Troubleshooting: Server Connection Errors

When connecting to a server, many aspects  can cause your connection to not complete correctly. Here are some aspects to check before jumping to conclusions.

Can You Connect to Other Sites on the Internet?

Access to other sites on the Internet may indicate local workstation or local network issues. If you can access other sites and services, then continue to test a few more elements.

Can You Access Your Server Through Other Means?

If you can’t access a single service like mail, FTP, SSH, etc., there may be an issue with a firewall, or perhaps something is listening on a port that is not the default.

Some common port numbers:

• FTP: 21
• SSH: 22 (commonly moved to a different port)
• POP3: 110 (with SSL 995)
• IMAP: 143 (with SSL 993)
• SMTP: 25 (with SSL 465)
• MySQL: 3306

A closed port will result in a “Connection Refused” message, rather than a failure message. Below is an example of an SSH connection attempt with a closed port.

If you are in the process of rebooting the server, this may also mean that the firewall has not started.  During this time, ports remain closed until the firewall has become fully active. Give the server a few moments to bring all of its services online including the firewall and retry connecting.

Are You Receiving an Authentication Error?

During this time, ports remain closed until the firewall has become fully active. If this is the case, you will get an “Unauthorized” or an “Authentication Failed” error. These mean that your login failed, but you still connected to the server. In a browser, attempts to connect to a website give a “403 Forbidden” if permissions on the server are incorrect. A “401 Unauthorized” message will appear if your credentials are not correct.

An example of a failed FTP login: Login failed: 530 Login incorrect

An example of a failed SSH login: Permission Denied

An example of a failed MySQL login: Access denied for user

Are You Receiving Some Other Security Message?

When connecting to any service that uses an SSL, you can sometimes run into a “Domain Mismatch” error. Essentially, this error means that the domain or hostname listed in the SSL is not attached to that server or service. You will then get a warning that the SSL does not match the thing you are requesting and that the connection is not secure. You can also receive an SSL error because the certificate is self-signed and not provided by a Certificate Authority.

So long as you know you are connecting to the correct server, you can safely ignore or continue past this error. The SSL on the server will be used to encrypt the connection between you and the server, and your connection will still be secure.

Self-signed SSL error presented in Firefox: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

Self-signed SSL error in Chrome: NET::ERR_CERT_AUTHORITY_INVALID

Using the IP address in a browser will always throw an error since SSL’s do not list IP addresses as matching entries. In the following example, using the curl tool shows an error: SSL: no alternative certificate subject name matches target hostname

Are You Receiving a Timeout Message?

If you get a timeout, then your IP may be blocked in either a hardware or software firewall. On cPanel servers, there is normally a firewall called CSF (ConfigServer Firewall), this interacts with another program called LFD (Login Failure Daemon).

If the LFD service sees too many failed logins or other suspicious activity from a given IP address, it will block that IP. Once blocked, the specified IPs will receive a timeout when attempting to connect to any port on the server. Below is an example of this when attempting to connect to SSH.

If you suspect blocked access to your VPS Cloud Server, you can remove the restriction through your Liquid Web account. If assistance is necessary, give us a call or put in a ticket including your public IP, and the server you are trying to access. Afterward, we can further assist with restoring access to the server.