM instance in the same region as MySQL, you can create a new CVM instance that is in the same region and VPC network as MySQL on the CVM purchase page.

      Security group configuration issue 1: The CVM security group configuration is incorrect.

      To use a CVM to connect to MySQL, you need to configure outbound rules in the CVM's security group.When the outbound rule target is not set to 0.0.0.0/0 and the protocol port is not set to ALL, you need to add the private IP and port of the MySQL into the outbound rules.
      1. Log in to the Security group console, click the name of the security group to access the details page of the security group assigned to the CVM.
      2. On the Outbound Rules tab, click Add Rule. Select MySQL(3306) for "Type", input your MySQL's private IP address(range) for "Destination", and set "Policy" to Allow.

      Security group configuration issue 2: The MySQL security group configuration is incorrect.

      If you want to connect a specified CVM to the MySQL instance, you need to set up inbound rules in the MySQL security groups. If the inbound rule source is not set to 0.0.0.0/0 and the protocol port is not set to ALL, you need to add the IP and port of the CVM into the inbound rules.
      1. Log in to the Security group console and click the security group name to enter the details page of the security group bound to the MySQL.
      2. Navigate to the Inbound Rules tab and click Add Rule. Provide the IP address(range) that should be allowed to connect and the port information (e.g., MySQL internal port) to be released. Select "Allow" to release the IP port access. Select MySQL(3306) for "Type"; input your CVM's private IP address(range) for "Source"; and set "Policy" to Allow.

      **Issues related to the host addresses authorized by account: The database account has restricted the access to specific host addresses.

      In addition to the security group, subnet, and other network environment restrictions, the database account is also subject to constraints imposed by the MySQL account system itself. If a database account specifies certain host addresses, connections from other addresses to MySQL will be denied. You can enhance the security of your database connection by using the TencentDB for MySQL console to modify the host addresses authorized by the database account.
      1. Log in to the TencentDB for MySQL console, select an instance ID from the instance list to enter the instance management page.
      2. Navigate to DMC > Account Management, locate the account for which host modification is required, and in the Operation column, choose More > Modify Host.
      3. In the pop-up dialog box, enter the new host address and click OK to modify the host address authorized to the account.
      Note:
      The host address can be an IP or % (indicating no limits on the IP range). Multiple hosts should be separated using a line break, space, or the symbols ; , |.
      Example 1: Entering
      Example 2: Entering 10.5.10.%, indicates that the clients within the 10.5.10.%IP range are allowed to use this account to connect to the database.

      Connection syntax issue: The connection command is incorrect.

      Please verify the correctness of the connection command. Please refer to the standard command for private network connections:
      mysql -h <internal IP address> -u <username, default is root> -P <port number, default is 3306> -p
      <Private network IP address>: Replace it with the private network address of your target MySQL instance, which can be viewed on the instance details page in the TencentDB for MySQL console.
      Note:
      The default port for MySQL is 3306.
      When the port number is 3306, the <Internal IP Address> should be replaced with the IP address only. For instance, if the private network address is 10.16.0.11:3306, you should simply input 10.16.0.11.
      <username, default is root>: Replace it with the account name of your target MySQL instance. The default account name is root.

      IP and port issue: The IP address or port in the command line or configuration file is incorrect.

      When attempting to connect to the database using commands, please ensure that the private network IP and port number of the instance are correct. These details can be accessed from the instance details page in the TencentDB for MySQL console.
      

      MySQL instance issue: The MySQL instance's disk is full. The maximum connections have been reached. The timeout parameter setting is incorrect. A master/slave switch is undergoing.

      If the MySQL instance disk is full, it may affect database connectivity. It's recommended to expand the disk capacity. For the procedure, please refer to Adjusting Database Instance Specification.
      When the error message "ERROR 1040(00000): Too many connections" is displayed, it indicates that the maximum number of connections for the current CDB instance has been reached. Common causes and solutions are as follows: i. If there are too many sleep threads, it's advised to decrease the values of the wait_timeout and interactive_timeout parameters via the console. For details, please refer to Setting Instance Parameters. ii. If there are few sleep threads and no slow query accumulation, it's suggested to increase the value of the max_connections parameter via the console. For details, please refer to Setting Instance Parameters.
      Check whether the MySQL instance is in a "master-slave switch state", as connection attempts will fail if the MySQL instance is in the middle of a master-slave switch. After the switch has completed, connect using the command again.
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy