RDS login from SSMS is giving error 258


I had been using my RDS instance for 2 years now via SSMS. Since last couple of days, the RDS instance is giving me error 258. I have attached the error detail as - Error Screenshot

I have confirmed my security group is set to public and is available anywhere. I tried disabling my windows firewall, but nothing seems to help. Can either of you help me find a resolution to the same?

Will re-creating a snapshot and deleting the DB instance. and then rebuilding the DB instance from snapshot help?

1 Answer


I understand that you are getting the error 258 while connecting to RDS SQL Server using SSMS. You were able to connect to RDS SQL Server before and the RDS SQL Server security group is configured to public access.

You can check for the below most common scenarios for error 258.

  • The RDS DB instance is in a state other than available, so it can't accept connections.
  • RDS SQL Server instance is running on the custom port number other than the default port number 1433. Custom Port number should be specified in the connection string.
  • Your source to connect to the DB instance doesn't have authorization access in your security group, network access control lists (ACLs), or local firewalls.
  • The wrong DNS name or endpoint is used to connect to the DB instance.
  • For Multi-AZ DB instance failed over, the secondary DB instance uses a subnet or route table that doesn't allow inbound connections.
  • Even though security group is configured to allow everyone, check for the RDS subnet route table for the IGW and also RDS instance is configured for the public access
  • For connections outside VPC, be sure to use VPC peering or AWS Site-to-Site VPN to connect to your instance securely. With Site-to-Site VPN, you configure a customer gateway that allows you to connect your VPC to your remote network. You can use VPC peering by creating a peering connection between your source VPC and your instance's VPC to access the instance from outside its VPC.

You can also use the [AWSSupport-TroubleshootConnectivityToRDS](https://docs.aws.eifjcclrfhtujdceffchidlrcntcfrdfvcdhnengdvkt amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-troubleshootconnectivitytords.html) AWS Systems Manager Automation document to diagnose the issue for you. This automation document can diagnose network ACLs based on the primary IP address of the Amazon Elastic Compute Cloud (Amazon EC2) instance. However, ephemeral ports aren't verified. The automation doc also checks security groups based on the primary IP address of the EC2 instance, but that automation doesn't check specific ports. For more information, see Run an automation.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions