Troubleshooting Kafka Connection Exceptions
Overview
This section describes how to troubleshoot Kafka connection problems.
Problem Classification
If the connection to a Kafka instance is abnormal, perform the following operations to troubleshoot the fault:
Checking the Network
Before connecting to a Kafka instance, ensure that the client and the instance are interconnected. If they cannot be connected, check the network connection.
For example, if you have enabled SASL_SSL to access the Kafka instance, run the following command:
curl -kv {ip}:{port}
- If the network is normal, information similar to the following is shown:
- If the network is abnormal or disconnected, information similar to the following is shown:
- Check whether the client and the Kafka instance are in the same VPC. If they are not in the same VPC, refer to Do Kafka Instances Support Cross-VPC Access?
- Check whether the security group rules are correctly configured. For details, see How Do I Select and Configure a Security Group?
Checking Consumer and Producer Configurations
View logs to check whether the parameters printed during the initialization of the consumer and producer are the same as those set in the configuration files.
If they are different, check the parameters in the configuration file.
Common Errors on Java Clients
- Domain name verification enabled
The following error is displayed:
Solution: Check the consumer.properties and producer.properties files, in which the ssl.endpoint.identification.algorithm parameter must be left empty, indicating that domain name verification is disabled.
ssl.endpoint.identification.algorithm=
- SSL certificate failing to be loaded
The following error is displayed:
Solution:
- Check whether the client.truststore.jks file exists in the corresponding address.
- Check the permissions on the processes and files.
- Check whether the ssl.truststore.password parameter in the consumer.properties and producer.properties files is correctly set.
ssl.truststore.password is the server certificate password, which must be set to dms@kafka and cannot be changed.
ssl.truststore.password=dms@kafka
- Incorrect topic name
The following error is displayed:
Solution: Create another topic or enable the automatic topic creation function.
Connections FAQs
- Troubleshooting Kafka Connection Exceptions
- How Do I Select and Configure a Security Group?
- Can I Access a Kafka Instance Over a Public Network?
- How Many Connection Addresses Does a Kafka Instance Have by Default?
- Do Kafka Instances Support Cross-Region Access?
- Do Kafka Instances Support Cross-VPC Access?
- Do Kafka Instances Support Cross-Subnet Access?
- Does DMS for Kafka Support Authentication with Kerberos?
- Does DMS for Kafka Support Password-Free Access?
- Obtaining Kafka Clients
- How Do I Obtain the Public Access Address After Public Access Is Enabled?
- Does DMS for Kafka Support Authentication on Clients by the Server?
- Can I Use PEM SSL Truststore When Connecting to a Kafka Instance with SASL_SSL Enabled?
- What Are the Differences Between JKS and CRT Certificates?
- Which TLS Version Does DMS for Kafka Support?
- Is There a Limit on the Number of Client Connections to a Kafka Instance?
- How Many Connections Are Allowed from Each IP Address?
- Can I Change the Private Network Addresses of a Kafka Instance?
- Is the Same SSL Certificate Used for Different Instances?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more