This is question is related to an earlier one I asked, but more specific and hopefully easier to answer.
Essentially, I can't connect to my RDS instance. I tried in my SQL editor (datagrips) and also by pinging the server on the console. Comments on my previous question led me to believe that my problem has to do with the security group. Upon investigation, however, everything seems to be in order--my security group has an inbound rule that should allow all inbound access.
Security Group:
Console Ping:
What is going on here?
EDIT:
It was pointed out that all inbound access does not mean what I thought it did. However I also tried allowing inbound access for my specific IP with still no luck.
Here is the inbound rule for My IP:
EDIT 2:
Not sure what this means but it's not timing out on the EC2...
See comments for context?
inbound rule that should allow all inbound access
It does not. It only allows inbound traffic from SG with id of sg-ea3.... This means that you can't connect to it from home, work etc. To allow all inbound access the source should be 0.0.0.0/0, but it would be better to have your exact home/work ip address <your-ip-address>/32.
Related
I'm currently learning the basics of cloud computing, and have been trying to set up and access a small database using AWS RDS. I followed this video, and have followed it word for word. But when trying to connect to the db, I get a connection error.
I initially tried this with a PostgreSQL db, but have since remade and trying with another DB provider to see if that was the issue.
The DB is set to be publicly accessible.
I've checked/rechecked master user/password, and have even reset the password just in case
I've edited inbound rules to allow ALL inbound TCP Ipv4 and Ipv6 (not good practice but just trying to get access from anything)
I've written the endpoint by hand just in case there was trailing whitespace or a sneaky \n somewhere in it
I'm honestly at a complete loss of what to check next. I'm assuming there is a setting somewhere I'm missing, being new to this topic, so any help would be greatly appreciated.
I made ASP.NET MVC web application, uploaded the files, also the database, but I get the following error when browsing it.
The network path was not found
I'm using Entity Framework and this is the connection string in my web.config file
<connectionStrings>
<add name="[mydatabase]Entities" connectionString="metadata=res://*/Models.Model1.csdl|res://*/Models.Model1.ssdl|res://*/Models.Model1.msl;provider=System.Data.SqlClient;provider connection string="data source=sql.[somedomain].net;initial catalog=[mydatabase name];User ID=[myUsername];Password=[myPassword];MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
I've uploaded many websites using IP Address eg. xxx.xxx.x.xxx as data source, but this is the first time to use server name eg. sql.[somedomain].net -I cannot get the server ip-, so I'm not sure if this caused the error, or if I should make something special to make it work.
So, I'm asking if there is something I should do to use server name as data source, if not then what else may cause this error.
This answer doesn't really help.
Thanks in advance.
Update
If I ping the server sql.[somedomain].net, I get this result
Ping request could not find host sql.[somedomain].net. Please check the name and try again.
And if I nslookup it, I get this result
*** Unknown can't find sql.[somedomain].net: Non-existent domain
So does that mean -for sure- that the server is not accessible. And is there anything I can do beside contacting the hosting technical support?
Solved
It was the Hosting Provider error/misconfiguration. After 3 days of searching and contacting the customer support, they realized it was their issue. I'm leaving this question to tell future viewers to Host Only with reliable/well-known Hosting Providers no matter what.
The info you got from tech support seems fairly contradictory. It's common to disable remote access for database servers, but if that's the case, then using the domain to connect doesn't really help you.
If you're trying to connect to this database from a published MVC project, residing with the same provider as supplies your database, then you should have no issues connecting as you're no longer "remote". However, unless your DNS is also hosted at the same provider, using the domain may make the connection appear remote, as it's going outside to come back in. The safest bet is to simply use the IP address of the database server in the connection string.
Also, pay attention to the IP address you have for the database server. If it's in the 10.* or 172.* range, it's a local IP, but if it's something else, it's most likely an outside IP address. Trying to connect to such an address, may also make the connection appear remote as you're going outside the network to come back in. Also, while disallowing remote access to a database server is a good idea, you can generally safely allow remote access to certain IPs. You most likely don't have control over that directly, but you can check with your provider to see if they can add an explicit rule for your web server's IP so that even if the connection is coming through as remote, it'll still work.
As far as working locally in development, you'll just have to use a local database. You may already have that covered, but your question wasn't entirely clear on that aspect.
I also faced the same issue. I used the forward slash instead of back slash for instance name (clustername\instancename). Once I changed it to back slash. It worked fine.
HI all,
I tried posted on amazon forum for which I didn't get a response. TCPS is needed for my oracle database server to be ssl enabled. Looks like there is no options to open the port 2484 or any other for TCPS. Is this true on amazon instances please confirm.
Thanks,
SR
Unless you're using EC2 security groups, or you have a local firewall (iptables) the port should already be open. Try running iptables -L -v to check for local firewall rules that came with the AMI you are using.
As a point of fact, it's worth noting that by default, ports on any system are "open" until they are blocked by a firewall. "open" effectively means "not blocked." That doesn't mean that they are in use; a system without a firewall can be quite secure if it does not have any programs that are bound/listening to the network, although this is not practical. (The words 'bound' and 'listen' come from the system calls bind(2) and listen(2) which are called by a program to start accepting connections on a given port.)
In short, if there's no firewall in the way, you may not have to do anything at all to "open" a port. Once Oracle has been configured to use TCPS, it will begin using the port automatically.
Is there any way to detect if I am connected to a VPN using standard windows APIs in C?
Basically I have a client that has to sync with a server but only if the VPN is connected. This could be a standard windows VPN client or a Citrix.
Is RAS helpful here?
thank you, code is appreciated.
EDIT:
to make it clearer.
This is a client that will run on our customer's computer and they set the VPN and server however they want. So I wanted to know if windows keeps a setting somewhere that I can read via an API or registry or WMI or whatever that can tell me VPN: no or yes and if yes the info.
With the VPN I suspect you able to access resources that don't exists otherwise. So you could PING test a server on the VPN network. ICMP is the protocol for ping.
Here is some examples: http://www.alhem.net/project/ex10/index.html
Your IP space should be different if you're on VPN or not - if the VPN is set up right, the server shouldn't even be accessible unless you're on the VPN. You could try to ping the server, and only try to perform the sync if you get a response?
I'm fairly certain that one of the selling points of VPN is that userland applications should be, on the whole, entirely unaware of its existence. Your best course of action is likely to query, using COM or some other form of IPC, known VPN provider services, or just see if they are alive and/or active, and infer the situation based on this evidence.
I have looked for vendor specific registry settings to determine if the tunnel is active. This works well with Nortel and Cisco VPN clients.
Can your app lookup the IP of a domain name that's only available through the VPN? If the name lookup fails, you're not on the VPN. If the general Internet can't query the DNS server on the VPN, this may be a workable solution (but maybe not generalized enough for your needs?). You can then try connecting to that IP -- something that will only succeed if you're on the VPN.
You could even have a public DNS server provide the IP address. Just use a special hostname that never resolves to a public IP. If the VPN isn't up, you won't be able to reach that address.
Suppose the following:
I have a database set up on database.mywebsite.com, which resolves to IP 111.111.1.1, running from a local DNS server on our network.
I have countless ASP, ASP.NET and WinForms applications that use a connection string utilising database.mywebsite.com as the server name, all running from the internal network.
Then the box running the database dies, and I switch over to a new box with an IP of 222.222.2.2.
So, I update the DNS for database.mywebsite.com to point to 222.222.2.2.
Will all the applications and computers running them have cached the old resolved IP address?
I'm assuming they will have.
Any suggestions along the lines of "don't have your IP change each time you switch box" are not too welcome as I cannot control this aspect of the situation, unfortunately. We are currently using the machine name of the box, which changes every time it dies and all apps etc. have to be updated with the new machine name. It hurts.
Even if the DNS is not cached local to the machine, it will likely be cached somewhere along the DNS chain between the machine and the name servers, at least for a short while. My understanding is this situation would usually be handled with IP takeover where you just make the new machine 111.111.1.1.
Probably a question for serverfault.
You're looking for DNS TTL (Time To Live) I guess.. In my opinion applications may cache the IP for at most the value of the TTL. I'm afraid however that some applications/technologies might actually cache it longer (agian in my opinion completely wrong)
Each machine will cache the ip address.
The length of time it is cached is the TTL (Time To Live). This is a setting on your DNS server, if you set it very low say 5 mins, then you show be up and running fairly quikly. A bit of a hack but it should work.
Yes, the other comments are correct in that what controls this is the DNS TTL set for the hostname database.mywebsite.com.
You'll have to decide what the maximum amount of time you're willing to wait for if you have a failure on your primary address (111.111.1.1) after you make the switch to the secondary address. Lower settings will give you a quicker recovery time, but will also increase the load and bandwidth to your DNS server because clients will have to re-query it to refresh their cache more often.
You can use nslookup using the -d option from your cmd prompt to see what your default TTL times and remaining TTL times are for the DNS server you are querying.
%> nslookup -d google.com
You should assume that they are cashed for two reasons not clearly mentioned before:
1- Many "modern" versions of OS families do DNS caching.
2- Many applications do DNS caching or have poor error/failure detection on live connections and/or opening new connections. This would possibly include your database client.
Also, this is probably not well documented. I did some googling, and found this for MySQL:
http://dev.mysql.com/doc/refman/5.0/en/connector-net-programming-connecting-connection-string.html#connector-net-programming-connecting-errors
It does not clearly explain its behavior in this regard.
I had a similar issue with a web site that disables the application pool recycling features and runs for weeks on end. Sometimes, a clustered SQL Server box would restart and for some reason, my SqlConnection's were not reconnecting. I was getting the error:
A network-related or instance-specific
error occurred while establishing a
connection to SQL Server. The server
was not found or was not accessible.
Verify that the instance name is
correct and that SQL Server is
configured to allow remote
connections. (provider: Named Pipes
Provider, error: 40 - Could not open a
connection to SQL Server)
The server was there - and running - in fact, if I just recycled the app pool, the app would work fine - but I don't like recycling app pools!
The connections that were being held in the connection pool were somehow using old connection information, and that could have been old IP addresses. This is what seems so similar to the poster's question, that it appears to be cached DNS information, because as soon as some sort of a cache is cleared, the app works fine.
This is how I solved it - by forcing all of the connections in the pool to be re-created:
Try
' Example: SqlDependency, but this could also be any SqlConnection.Open call
Dim result As Boolean = SqlClient.SqlDependency.Start(ConnStr)
Catch sqlex As SqlClient.SqlException
SqlClient.SqlConnection.ClearAllPools()
End Try
The code sample is just the boiled-down basics - it should be tweaked for your situation!
The DNS gets cached, but for any server that resolves to the wrong ip address, you can update the HOSTS file of the server and the ip should be updated immediately. This could be a solution if you have a limited amount of servers accessing your database server.