I recently had an issue with my production systems in which a MySQL server was blocking the application server, due to connection errors, and gave the following error:
Host 'xx.xx.xx.xx' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
I'd like to find a way to simulate this condition (or even trigger the actual condition on a non-production server), so I can respond to it properly. It's a pretty rare problem for my systems, but I'd still like to find a good way to respond to it.
You can avoid this problem by increase peer connections in mysql configurations
Logging to console/terminal with admin privileges
Flush all hosts using mysqladmin:
mysqladmin flush-hosts -u root -p
Open my.cnf (Linux) or my.ini (Windows) and change max_connect_error variable
max_connect_errors= 250000
Restart server with changes
To simulate error connection you can connect to MySQL server and then end connection before succesfull authentication. For example by netcat:
nc -i0.1 <hostname> 3306
Related
I am having the following problem since from a winform application I am trying to connect to my DATABASE and it gives me the following error
---------------- ErrorMysql.Data.MySqlClient.MySqlException host: my ip is blocked because of many connection error; unblock whith 'mysqladmin flus-hosts'--------
Please try the following steps:-
Verify the connection. Check the network connection to make sure that there’s no TCP/IP connectivity issue from your host
Increase the value of max_connect_errors. You should find the setting in the MySQL configuration file under the [mysqld] tag (my.ini on Windows, my.cnf on Unix/Linux) and edit the value of max_connect_errors.
For example:
[mysqld]
max_connect_errors=10000;
Or run this query:
SET GLOBAL max_connect_errors=10000;
Flush host cache. If you have shell access to the server, login and execute this command:
mysql -u root -p -e 'flush hosts'
From the SQL console, run this statement:
FLUSH HOSTS;
If all those methods didn’t work, try restarting the server. It should clear the host cache too.
I am currently trying to work through a guide to build an automated phone system using twilio and integrate it into MySQL database (https://www.twilio.com/blog/connect-local-database-twilio-functions). The issue I am having is that I am unable to connect to the MySQL server after tunneling with ngrok.
Here is the command I am running:
mysql --protocol=tcp --host=0.tcp.ngrok.io --port 18477 --user=root -p
When I press run, the terminal sits in idle for several minutes and then outputs:
ERROR 2003 (HY000): Can't connect to MySQL server on '0.tcp.ngrok.io' (110)
Here is a screenshot of ngrok:
I have followed the steps in https://linuxize.com/post/mysql-remote-access/ to further my knowledge on setting up remote access to mysql. At the bottom of the article, it says that this error typically means 'the port 3306 is not open, or the MySQL server is not listening on the IP address." I then followed the links provided and checked both of those. The second image looked at the listening aspect.
Upon encountering this error, I tried to do some research to see if I can track down the issue. I have zero networking experience, so I do not understand anything beyond client and server basics and such. I came across the mysql documentation (https://dev.mysql.com/doc/refman/8.0/en/can-not-connect-to-server.html).
It says, "if the server was started with skip_networking system variable, it will not accept TCP/IP connections at all." Furthermore, it goes on to say, "If the server was started with bind_address system variable set to 127.0.0.1, it will listen for TCP/IP connections only locally on loopback interface and will not accept remote connections."
I have already made the modifications that I have seen across various documentation and articles. Here are some images to show what I have set-up:
The image below is a screenshot from MySQL Workbench. My bind address is open to all and is not restricted to local connections (bind_address in etc/mysql/mysql.conf.d is commented out). Furthermore, port is set to 3306. Lastly, skip-networking is not checked so TCP/IP can occur.
To confirm that MySQL is listening on port 3306, I ran this lsof command with iTCP:3306. I believe this tells me that mysql is listening on 3306. I am not sure if USER refers to the user mysqld is running on, but if it is, I am not sure what this means in the context of root and other users.
I wish this seemed trivial, but with little networking knowledge, I can easily overlook something simple. Any additional information can be provided.
When you connect to MySql via the hostname set up by ngrok, don't use port 3306. Instead, use the port allocated for you by ngrok. In your example it's 18447.
I have a MySQL database server on a remote AWS Linux Machine. I can access this server by SSH.
However, I need to access this from my Windows computer and it's not working (using mysql -u root -p -h remoteAddress where remoteAddress in the IP address of my remote server). I also have a local MySQL server installed so mysql -u root -p -h localhost on Windows works normally.
I have read a lot on this but no solutions are working for me. The error I'm getting is:
Error 2003 (HY000): Can't connect to MySQL server on 'remoteAddress' (10060)
Now I have bind-address commented out in my my.cnf file and in addition using phpmyadmin, I can confirm that root can be accessed from anywhere (i.e. it says from %).
Even if I turn off the iptables service, I still get the same error.
Furthemore, if I type in netstat -tln | grep 3306, I get:
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
I don't care about the safety implications presently, I just want to get this working.
After reading the comments on my question I had an idea which led me to the solution. Everything on the server was set up properly except that AWS places a level of security on top of things which needs to be changed.
I simply added MySQL to the list of inbound traffic allowed in the security group settings and that solved it. I should have done this when creating the instance but didn't know that I would be using MySQL on the server at the time.
So I modified the security group to add MySQL traffic.
I know this was a really niche problem but I hope it helps someone if they find themselves in the same situation.
I don't know if this is a user error on my end, or if the remote server is configured incorrectly.
I was given some connection info for a server as follows:
Server IP
server username
keyfile
mysql user
mysql password
and I can shell in and run the "mysql" command with the mysql user and password I was given, but I can't setup a connection in either MySQL Workbench or in HeidiSQL.
In MySQL Workbench, the 'Standard TCP/IP over SSH' seemed to best fit the info I was given, but when I try to connect I get "Authentication error. Please check that your username and password are correct and try again." or "Authentication error opening SSH tunnel: Authentication error. Please check that your username and password are correct and try again." in the logfile.
In HeidiSQL the "MySQL (SSH tunnel)" seemed to best fit the info I was given, but when I try to connect there, I get "Lost connection to MySQL server at 'reading initial communication packet', system error:0"
I looked up both these errors and couldn't find anything for the first one, and the second one seemed to be more about server configuration. I'm not too savvy with server config, so I'm a bit stuck evaluating whether or not I'm doing something wrong on my end, or if something needs to be changed on the server. I'd appreciate some advice. Thanks!
You must be more specific about the credentials you got. Is "server IP" the IP address of the MySQL server or an SSH server? Is the "server username" the SSH user or something else (e.g. a regular user of the target machine)? In my tutorial video on Youtube I explained what you have to use where to create a connection, including SSH connections: https://www.youtube.com/watch?v=DCgRF4KOYIY
You have to check a couple configuration steps before you can perform a remote mysql connection:
First of all you must check that mysql default port(3306) is listening on the correct interface.
You can check this out using netstat command in the remote server:
# netstat -tulnp
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1111/mysqld
http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
Then you must check that the remote host is allowed to perform querys into mysql engine (you must check user and host permissions over your database).
Connect into terminal and run the following command in mysql prompt:
mysql> select user,host from mysql.user;
Check the following link to deep insight mysql user and hosts system:
https://dev.mysql.com/doc/refman/5.0/en/adding-users.html
Check user,host permissions over your database:
mysql> show grants for root#localhost;
https://dev.mysql.com/doc/refman/5.1/en/grant.html
You must check that remote host (client) exist for example: user#192.168.1.2
Finally if you are using putty to encrypt over ssh you connection please check that you rsa key fingerprint is added you can perform this just logging ssh using you putty client.
I get an error on my website (MySQL with TCP/IP connection)
Can't connect to local MySQL server
It sounds easy, perhaps, but not so easy to solve as would seem. At first i verified that mysqld process is running. Then connected to SSH server and started /etc/init.d/mysqld restart, but nothing has changed. Also i checked is the server running, using telnet your-host-name tcp-ip-port-number, just in case, but MySQL does not work on this port and shows another error: telnet: Unable to connect to remote host: Connection refused
The last i have tried is to run mysql with the skip-networking option, and it did not help as well as other attempts above. Any suggestions would be very appreciated.
This error normally means that MySQL is not running on the system or that you are using a wrong TCP/IP port number while trying to connect to the mysqld server.
Try to connect to the mysqld daemon on the local machine and check by mysqladmin variables, which TCP/IP port is configured to use mysqld (variable port).
Perhaps you are running MySQL-server with no corresponding privileges for the directory holding the socket file. In this case, either change the privilege for the directory or restart mysqld
Also this discussion might be interesting for you: http://community.office365.com/en-us/f/172/p/266451/815406.aspx
Unfortunately, i am not a pro and my advices can help not much, but that all what i found about your issue
This sounds like you are being blocked by the firewall on the server. You can disable the firewall for a quick test:
service iptables stop
service iptables start
This article will show you how to apply rules to the firewall to allow mysql access.
http://www.cyberciti.biz/tips/linux-iptables-18-allow-mysql-server-incoming-request.html
If you have SELinux, you have another set of problems which I can't help you with.
Sounds to me permission issue.
Does it run on the local machine?
If yes, then it might me possible it isn't allowed to listen any port(security purposes: mostly on a linux based server). Otherwise, Network user might not have permission granted to access mysql over internet.
As you say, if it's a website, I would never allow user access mysql directly but only the server shall: possible security breach otherwise.(you don't want your database to be dropped, do you?)
Well still, proper answer to you question resides here: http://dev.mysql.com/doc/refman/5.1/en/grant.html
and this might help:
Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server
Firstly, you should verify that MySQL is actually running by checking your processlist. On linux you could do that like this, note that you should see both mysqld_safe and then mysqld as two separate processes.
sudo ps auxwww|grep -i mysqld
If it is not running, I would check the MySQL error log for clues as to why it is not starting.
If you then verify that it is running, we can check to see what ports or unix sockets it is listening on like so. If this doesn't work, get the process ID of mysqld (not mysqld_safe) and try search for that with grep instead of 'mysql'
sudo netstat -anp|grep -i mysql
You'll obviously want to restart without skip-networking to see a TCP socket appear.
Based on the output of that, you should see both a unix socket and a tcp socket. Also check the address in the fourth column for the TCP socket, it will likely say either 127.0.0.1:3306 or 0.0.0.0:3306. The former means that you can only connect via localhost (127.0.0.1) and the latter means the connection will work on any IP address.
If you've gone through all of that and are still not sure why it is working, you could post the processlist and netstat outputs for further review, along with the exact settings you are using to try and connect to MySQL and indicate whether you are connecting from the same server (i.e. locally) or from another server over the network.
See also:
http://dev.mysql.com/doc/refman/5.6/en/can-not-connect-to-server.html