I set AWS Client VPN Endpoint, and downloaded opvn file, configured it to refer to cert/key files and connected to AWS RDS.
It used to success connecting yesterday, but today, after re-installing ESET security app
It shows the following error when I trying connecting with MySQL client app:
ERROR 2005 (HY000): Unknown MySQL server host 'myrds.something.ap-northeast-1.rds.amazonaws.com' (0)
I am not sure how to detect the cause of the error. If I configured RDS settings to pubilc, the error above not shown and just waiting for minutes...
(maybe I guess some DNS settings overriden by ESET? )
You can easily debug the problem:
AWS Client VPN Endpoint, You can see the active connection. See if you are connected to it or not.
Do you restarted or reinstall RDS also, Because it will change the URL to connect.
Is username/password of DB is changed.
If RDS is in public setting you don't even need a VPN connection.
Also as suggested above check VPN to RDS VPC Route.
Thanks,
AB
here are some troubleshooting steps.
When you connect your VPN:
Check if it's pushing the DNS server address via DHCP configuration
Check if new routes are added to your route table. you can do "route print" in the windows command line
Hope this helps.
Related
I am not able to connect to Database through bolt in Neo4j browser when opening my domain on HTTPS. We are using Neo4j Enterprise version 4.4.4 and its deployed on AWS EC2. All the ports are opened in Security Group ( 7474, 7473, 7687, 22).
SSL has been applied through ACM and that is attached with Application Load Balancer.
Below is the error-
ServiceUnavailable: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use.
Use "bolt+s://" or "neo4j+s://" for the connection
The '+s' variants of URI schemes for encrypted sessions with full certificates
Refer to the Neo4j Driver manual for more details on the connection URI.
I had the same issue after deploying to EC2 using an AWS image (not from neo4j) to install neo4j community edition.
In my case, the neo4j browser was initially using this "Connect URL": neo4j://127.0.0.1:7687, which the browser then automatically changed to bolt://127.0.0.1:7687. After that, I saw the same error message that you did.
If you experience that scenario, you need to change the 127.0.0.1 portion of the URL to the appropriate public IP address or public DNS hostname for your EC2 instance.
I am new to sails. I have created an app with Sails. I have deployed the app to AWS. App works with localDiskDb. When I try connecting to RDS, I get the following error. I have set up connection URL in sails.config.datastores.js. When I see my error message, my feeling is that Sails still trying to connect to localhost. But I did not find any other place to replace that settings. I hope it's enough to change only connection URL. I am running Sails app with developmenet environment locally.
adapter: require('sails-mysql'),
url: 'mysql://USERNAME:PASSWORD#.................amazonaws.com:3306/DATABASE_NAME'
Error message
You have to open the 3306 port in your EC2 instance.
Do this in Security Groups by editing the Inbound Rules and adding a new TCP rule for the 3306 port AND specify your IP (where the app connects from) in order to not allow everyone access this service.
I fixed this issue. I had used a '#' in my password. It ruined this all.
We have a very difficult problem here, we have a Windows Server 2019 Base x64 on Amazon EC2, connected through RDP and setup-ed forest and activated AD DS , also activated DNS. But whenever we try to connect we are not allowed to.
We have opened all the relevant ports on inbound traffic rules.
We have added users.
We have tried searching internet and various tutorials.
In Server Manager=:
Added the public ipv4 address to our ipv4 settings of the adapter.
Went to the computer setting in computer domain entered the domain but no fun.
Disabled the firewall in server manager.
We want to connect our clients on different network to connect to the server hosted else-where on AWS.
We are really new into this can some one guide through this?
Please make sure there is network connectivity between your client and you DC which is set up on EC-2 Instance.
[1] In case your clients are on AWS (meaning different EC-2 Instances), and in a different network, you need to create VPC peering or use Transit Gateway, so that it has proper network connectivity.
[2] In case your clients are not on AWS, and in an On-prem Environment, you need to have a VPN connection between your client and your DC.
So in Summary, you need to have network connectivity between your client and DC so that clients can join your Domain.
What do you mean whenever we try to connect we are not allowed to?
What are you trying to connect to, the Windows EC2 instance?
Are you saying that the instance is joined to AWS Directory Service domain but you can't connect to the instance using one of the users in your AWS directory?
Edit: This should have been a comment but couldn't post comments at the time of answering.
I am trying to run my springboot API on AWS however when i try to connect to the endpoint the error Site cannot be reached IP refused to connect. This my first time working with AWS.
I created a linux instance and connected to it using filezilla. Afterwards i added my jar to a folder which i created on the linux instance using filezilla. I started the springboot project and its running but the problem is that i cannt seem to connect to the endpoints. Am i missing something, how do i connect to my endpoints.
The other thing to note is that i enabled https on my API and added swagger also.
You need to enable relevant ports in the instances' Security Group.
Look at this to create a new Inbound rule for the specific port.
You can go to the aws console, (here I am assuming you have deployed to us-east-1 if its something else, go to the relevant region.
Open up the relevant security group, and then click edit Inbound roles.
I have set up a a micro EC2 instance on AWS. Currently, I am using the free tier in Oregon. There are two problems which I am facing.
When I try to SSH the instance using the public DNS, it says host does not exist but when I try conencting it using the public IP, it connects to it. What setting is needed to use the public DNS ?
I have opened the SSH client using the IP address. I want to set up my application which needs Node.js and MongoDB. I installed Node.js using this
Next I installed MongoDB using this
Then I connected to my instance using Filezilla and uploaded my code to it. I then start my node application which uses socket.io.
When I try to connect to socket.io server using web browser, I get a message which says connection refused "error 111". I have opened TCP port 80 in instance's security groups. In iptables, I have forwarded port 80 to 8080, but still it does not work. I have also checked that the firewall is disabled in ec2. Kindly help me to resolve this issue.
Did you check if all of the necessary ports are open on Amazon Security Policy?
What you can do is to allow all traffic on Amazon Security Policy for test and see if the connection goes well or not.
You might also check if you need access DB from outside. In that case, you also have to open the mongodb port and setup mongodb correctly as well.
Other tools that might useful to test firewall and connection issue will be tcpdump and syslog file
For the dns issue, did you try to nslookup on that name and see if the IP shown matches your server IP?
As Amazon gives a long DNS hostname for the server, I always use my own domain name. It's much easier.
example : ec2.domainname.com, which points to the Amazon IP address
Hope that help.
My problem is resolved now..
For the DNS issue, earlier I needed proxy to access internet, so I guess the DNS name was not getting resolved. When I tried using proxy free internet, I was able to ssh using public DNS.
And regarding connection to socket.io, I used port 8080 instead of 80 and used "sudo node main.js" to run my node file. Now I am able to connect to the socket.io server and MongoDB.
Another thing which I want to ask is that would running the node file with sudo rights create some security issue ?
Thanks for the answer! That also worked for me. I had the same problem trying to connect through sockets (http://myipaddress:3000) to a node.js server, i tried opening ports on the actual ec2 instance and disabling the firewall through SSH but nothing worked. Had to go to Security Groups on the ec2 console and open a new inbound tcp rule enabling that port