We have a MySQL server in one of the remote Virtual Machine (Windows Server 2008). Till yesterday we were able to connect to the MySQL server, with the help of workbench installed in our local machine.
Yesterday there was a restart to the machine which has the Virtual Machine installed. After that we are unable to connect to MYSQL. Though I can ping and remote connect this particular VM. I can even execute the queries inside the workbench installed in the VM.
I am not too good at networking or security related stuffs. Please help me to solve this issue.
Error :
Your connection attempt failed for user 'root' from your host to server at ABC:3306: Can't connect to MySQL server on 'ABC' (10060)
Really this could be a magnitude of possible reasons, hopefully this is a start:
Check basic network
From the MySQL virtual machine open up a command prompt and type IPCONFIG /ALL. This will show you all the IP addresses bound to different network adapters.
Check that the IP address you're connected to is listed there, the virtual machine might have got a new IP from DHCP rather than having a static IP after its restart.
Hostname vs IP
You should check the hostname resolution, from your quoted error it would suggest you are you are connecting to a hostname rather than a server IP. Check your machine can resolve to the hostname using the correct IP address - it could also be worth changing the hostname for the actual IP of the server in the connection string.
MySQL config file
You've said you're running MySQL on Windows, it was customary to rename the my.cnf to my.ini. The configuration file for older versions of MySQL previous to 4.1.5 was usually stored in either c:\my.ini or c:\windows\my.ini. For versions after this the default location is the installation directory usually %PROGRAMDATA%\MySQL\MySQL Server xxx.
When you have located the configuration file please open it on Notepad (or similar text editor), locate the [mysqld] section and make sure that port= the port you're trying to connect to and bind-address= the IP address you're trying to connect to.
Server ports
From the MySQL virtual server open a command prompt and type netstat –ano, this will show you a list of processes and what IP's / ports they are listening on. The MySQL server should be listed here and should be listening on the same port and IP as the config file defines.
Windows firewall
You should have a firewall rule to allow MySQL, the following will add one on the default port of 3306
netsh advfirewall firewall add rule name="MySQL Server" action=allow protocol=TCP dir=in localport=3306
Identify if this is machine specific
You could setup the MySQL Workbench application on another workstation and try to connect to identify if this is a global problem or just one related to your specific workstation.
mysql administrator of your database should allow remote connection to the mysql server.
change this in my.cnf:
bind-address = 127.0.0.1 # this shoul be your mysql server ip
and comment this:
# skip-networking
Chances are that your configuration was set up for an IP that has changed. By default, mysql won't let you connect from remote hosts unless you explicitly give permissions for a specific user on a specific schema or a group of schemas, for example if you did something like this:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'1.2.3.4' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Maybe what you actually did was to set the grant onto your own IP address, that is the address of your local machine, and if your local machine (not the remote server) has changed it's IP address, then mysql will not let you connect unless you have the "1.2.3.4" IP address which obviously you don't have anymore if you have a dynamic IP address (common with DSL/Cable connections)
So connect through SSH or Telnet or whatever you use to your windows server and go to mysql as root and do this:
SELECT * from information_schema.user_privileges;
That will show you the grants on all users and how they are allowed to connect. If you don't see your local IP Address listed there or a wildcard (which would allow you to connect from any remote machine to the server) then you have to set it up like this:
GRANT ALL PRIVILEGES ON *.* TO 'USERNAME'#'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
Where USERNAME of course is your user. See that after the on there is a wildcard / dot /wildcard that means you want that user to be able to connect to any schema (database, for mysql) from any user from any network. But I'd recommend that you only do the grant for the user for the specific schema you need to connect to.
Then after that, if you actually had the right information and still can't connect than use a portscanner like nmap or something like that to do a port scan and see if mysql is:
Open and listening to external network
Running on the port that you actually want to connect through
If 1 is true, then check 2 because maybe there is a misconfiguration of the port. But if any of these 2 points do work then it sounds definitely not like a network configuration but a user setting or something else.
GRANT ALL ON *.* to user#'%' IDENTIFIED BY 'password';
this command should do the trick for all users #Gustavo Rubio has already given the proper explanation.
To ensure what ports are open run cmd in the virtual machine and type.
netstat -a
TCP 127.0.0.1:3360 Hostname:3360 LISTENING
The my.cnf is located Mysql-install-path\MySQL\MySQL Server xxx make sure you backup original before changing
Can't connect to [local] MySQL server
Testing The MySQL Server Installation on Microsoft Windows
MySQL Workbench: Manage MySQL on Windows Servers the Windows way
For the first time you need to test and make sure your connection to mysql is not blocked by the firewall.
To disable the firewall on each host in your cluster, perform the following steps on each host.
1. Save the existing iptables rule set.
iptables-save > /root/firewall.rules
2. Disable iptables.
For RHEL, CentOS, Oracle, and Debian:
chkconfig iptables off
and
/etc/init.d/iptables stop
For SLES:
chkconfig SuSEfirewall2_setup off
and
rcSuSEfirewall2 stop
For Ubuntu:
service ufw stop
https://www.cloudera.com/documentation/enterprise/5-7-x/topics/install_cdh_disable_iptables.html
Depends on your setup, but if you're using cPanel just go to RemoteMYSQL and enter your host. You can also use a wildcard. Below worked for me when I was getting the error
"Could not connect to DB server '' as user ''. port : Host '' is not
allowed to connect to this MySQL server"
On MySQL v5.6 this may be the case.
When another server communicate by advertising its hostname instead of IP address, the resolution might fails (because your user is using IP address instead of hostname for example).
So, you need to disable the following,
skip-host-cache
skip-name-resolve
Or maybe create the user with appropriate hostname (instead of IP address). You may find the hostname when establishing the connection to the remote MySQL.
Related
I've installed MySQL on a Google Cloud Virtual Machine (debian buster). What I want to do is to make this accessible publicly (using username / password obviously).
As far as I can tell the server is visible from the outside world, as I can ping the IP and I get results, and I think I've set up a user correctly and given the appropriate permissions so I can log in.
For info, my firewall settings on GCP look like this (this is just the egress, there is one exactly the same for ingress):
Which I'm assuming is correct and leaves the correct port open?
The issue I have when I use MySQL Workbench is that when I try to create a new connection, it gives me the following error:
Your connection attempt failed for user 'username' to the MySQL server at [my ip address]:3306:
Unable to connect to localhost
Please:
1 Check that MySQL is running on address [my ip address]
2 Check that MySQL is reachable on port 3306 (note: 3306 is the default, but this can be changed)
3 Check the user username has rights to connect to [my ip address] from your address (MySQL rights define what clients can connect to the server and from which machines)
4 Make sure you are both providing a password if needed and using the correct password for [my ip address] connecting from the host address you're connecting from**
Any pointers would be gratefully received.
Update: What is really confusing me is the 'Unable to connect to localhost' error. I'm not trying to connect to localhost...?
Update 2: As per comments, results of the following commands:
Note I am trying to connect using the matprichardson username. The svc2toria user is pointing to my own IP address.
Mat, If you want to use your Google Cloud Instance Database using your MySQL workbench. I suggest you connect to it through an SSH tunnel. So, this problem won't happen. I also ran into this problem several times. Connecting through SSH made the job done.
But if your need is something else, this would not help you at all. If your only purpose is managing your database from your local machine using the MySQL workbench. This will work nicely. Create a USER in your Debian VM. and open port 22 to the public. Also, make sure to have strong credentials or a better key file when connecting through SSH. This method is working for every cloud VM database. I'm using this method for G-Cloud, Azure, and AWS. After all of your work is done. Close port 22 (SSH).
My best guess will be because of number 2. "Check that MySQL is reachable on port 3306 (note: 3306 is the default, but this can be changed)".
Your Virtual Machine will have network security controls / firewall which will be blocking port 3306 by default.
I don't use Google cloud but I believe you are looking for "network details" -> "Firewall rules".
did you change your mysqld.cnf already?
bind-address = 0.0.0.0
As none of the suggestions posted worked I went for the rather more nuclear option of deleting and rebuilding my VM and setting MySQL up again from scratch. I must have done something wrong in my initial setup, as things worked without any issues at all once I’d done this.
The location of the MySQL configuration file differs depending on the distribution.
In Ubuntu and Debian the file is located at /etc/mysql/mysql.conf.d/mysqld.cnf
while in Red Hat based distributions such as CentOS, the file is located at /etc/my.cnf
Open the file with your text editor :
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Search for a line that begins with bind-address and set its value to the IP address on which a MySQL server should listen.
By default, the value is set to 127.0.0.1 (listens only in localhost).
In this example, we’ll set the MySQL server to listen on all IPv4 interfaces by changing the value to 0.0.0.0
bind-address = 0.0.0.0
# skip-networking
If there is a line containing skip-networking, delete it or comment it out by adding # at the beginning of the line.
In MySQL 8.0 and higher, the bind-address directive may not be present. In this case, add it under the [mysqld] section.
Once done, restart the MySQL service for changes to take effect. Only root or users with sudo privileges can restart services.
To restart the MySQL service on Debian or Ubuntu, type:
sudo systemctl restart mysql
On RedHat based distributions like CentOS to restart the service run:
sudo systemctl restart mysqld
For more Detail Read Here
I deploy a mysql service on my company remote develop CentOS machine, I'm sure the service is turn on, and it can be access from an other reomte linux machine.
However, I can't connect it from my own Windows PC. I tried mysql workbench client and HeidiSQL client, both failed. I can ping through the remote IP address. I have tried anything I can found on google. Like
add bind-address = 127.0.0.1 to cnf file, and comment out the skip-networking.
I also tried the answer on another question Can't connect to remote server using MySQL Workbench on mac, which allow all machine can access to the service.
But my PC still can't connect to it, which report code 10060 error. So what should I do?
That bind-address = 127.0.0.1 config option means that your mysql server only accepts connections from the localhost, which is your actual CentOS machine. Make sure to set bind-address = 0.0.0.0.
Also, make sure that:
you have connectivity from your windows machine to the CentOS one
no firewall blocks the external connections to the local mysql port
Regarding potential security concerns from opening your mysql instance to the whole internet - first make it work, then make it better
I had the same issue here man,and i discovered that we need to create a user that isnt the root user. I my case, i don't know why yet, the issue was that.
The solution
Steps:
1 - Check the firewall (create a rule for port 3306 or disable it).
2 - Comment the line # bind-address=0.0.0.0 at [mysqld] config optin in C:\ProgramData\MySQL\MySQL Server 5.7\my.ini
3 - Create the user to remote access:
mysql> CREATE USER 'net'#'%' IDENTIFIED BY '123';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'net'#'%' WITH GRANT OPTION;
In my case, solved.
I have been using ubuntu 14.04 LTS OS and now i want to give permission of my local mysql server for my colleague system in my network. I need the answes for the following question,
How to bind my system IP address to mysql server. If i execute the command line "mysql -uroot -proot -h192.168.1.198", then received the error message below
ERROR 2003 (HY000): Can't connect to MySQL server on '192.168.1.198' (111)
Then how to give permission to other system user to access my local mysql server.
Your MySQL service is bound to serve localhost only (interface binding). This is the default for security reasons. If you really need to access it directly from other hosts, there is a nice How to enable remote access to MySQL on Ubuntu which you could follow:
as root, open your /etc/mysql/my.cnf with your favorite editor
look for the [mysqld] section, and in there for the bind-address keyword. This usually is set to 127.0.0.1 -- change that to match your "normal" IP-address
save the file, and reload the service (e.g. using service mysql restart)
Remember you must enable your remote users to access their database(s) from remote, by setting the appropriate GRANTs -- e.g.
GRANT ALL ON mydb.* TO remoteuser#'%' IDENTIFIED BY 'SomePASSWORD';
Note the #'%', which means "from any host".
Try to telnet MySql server from that PC
telnet 192.168.1.198 3306
If that fails there are two cases:
You have not properly opened MySql Server required ports (default: 3306)
Go to my.ini (or my.cnf) and comment out bind-address and change it to 0.0.0.0 (to listen to all available interfaces) or perhaps the server's LAN IP (192.168.1.XYZ).
I've bought a server from CloudAtCost.com and all the information it gives me about my server is Server ID, IP Address, Netmask, and Gateway. I can SSH in just fine, but I can't get MySQL Workbench to connect to it. I've tried both Standard (TCP/IP) and Standard TCP/IP Over SSH.
I figured it out. I was using "user" as my username when I needed to use "root".
MySQL server needs to be running.
Network connections need to be enabled.
You need to know what port MySQL is running on (default is 3306).
If reverse DNS lookup has not been disabled, MySQL has to be able to resolve IP address to hostname.
MySQL User has to be created and assigned a password, a username and host, host is either the specific host connecting or (less secure) a '%' wildcard for host. If DNS lookups are disabled, host will be an IP address.
Connections to the MySQL port (by default it's 3306) may be "blocked" by firewall...
There are a lot of possible reasons.
When we can't connect, there's usually a MySQL error message that indicates the kind of problem encountered.
But, my preference would be to only allow IP connections from 127.0.0.1. (We always turn off reverse dns lookups on our MySQL servers.)
I'd use ssh port forwarding (tunneling). Choose a port to use on your local machine, e.g. 13306, and configure SSH to "forward" connections to that port through the ssh connection...
You can configure that in the .ssh/config for the specific remote server, e.g.
Host remoteserver
LocalForward 13306 localhost:3306
You'd need to first ssh to the remoteserver, and keep that session open.
Then on your local machine, MySQL Workbench would connect to localhost port 13306. On the MySQL server side, that will be seen as coming from IP address 127.0.0.1,
Obviously, you'd need to have a user created, e.g.
GRANT USAGE ON *.* TO myusername#'127.0.0.1' IDENTIFIED BY 'mypassword'
And grant appropriate privileges.
Go to Mysql Workbench>Server Status>Note down the port number
and give hostname as localhost:your port number,usually its 3306
When I am at the office, MySQL runs on a specific server which is called "mysqldev". In my /etc/hosts file I have set "mysqldev" to match the IP of this server. So far, so good. However, when I am out of the office using my laptop, I want to use my local MySQL database, as I clone specific databases there and have no internet to connect to the office database. I do not want to change my scripts, but rather my laptop configuration. So on my laptop I have set in /etc/hosts:
127.0.0.1 localhost mysqldev
However, for some reason this does not work as expected. If I log in to MySQL using the server at localhost, all good. But when I try to log in on the mysqldev server (same IP as localhost), I get the error:
Warning: mysqli::mysqli() [mysqli.mysqli]: [2002] Connection refused (trying to connect via tcp://mysqldev:3306)
(this is using PHP, but using the command line it is the same error)
The users that are set up on the system have specific permission to log in on this server:
CREATE USER 'test'#'mysqldev' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON testdb.* TO 'test'#'mysqldev';
I have also turned off the firewall to test, and it does not make a difference. What could it be?
The MySQL client library tries to guess how to connect to your database. When you give localhost as the hostname, it assumes, that you're using a local socket (search your computer for a file named mysql.sock, probably under /var/lib/mysql or /usr/local/mysql/.
However, when you use anything else, like an ip address, a different hostname, or, in your case, mysqldev, it tries to connect to the host via tcp. From the error message, it seems as if your local mysql server is not listening on the tcp port 3306 (the mysql default)
Check, if your my.cnf (probably /etc/my.cnf or /etc/mysql/my.cnf) allows the use of tcp. If you find a line like
skip-networking
comment it out:
#skip-networking
and restart the server. Then try again to connect.
To find out, where your socket is, connect through localhost and issue the following command:
mysql> show global variables like '%socket%';
+---------------+-----------------------------+
| Variable_name | Value |
+---------------+-----------------------------+
| socket | /var/run/mysqld/mysqld.sock |
+---------------+-----------------------------+
If you are using MAMP Pro and are running into issues, you can simple uncheck the box labeled "Allow local access only" within the MySQL Server settings.