Help Center/ Distributed Message Service for Kafka/ FAQs/ Connections/ Troubleshooting Kafka Connection Exceptions
Updated on 2022-11-15 GMT+08:00

Troubleshooting Kafka Connection Exceptions

Overview

This section describes how to troubleshoot Kafka connection problems.

Problem Classification

If the connection to a Kafka instance is abnormal, perform the following operations to troubleshoot the fault:

Checking the Network

Before connecting to a Kafka instance, ensure that the client and the instance are interconnected. If they cannot be connected, check the network connection.

For example, if you have enabled SASL_SSL to access the Kafka instance, run the following command:

curl -kv {ip}:{port}

  • If the network is normal, information similar to the following is shown:

  • If the network is abnormal or disconnected, information similar to the following is shown:

Solution:
  1. Check whether the client and the Kafka instance are in the same VPC. If they are not in the same VPC, refer to Do Kafka Instances Support Cross-VPC Access?
  2. Check whether the security group rules are correctly configured. For details, see How Do I Select and Configure a Security Group?

Checking Consumer and Producer Configurations

View logs to check whether the parameters printed during the initialization of the consumer and producer are the same as those set in the configuration files.

If they are different, check the parameters in the configuration file.

Common Errors on Java Clients

  • Domain name verification enabled

    The following error is displayed:

    Solution: Check the consumer.properties and producer.properties files, in which the ssl.endpoint.identification.algorithm parameter must be left empty, indicating that domain name verification is disabled.

    ssl.endpoint.identification.algorithm=
  • SSL certificate failing to be loaded

    The following error is displayed:

    Solution:

    1. Check whether the client.truststore.jks file exists in the corresponding address.
    2. Check the permissions on the processes and files.
    3. Check whether the ssl.truststore.password parameter in the consumer.properties and producer.properties files is correctly set.
      ssl.truststore.password is the server certificate password, which must be set to dms@kafka and cannot be changed.
      ssl.truststore.password=dms@kafka 
  • Incorrect topic name

    The following error is displayed:

    Solution: Create another topic or enable the automatic topic creation function.

Common Errors on the Go Client

The Go client fails to connect to Kafka over SSL and the error "first record does not look like a TLS handshake" is returned.

Solution: Enable the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite (which is disabled by default).