Help Center/ Distributed Message Service for Kafka/ Troubleshooting/ Troubleshooting Kafka Connection Exceptions
Updated on 2024-11-20 GMT+08:00

Troubleshooting Kafka Connection Exceptions

Overview

This section describes how to troubleshoot Kafka connection problems.

Problem Classification

If the connection to a Kafka instance is abnormal, perform the following operations to troubleshoot the problem:

Checking the Network

Ensure that the client and the Kafka instance can be connected. If they cannot be connected, check the network.

For example, if you have enabled SASL for the Kafka instance, run the following command:

curl -kv {ip}:{port}

  • If the network is normal, information similar to the following is displayed:

  • If the network is abnormal or disconnected, information similar to the following is displayed:

Solution:
  1. Check whether the client and the Kafka instance are in the same VPC. If no, establish a VPC peering connection.
  2. Check whether the security group rules are correctly configured. For details, see How Do I Select and Configure a Security Group?

Checking Consumer and Producer Configurations

View logs to check whether the parameters printed during initialization of the consumer and producer are the same as those set in the configuration files.

If they are different, check the parameters in the configuration files.

Checking for Common Errors on Java Clients

  • Error 1: Domain name verification is not disabled.

    The following error information is displayed:

    Solution: Leave the ssl.endpoint.identification.algorithm parameter in the consumer.properties and producer.properties files empty to disable domain name verification.

    ssl.endpoint.identification.algorithm=
  • Error 2: SSL certificates fail to be loaded.

    The following error information is displayed:

    Solution:

    1. Check whether the client.jks file exists in the corresponding address.
    2. Check the permissions on the processes and files.
    3. Check whether the ssl.truststore.password parameter in the consumer.properties and producer.properties files is correctly set.
      ssl.truststore.password is the server certificate password, which must be set to dms@kafka and cannot be changed.
      ssl.truststore.password=dms@kafka 
  • Error 3: The topic name is incorrect.

    The following error information is displayed:

    Solution: Create a new topic or enable the automatic topic creation function.

Checking for Common Errors on the Go Client

The Go client fails to connect to Kafka over SSL and the error "first record does not look like a TLS handshake" is returned.

Solution: If the instance was created before January 2021, enable the TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 or TLS_RSA_WITH_AES_128_CBC_SHA256 cipher suite (both are disabled by default). If the instance was created in or after January 2021, enable the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher suite.