GCP VM instance hosted Website showing connectino refused error message - google-cloud-platform

I am trying to fix a website that is hosted on Google Cloud Platform using VM instance. The website is giving me a connection refused error message. I have checked that the firewall rules are set up and are provided to the VM instance.
The VM external IP is static and the same IP is present on both cloud DNS and GoDaddy.
I'm also unable to SSH into the instance.
The SSH screen is stuck here and is not loading any further
I have given the necessary permissions to the instance and the user (Compute Admin, Compute Instance Admin (v1)), but still no luck.
As the instance is created from a custom image, so later, I tried creating another instance with the same config and I was able to SSH from it. So, please find some screenshots attached below if those could be of any help
netstat -a
route -n
df -h
I am new to this so any help to fix the issue and get the website up and running would be highly appreciated.

If it worked at the second attempt (2nd Instance I mean), I suspect that the SSH service hasn't started properly. I would recommend you to check the Serial Port Output, and Accessing into the Instance through the serial port in order to be able to troubleshoot it.
Note that you'll need a user to access through the serial port. If you don't have any user created, you will be able to do so using an startup-script.
Hope this helps!

Related

Unable to connect to Google Cloud VM via SSH Error code 4010

Unable to connect to Google Cloud VM via SSH.
I have faced the below-mentioned error while trying to connect VM.
So far I have tried following things,
Code: 4010 - Connection via Cloud Identity-Aware Proxy Failed
Google VM instance Connection via Cloud Identity-Aware Proxy Failed (code 4010)
Could you please tell me anyone is this issue is related to any SSH key. I thought ssh key has been expired. So, I have generate new SSH private & public key via PUTTY Gen
Then I have update public key in Google cloud->Metadata->SSH Keys -> Edit
Followed many documents to generate ssh key & add ssh key
I am unable to add ssh key in Instance-> Edit-> SSH key facing below mentioned error.
Need to start tomcat service imediately last 12 hours service has been stopped due to this issue. Could you please suggest any way to start atleast apache tomcat service?. Please let me know if need any clarification.
Could you please help me anyone to resolve this issue.
Don't mark as duplicate question. It's related to someother issue. I have already checked existing forums. Not working.
How should we know the SSH key is expired?
<protocol> <key-blob> google-ssh {"userName":"<username#example.com>","expireOn":"<date>"}
You can check out expireOn.
The common solution is the firewall. Please check your firewall is configured correctly and open on the port you're connecting to. You can use Connectivity Tests to identify any connectivity issues.
Also, you should be able to see the instance's serial console output using the GCP console - go to the instance's details and click on Serial port 1 (console) and you will see the output.
GCP has provided the documentation of troubleshooting.
The second issue shows that you're facing some IP problems, so I still suggest that review any network service that you using.

Lost access to Mongo running on Google Cloud VM and can't ssh to it

I have a mongo instance running on a google cloud VM and my application lost access to it overnight. I'm not being able to SSH to it and Cloud console is looking weird.
VM Image: bitnami-mongodb-3-2-1-1-r04-linux-debian-7-x86-64
It first says I don't have permission to access the instance console page. Eventhough I'm the owner of the project and I can see it once I close the modal.
Then when I try to SSH using the built-in SSH tool I first get the following message. I see I have a VPC setup so I'm not really sure if that is actually expected or not.
If I try the alternative method I then get the following:
Does anyone has any hint on what could be the issue?
UPDATE:
VPC Firewall settings are set to allow SSH and the target project is set for it this rule:
I also have an external static IP set for this VM.
Just yesterday I could connect to my mongo instance through port 27017 and it stoped working without touching any GPC configuration.
Based on the information you have provided, it would seem that your GCE VM instance is currently utilizing IAP (Identity-Aware Proxy).
With this in mind, any overviewing the error message you are receiving, it would seem that your firewall rules aren't allowing connections on the SSH port. There should be an ingress rule to allow traffic to the instance on TCP port 22 (SSH) on that VPC network.
Generally, this is automatically created by GCP, on the default network it is typically called "default-allow-ssh", but you can also manually create it in the VPC Network -> Firewall rules tab. Make sure it applies to the instance in question (either through "All targets" or a target tag that matches the instance). You can read more about GCP firewall rules in the documentation.
Likewise, make sure you have an external IP or that you are following one of the options described here.

SSH Connect to AWS EC2 failed after using lets-encrypt update my website

Yesterday, I updated my Django website (on AWS EC2) to HTTPS by using lets-encrypt. Everything works well. The website has HTTPS green icon as expected.
Today when I try to connect my instance by using SSH. The connection keep hunging. Finally, It give some message like "ssh: connect to host ec2-34-202-93-189.compute-1.amazonaws.com port 22: Resource temporarily unavailable".
I thought it might be security group problem of this instance. So I double checked my security group setting of this instance, the SSH, HTTP and HTTPS port are all open correctly. I created another instance to test if there is any problem on my local. The new instance connected successfully. Then I apply the new instance to the security group that I made for the previous instance and It connected. Then I apply the previous instance to the new security that I made for the new instance, the connection got frozen again. I also tried to connect with putty and it was not working as well.
Now I am really confused. My local machine is Windows subsystem of Linux. My EC2 instance is Ubuntu 16. I am using Nginx as web server. My ssh command is "ssh -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com".
Here is my security group setup for the instance.
This is the result I command "ssh -vvv -i blog_project.pem ubuntu#ec2-34-202-93-189.compute-1.amazonaws.com"
BTW, Is there any way that I can login to my instance without ssh connection? Is there anything like console or shell inside the AWS that I can touch with my instance?
Check if the instance exists on AWS, maybe a new one was created with different Public DNS (xxxx.compute-1.amazonaws.com) than the one you are using in your command.

unable to connect via rdp to a google cloud windows server vm

I have one instance of a Windows Server 12 R2 VM on google cloud that's working properly and I have connected to it successfully using RDP. I have tried to replicate it by creating a snapshot out of it and creating an instance from the snapshot. According to the platform the instance was created, but i can't seem to connect to it or to get a password. When I click "Get windows password" I get this:
forever. When i try to connect to it, I get
I have no idea what to do, any help would be appreciated.Thanks
The password creation tool from the console only works for images builted from the official image repo. In this case your source is a previous VM through a snapshot. In that case, and also in migrations all the previous credentials are kept in the new VM. You can download the GCP RDP agent here and access using the credential you used to have in your source VM.
Connecting to a Windows Instance
https://cloud.google.com/compute/docs/instances/windows/connecting-to-windows-instance
-----------Update----------------
In the case you can not get to enter the VM, it seems to be a firewall rules issue. By default the port tcp:3389(RDP access) is open to all VM at the default network, check your VM is in that network or check if the firewall rule has a tag to be applied.
If not, apply a tag to your new machine and create a firewall rule tobe applied to that tag.
Hope it help. Keep us posted!

Unable to RDP to EC2 instance

I created a VM using Hyper-V on my local machine which I can RDP onto fine. I exported the VHDX to VHD and then uploaded it to AWS via the API.
This created a new EC2 instance for me but I cannot connect to it as it has no security keypair associated.
Thus I created a private AMI from the instance and re-instantiated a new EC2 instance from this AMI, setting the keypair in the process to ensure HTTP, RDP etc are permitted. The EC2 instance is running, but when I download teh RDP shortcut if fails to connect. I've tried rebooting the instance several times (as this was one of the suggested solutions on here when I searched) but it hasn't helped.
I also cannot ping any of these instances via the public DNS or private DNS.
Any idea what I'm doing wrong? I'm not even getting as far as the password prompt, its the connectivity is the problem.
Thanks
I had a similar problem - this is the tip from the AWS documentation that helped me solve it:
Verify that the route table for the subnet has a route that sends all traffic
destined outside the VPC (0.0.0.0/0) to the Internet gateway for the VPC
Additional debugging tips for this problem can be found here: Remote Desktop can't connect to the remote computer
The problem is probably the security group configuration attached to the instance. Make sure you have inbound TCP port 3389 permitted to be able to connect via RDP.
in username type:
.\Administrator
....and your decrypted password
See, this is local user. but you dont know real local hostname, that different from public DNS name.
Was helpful for me, hope for you too.
My guess for the reason you aren't getting anywhere has to do with the host certificates.
Be mindful that each computer connecting to the server via RDP needs to have an IAM user in AWS with an X.509 certificate uploaded to their account.
When importing or creating a windows AMI it is best to install and configure the EC2Config service.
The EC2 Config service does the following when you launch the instance:
At initial setup:
Sets the hostname to the private DNS name
Generates and sets a random password on the Administrator account
Initializes and formats the ephemeral disks
Generates and installs the host certificate used for Terminal
Services
Syncs the instance clock with a time server
After initial setup:
Writes the last three entries in the System event log to the Amazon
EC2 console so you can debug startup problems.
Prepares instances for bundling
Also, by default, security groups do not allow you to ping the instances. You must enable ICMP in the security group.
Hope that helps.
EDIT: Here is the link to the 64bit version of the EC2Config Installer
I also had the same problem. This is what I got from EC2.
Public DNS ec2-23-22-109-251.compute-1.amazonaws.com
User name Administrator
Password MyPassword
On the remote desktop, enter the domain and user name as
ec2-23-22-109-251\Administrator
If you paste the password is may not work, try to paste it but reenter the last 1 or 2 characters. Once you get the security certificate prompt accept/install it and your connection should open soon.
This is what worked for me:
Use your cell phone as a "hot spot" - which gives you a static IP address. That worked. Now, I'll need to contact my Internet provider to assign a static IP to my wireless router. Currently, it is spitting out DHCP IP addresses.
UPDATE:
12.7.2016
You need to go to the Security Group, select the Instance, then EDIT the RDP. If you click "MyIP" that should work for those of us working from home. If you are onsite, you may need to put in a custom CIDR.
After rebooting an EC2 instance, I found that I needed to reassociate the Elastic IP address associated with the instance. You click the button below then select the instance and private instance IP address when prompted.
RDP access worked after this step.
After patching Windows 2019 on my server, I couldn't access the instance anymore despite all my working settings didn't change. I used EC2Rescue to fix my issue
Please refer to the link below for details on how to use it: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshoot-connect-windows-instance.html#AWSSupport-ExecuteEC2Rescue