Resolved No remote MySQL connections after update

[petermeester]

Server operating system version

AlmaLinux 8.8 (Sapphire Caracal)

Plesk version and microupdate number

18.0.55

Hi guys,

I'm struggling with an issue after updating Plesk and system packages.
Before the update it was possible to remotely connect to the server for MySQL.

I've checked all possible parameters for enabling remote MySQL connections, but I can't find the issue.

My environment
Plesk Obsidian, v18.0.55 Update #1
OS: AlmaLinux 8.8
MariaDB: 10.3.35

I've excluded firewall related issues. MySQL (MariaDB) is binded to the address 0.0.0.0.
The server is listening on port 3306. In tcpdump the connection attempt is visible.
The MySQL user has remotely rights. The login details are correct.
SELinux is enabled but disabled for MySQL.

The error in telnet on my local computer: Connection refused
The error in telnet on another server: No route to host.

The IP-address is correct.

I don't know where to look further or how to debug deeper into this issue.

Thanks for your responses.

 

[petermeester]

Does anyone has a clue? I still can't figure this out. I'd really appreciate your help.

 

[Peter Debik]

Please look for the "bind-address" line in either /etc/my.cnf or files that are included in /etc/my.cnf and remove that line or comment it out. Then restart the database server to apply the updated configuration.

 

[petermeester]

Hi Peter, thanks for your reply. Unfortunately, this doesn't work either. I still get the message 'Cant connect to MySQL server (61)'. The IP address is allowed in the firewall. I can view the request via tcpdump, but there is no response back.

 

[Peter Debik]

Let's try another way: Please enter bind-address = :: into the "[mysqld]" section of /etc/my.cnf, then restart the database service.

 

[petermeester]

Thanks Peter! I've tried. Unfortunately, doesn't work either.
It's very weird. The remote connection stops directly after one single try.
- telnet port 3306 on localhost works
- telnet port 3306 on remote; connection refused
- ip address is whitelisted in firewall
- waf is off / fail2ban off /firewall off

ss -tuln | grep 3306
tcp LISTEN 0 80 *:3306 *:*

ps aux | grep mysql
mysql 1635835 0.2 3.5 1754576 132992 ? Ssl 23:10 0:00 /usr/libexec/mysqld --basedir=/usr

My other Plesk servers running on CentOS 7 has no problems with remote MySQL connections.
Do you have an idea how to investigate this further? I've spend already days on this issue.

 

[petermeester]

After one attempt, MySQL error (61) occurs.

For the test; when the firewall is on, and my IP is blocked, I can see multiple attempts till it's timed out.

Yesterday I've removed the imunify360 trail, cause I thought maybe this is the underlaying cause, but not..

tcpdump -i eth0 port 3306
11:19:49.378164 IP xx-xx-xx-xx.fixed.kpn.net.58457 > xxx-web1.ams.transip.xxx.nl.mysql: Flags , seq 4057149310, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1533848316 ecr 0,sackOK,eol], length 0

 

[petermeester]

If I compair with my other working servers (CentOS), I see this.

ps aux | grep mysql
mysql 1250 0.0 0.0 113416 684 ? Ss sep07 0:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql 1835 7.5 8.6 1664140 337360 ? Sl sep07 594:38 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock

ss -tuln | grep 3306
tcp LISTEN 0 50 *:3306 *:*

ps aux | grep mysql
mysql 1286 0.0 0.0 113416 1608 ? Ss sep07 0:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql 2091 0.8 2.1 2091392 347192 ? Sl sep07 66:03 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock

ss -tuln | grep 3306
tcp LISTEN 0 50 *:3306 *:*

These are identical. But for the AlmaLinux:

ps aux | grep mysql
mysql 1635835 0.2 3.5 1754576 132992 ? Ssl 23:10 0:00 /usr/libexec/mysqld --basedir=/usr

ss -tuln | grep 3306
tcp LISTEN 0 80 *:3306 *:*

Is this a difference in OS or can this maybe cause an issue?
I don't know.. I just try to figure this out. I almost want to set-up a new VPS..

 

[Peter Debik]

It needs to be check on the server. Please open a ticket https://support.plesk.com.

 

[petermeester]

When I want to submit a ticket it says my license key isn't valid. I think Plesk Support isn't included within my VPS license. Even when I do 'Retrieve Keys', the (same) key number doesn't work.

 

[Peter Debik]

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk-

 

[petermeester]

The VPS provider forwarded the case to Plesk. After the investigation, it appairs that firewalld, which is not supported by Plesk, was running in the background. I wasn't awair that it was enabled. Maybe during the system updates. I'm happy that the issue is resolved. Thank u for your assistance.