I'm trying to connect to my Google Cloud SQL instance from my desktop but am getting the following error:
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
According to the docs this means that the client's IP isn't authorised to access the instance. I have done the standard "what's my ip" google search and added the IP to the "Authorised Networks" list of the instance (as well as a bunch of variations and /x ranges - none have worked, yes I restarted the instance). I have set a root password and even tried connecting with the necessary SSL certs - yields the same error.
I can connect to other (non-google) sql databases, I can ping the database, and I'm not behind any significant firewalls.
How i'm typically trying to connect (also tried SSL):
mysql --host=the.instance.ip.add --user=root --password
Nothing I try seems to work.
I feel like I must be missing something obvious - any suggestions welcome (this is a nightmare).
Could you check again if you have authorized the correct IP address.
If using your desktop from home, you may be having a private IP address for the desktop. What you really need to authorize is the public IP address.
The "what's my ip" search on Google doesn't currently work properly when the ISP is proxying the web traffic transparently. Better information on the IP seems to be provided by Proxy Test from http://www.lagado.com/proxy-test.
Make sure that the IP you are using is the public IP, keep in mind that this can change from time to time depending on your Internet provider. The easiest way to authorize any network is to add 0.0.0.0/0 to the witelist
I check my ip addres in this page https://www.whatismyip.com/es/
Related
The entire scenario of my situation seems 10/10 sketchy, I'll admit. So I won't bother convincing you this isn't a malicious attempt to access a server that isn't mine - I'll simply say once, that this is a legitimate need for assistance.
That said, basically my problem goes back to me being a little too restrictive when it came to SSH access to my CentOS 6 server. Basically I restricted access to my custom SSH port from only two IP addresses - one being my home address, and one being my work address - via iptables. The problem is, I no longer work where I do, and my home IP address changed ever since I upgraded my internet.
Obviously this means I no longer am able to connect to my server via SSH since I don't own that IP address anymore.
My question is, is there anything I can do to access this server? I have no console access, but I do at least know the IP address I used to use to log into the server (maybe possible to spoof an IP address, but I have no clue). The only other thing I can think of is I have DirectAdmin installed on the server and can still login with the admin account. Other than that, I've got nothing.
If anyone has any idea on what I can do, it would be greatly appreciated.
You can change the SSH port number from Directadmin file editor (if you have root password),
Then restart the sshd service from service manager
And you can connect to SSH via new port number!
I'm having trouble connecting to an Active Directory server from my computer and server. I get "The server is not operational" error when trying to connect. The server I'm trying to connect to is in a different country than me.
LDAP Url is in the usual format:
LDAP://ip_address:389/CN=Users,DC=domain_name,DC=local
I've added the application that connects to the AD to the firewall (even disabled the firewall briefly to test) and added the IP to my hosts file but I can't seem to get past the error.
Now usually at this point, I would conclude that the issue is on the AD server side (or their server firewall) that is blocking requests from our server, however, the person in charge of the AD server has tested the same LDAP url using the same utility I'm using from an external network in their country and is able to authenticate without issues.
Any ideas on what we can try next?
Ok, it turns out the client's ISP was blocking international traffic over port 389. They had to write a letter to request the ISP to allow international traffic over that port. It is now working after they've done that.
Didn't know ISPs block traffic, but I suppose ISPs for corporate clients might as in this case.
I created a SQL Server RDS Instance in AWS and it seems to be up and running, but if I try to connect to it using Management Studio I get this error:
Here is the text of the error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - The wait operation timed out.) (Microsoft SQL Server, Error: 258)
I initially tried with the default security group that was created with the instance, but when that didn't work I created a new security group and modified the instance to use it.
Here you can see the details:
I tried this connection setup to connect:
Server Type: Database Engine
Server Name: valuationdlsdev.ck1qvjqhglyg.us-west-2.rds.amazonaws.com,1433
Authentication: SQL Server Authentication
Login: the Master User Login I created when creating the RDS Instance
Password: the Master User Password I created when creating the RDS Instance
I was kinda at my wits end and so I changed the setting on the Security Group to All traffic just to see if that would work, so here are all the settings on the security group:
At this point I'm wondering if port 1433 is not open, because I feel like I've tried everything. Could someone please help me.
Thanks.
In my case I opened the VPC Security group associated with my database
In the EC2 Security groups dashboard I selected Edit Inbound Rules from the actions dropdown and chose edit inbound rules.
At first, I looked at the inbound rules and thought everything was OK since this was the current setup
After all - if it was allowing all traffic, then what could possibly be wrong?
On a whim I added a rule for TCP port 1433. Ending up with this simple setup
Then it immediately started working for me.
Make sure it is publicly accessible, there is a radio button you have to check to make it publicly accessible.
Also add MS SQL inbound rule in inbound tab.After making the change wait for sometime so that the settings are updated in the instance.
In my experience this was counter-intuitive. With the options I selected, all ports and IPs seemed to be open, but after editing the inbound and outbound rules in the security group to have MS SQL for anywhere, I was able to connect.
For inbound rules, go to the VPC Security group of your database instance
In Inbound tab click modify
In column source change ip 0.0.0.0 by your IP by "My IP" or "Anywhere"
I had the same issue.
I ended up deleting the security group inbound rules, and just added a new inbound rule for port 1433, source being: 0.0.0.0
Image attached.
inbound rules
Thanks for the discussion here. Just post my finding in case anyone needs help in the future.
I initially followed this guide https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToMicrosoftSQLServerInstance.html.
then, I got some ideas from this post and figure out my particular issue in the end. https://forums.aws.amazon.com/thread.jspa?messageID=845682 The poster really did wonderful troubleshooting steps which could help fix most of the general Error 258 problems already. In the end I used the suggestion from the answerer to find out my problem.
In terms of my case of encountering error 258, I tried to connect to RDS SQL server 2016 inside a secure network from my workplace. When I switched to use the public network served by some Telecomm vendor, the connecting was succeeded.
If you want to access from different network were the instance was created, you'll need to open access to the IP range of where you want to access, by going to the "security group" assigned to your DB instance, and then adding the rule for your IP range.
PD. AWS by default only allow access from the IP range of the machine where you activated "public access" to the instance.
I was also not able to access it from my office laptop, but I was able to access it from my personal laptop. I think it is because of some company firewall rules.
In case anyone comes across this post looking for an answer, I just wanted to updated and make sure it's there if anyone needs it. The issue here turned out to be that I misunderstood the way "Publicly Accessible" works and set it to "Yes". Apparently it should have been set to "No". "Yes", however does work for the SQL Server Express version.
I have an application that using Google mysql database anywhere, so I opened my instance for any ip address by whitelisting the subnet in this way :0.0.0.0/0
But I also made it available for ssl connections only with certificates and now I am connecting with that way.
Is that secure enough ? And will it be possible for the hackers to hack my database ?
Thank you
If you are using the 'Only allow SSL connections.' then you should be reasonable safe. I would also recommend using the mysql passwords.
Note that the SSL verification is done by mysqld so the instance needs to spin up to check each connection that passes the IP ACL. If you use whitelist then 0.0.0.0/0 then anyone can spin up your instance. This is not an issue for the monthly plan but it will probably be if you plan to take advantage of the on-demand mode.
If you're opening up the IP ACL to the entire internet, I'd definitely suggest requiring SSL for the incoming connections. You can do that via Developers Console: Go to the database instance details page, click "ACCESS CONTROL", and check the "Only allow SSL connections" check box.
I've migrated a website to Amazon ec2 that hooks into a service we are using that is installed on another server (not on Amazon). Access to the API for that service is IP-restricted and done by sending XML data using *http_build_query* & *stream_context_create* in PHP.
If I want to connect to the service from a new server, I need to ask the vendor to add the new IP first. I did that by sending the Elastic IP to them, but it doesn't work.
While trying to debug, I noticed that the output for $_SERVER['SERVER_ADDR'] is the private IP of the ec2 instance.
I assume that the server on the other side is receiving the same data, so it tries to authenticate the private IP.
I've asked the vendor to allow access from the private IP as well – it's not implemented yet, so I'm not sure if that solves the problem, but as far as I understand the way their API works, it will then try to parse data back to the IP it was contacted from, which shouldn't be possible because the server is outside the Amazon cloud.
I might miss something really obvious here. I added a command to rc.local (running CENT OS on my ec2 instance) that associates the elastic IP to the server upon startup by using ec2-associate-address, and this seemed to help make a MySQL connection to another outside server working, but no luck with the above mentioned API.
To rule out one thing - the API is accessed through HTTPS, with ports 80 and 443 (and a mysql port) enabled in security groups and tested. The domain and SSL are running fine.
Any hint highly appreciated - I searched a lot already, but couldn't find anything useful so far.
It sounds like both IPs (private and elastic) are active in your VM. Check by running ifconfig -a. If that's what's happening then the IP that gets used for external traffic will depend on the remote address and your VM's routing table. It could even vary from one connection to the next.
If that's what's going on then the quickest fix would be to ifconfig down the interface that has the private address. That should leave only the elastic address for all external connections. If that resolves the problem then you can script something that downs the private IP automatically after the elastic IP has been made active, or if the elastic IP will be permanently assigned to this VM and you really don't need the private IP then you can permanently disassociate the private IP from this VM.