What Should I Do If I Fail to Connect to a DDS Instance?

Locate the fault from the following aspects:

1. Check whether the DB instance is available.

   For example, if the system is faulty, a DB instance is abnormal, or a DB instance or a table is locked.

2. (Common) Check whether the client connection is correct.
   1. Download the database installation package from the official website. For details, see How Can I Install a MongoDB Client?
   2. Use a MongoDB client 4.0 or later to connect to the DB instance.
   3. If you connect to a DB instance over a private network, ensure that the DB instance and ECS are in the same region and VPC.
   4. If you connect to a DB instance over a public network, bind an EIP to the DB instance and then connect to the DB instance through the EIP.
3. Check the connection method.

   Run the following commands to enable and disable SSL on the console: Example:

   • Enable SSL: ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p--authenticationDatabaseadmin--ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames
   • Disable SSL: ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p --authenticationDatabase admin
4. Check whether the parameters in the connection command are incorrect.

   Check whether the following parameters are configured incorrectly: connection address, port number, username, password, and connection method.

5. (Common) Check whether the network connectivity is normal.

   Table 1 Network connectivity

   Access Method	Connectivity Check
   Through a private network	Ensure that the ECS and DDS instance are in the same region and VPC. If the ECS and DDS instance are in different VPCs, set up a VPC peering connection to enable network communication between the two VPCs. Check security group rules. To access a DDS cluster instance in a different security group from the ECS, add an inbound rule for the security group. On the ECS, check whether the DDS instance port can be connected.
   Through a public network	Check security group rules. To access a DDS cluster instance in a different security group from the ECS, add an inbound rule for the security group. Check network ACL rules. Ping the instance from an ECS in the same region.
   Cross-CIDR block access (configuring IP address mapping)	When you attempt to connect to a replica set instance over a private network, if the client and replica set instance are deployed in different CIDR blocks and the client's CIDR block is not within 192.168.0.0/16, 172.16.0.0/24, or 10.0.0.0/8, configure cross-CIDR access for the instance to enable network connectivity. Ensure that the source ECS is connected to the instance node. If the network is not reachable, configure network connectivity by referring to VPC Peering Connection. For details about how to configure cross-CIDR block access, see Configuring Cross-CIDR Access.

6. (Common) Check whether the number of connections to the DB instance reaches the upper limit.

   If there is an excessive number of database connections, applications may fail to be connected.

7. (Common) Check whether the disk is full.

   If the instance disk usage is too high, the instance status is abnormal and the instance cannot be connected.

8. Check whether the CPU usage is too high.

   The CPU usage is high or close to 100%. As a result, data read/write processing is slow, connections cannot be obtained, and errors are reported, affecting service running.

9. View the common connection error messages.

   Find corresponding solutions based on connection error messages.

1. Check whether the DB instance is available.

   Check method: Check whether the database instance status is Available on the console.

   Possible cause: The DDS system is faulty, the instance status is abnormal, or the instance or table is locked.

   Solution

   • If the DDS instance is abnormal, submit a service ticket.
   • If the system is faulty or the instance or table is locked, restart the instance. For details, see Restarting an Instance.
   Figure 1 Checking the instance status
   
2. Check whether the client connection is correct.

   You are advised to use a MongoDB client of version 4.0 or later to connect to the instance. For details about how to install a MongoDB client, see How Can I Install a MongoDB Client?

   The following uses connecting to a cluster as an example:

   1. For details about how to connect to a DB instance over a private network, see Connecting to a DB Instance over a Private Network.
   2. For details about how to connect to a DB instance over a public network, see Connecting to a DB Instance over a Public Network.

   Table 2 Connection methods

   Method	Scenario
   Private network	DDS provides a private IP address by default. If your applications are deployed on an ECS that is in the same region and VPC as the DB instance, you are advised to connect to the ECS and DB instance through a private IP address.
   Public network	If you cannot access the DB instance over a private IP address, bind a public gateway to connect the ECS (or public host) and the DDS instance.

3. Check the connection method.

   Table 3 Instance connection

   Connection Method	Description
   SSL mode (Recommended)	Enable SSL on the Connections page and upload the certificate to the ECS. ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p--authenticationDatabaseadmin--ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames Figure 2 Enabling SSL
   Standard mode	Disable SSL on the Connections page. ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p --authenticationDatabase admin Figure 3 Disabling SSL

4. Check whether the parameters in the connection command are incorrect.

   Ensure that the connection address, port, username and password are correct, and try to connect to the DB instance again in SSL mode.

   • Example of connecting to a cluster instance over a private network using SSL: ./mongo mongodb://rwuser:<password>@<DB_HOST>:<DB_PORT>,<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

     Table 4 Parameters

     Parameter	Description
     Connection address	Obtain the connection information in the Address column on the Instances page. Figure 4 Connection address
     Database port	On the Private Connection tab of the Connections page, find the Database Port field.
     Username and password	If the password of the root administrator is incorrect or you forget the password, reset the administrator password.
     Certificate	Obtain the SSL certificate name from the directory where the command is executed.

   • Example of connecting to a cluster instance over a public network using SSL: ./mongo mongodb://rwuser:<password>@<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

     Table 5 Parameters

     Parameter	Description
     Connection address	Click the instance name. On the Public Connection tab of the Connections page, obtain the public connection address in the Public Network Connection Address field.
     Database port	On the Public Connection tab of the Connections page, find the Database Port field.
     Username and password	If the password of the root administrator is incorrect or you forget the password, reset the administrator password.
     Certificate	Obtain the SSL certificate name from the directory where the command is executed.

5. Check whether the network connection is normal.

   Table 6 Network connectivity

   Access Method	Connectivity Check
   Through a private network	Check whether the ECS and DDS instance are in the same region and VPC. If they are in different regions, they cannot communicate with each other. To reduce network latency, deploy your DB instance in the region nearest to your workloads. If they are in different VPCs, set up a VPC peering connection to enable network communication between the two VPCs. Check security group rules. To access a DDS instance in a different security group from the ECS, add an inbound rule for the security group. On the ECS, check whether the DDS instance port can be connected. telnet <DB-instance-address> {8635} If the connection succeeds, the network is reachable. If the connection fails, submit a service ticket.
   Through a public network	Check security group rules. To access a DDS instance in a different security group from the ECS, add an inbound rule for the security group. Check network ACL rules. Go to the Network ACLs page. Check whether the NIC to which the EIP is bound belongs to the subnet associated with the network ACL. Check whether the network ACL is enabled. If it is enabled, add an ICMP rule to allow traffic. The default network ACL rule denies all inbound and outbound packets. This default rule is still applied even if the network ACL is disabled. Ping the instance from an ECS in the same region. If the ECS cannot ping the EIP bound to the DDS instance, try pinging the same EIP from another ECS in the same region. If the ping succeeds, the network is reachable. In this case, submit a service ticket.
   Cross-CIDR block access (configuring IP address mapping)	When you attempt to connect to a replica set instance over a private network, if the client and replica set instance are deployed in different CIDR blocks and the client's CIDR block is not within 192.168.0.0/16, 172.16.0.0/24, or 10.0.0.0/8, configure cross-CIDR access for the instance to enable network connectivity. Ensure that the source ECS is connected to the instance node. If the network is not reachable, configure network connectivity by referring to VPC Peering Connection. For details about how to configure cross-CIDR block access, see Configuring Cross-CIDR Access.

6. Check whether the number of connections to the DB instance reaches the upper limit.
   1. Check whether the number of connections to the DB instance has reached the upper limit. For details, see How Do I Query and Limit the Number of Connections?

      If the number of instance connections reaches the upper limit, see What Can I Do If the Number of Connections of an Instance Reaches Its Maximum?

   2. Check whether any metrics are abnormal and whether any alarms are generated on the Cloud Eye console. Cloud Eye monitors database metrics, such as the CPU usage, memory usage, storage space usage, and database connections, and allows you to set alarm policies to identify risks in advance if any alarms are generated.
7. Check whether the disk is full.

   Check method: View the storage space usage on the management console or Cloud Eye.

   • On the management console

     Locate the target instance and click its name to go to the Basic Information page. In the Storage Space area, view the storage space usage.

     Figure 5 Storage space
     
   • On Cloud Eye

     Locate the target instance and click View Metric in the Operation column. On the displayed page, view the storage space usage.

   Possible cause: When the instance status is Storage full, scale up the storage until the storage usage drops below 80%. Then the instance will return to an available state and resume normal write operations.

   Solution:

   • As your service data grows, the original storage space may be insufficient. You are advised to scale up storage space. For details, see Scaling Up Storage Space.
   • Process expired data files in a timely manner.
   • Check whether any metrics are abnormal and whether any alarms are generated on the Cloud Eye console. Cloud Eye monitors database metrics, such as the CPU usage, memory usage, storage space usage, and database connections, and allows you to set alarm policies to identify risks in advance if any alarms are generated.
8. Check whether the CPU usage is too high.

   The CPU usage is high or close to 100%. As a result, data read/write processing is slow, connections cannot be obtained, and errors are reported, affecting service running.

   Solution: For details, see What Should I Do If CPU Usage Is Unusually High?

9. View common connection error messages.
   • Connection failure message: network error while attempting to run command 'isMaster'

     An error is reported when you run the following command to connect to a DDS DB instance:

     ./mongo --host 192.168.168.182 --port 8635 -u rwuser -p xxxxxxxxxx --authenticationDatabase admin

     Figure 6 Connection failed
     

     For details about how to rectify the fault, see Connection Failure Message: network error while attempting to run command 'isMaster'.

   • Connection failure messages: No route to host and connection attempt failed

     An error is reported when you run the following command to connect to a DDS DB instance:

     mongo --host 192.168.1.6 --port 8635 -u rwuser -p xxxxxxxxx --authenticationDatabase admin --ssl --sslCAFile /root/ca.crt --sslAllowInvalidHostnames

     Error message:

     MongoDB shell version v3.4.17
     connecting to: mongodb://192.168.1.6:8635/
     2019-09-19T09:38:36.954+0800 W NETWORK  [thread1] Failed to connect to 192.168.1.6:8635, in(checking socket for error after poll), reason: No route to host
     2019-09-19T09:38:36.954+0800 E QUERY    [thread1] Error: couldn't connect to server 192.168.1.6:8635, connection attempt failed :
     connect@src/mongo/shell/mongo.js:240:13
     @(connect):1:6
     exception: connect failed

     For details about how to rectify the fault, see Connection Failure Messages: "No route to host" and "connection attempt failed".

   • Connection failure messages: No route to host and connection attempt failed

     An error is reported when you run the following command to connect to a DDS DB instance:

     mongo --host 192.168.168.116 --port 8635 -u rwuser -p xxxxxxxxx --authenticationDatabase admin --ssl --sslCAFile /root/ca.crt --sslAllowInvalidHostnames

     Error message:

     MongoDB shell version v3.4.17
     connecting to: mongodb://192.168.168.116:8635/
     2019-09-19T09:39:24.306+0800 W NETWORK  [thread1] The server certificate does not match the host name. Hostname: 192.168.168.116 does not match CN: 172.16.2.65
     MongoDB server version: 4.0.3
     WARNING: shell and server versions do not match
     2019-09-19T09:39:24.329+0800 E QUERY    [thread1] Error: Authentication failed. :
     DB.prototype._authOrThrow@src/mongo/shell/db.js:1461:20
     @(auth):6:1
     @(auth):1:2
     exception: login failed

     For details about how to rectify the fault, see Connection Failure Messages: "No route to host" and "connection attempt failed".

   • Connection failure message: couldn't connect to server.

     An error is reported when you run the following command to connect to a DDS DB instance:

     mongo --host 192.168.64.201 --port 8635 -u rwuser -p xxxxxxxxx --authenticationDatabase admin --ssl --sslCAFile /root/ca.crt --sslAllowInvalidHostnames

     Error message:

     MongoDB shell version v3.4.17
     connecting to: mongodb://192.168.64.201:8635/
     2019-09-19T09:45:48.168+0800 W NETWORK  [thread1] Failed to connect to 192.168.64.201:8635 after 5000ms milliseconds, giving up.
     2019-09-19T09:45:48.168+0800 E QUERY    [thread1] Error: couldn't connect to server 192.168.64.201:8635, connection attempt failed :
     connect@src/mongo/shell/mongo.js:240:13
     @(connect):1:6
     exception: connect failed

     For details about how to rectify the fault, see Connection Failure Message: "couldn't connect to server".

   • Connection failure message: cannot list multiple servers in URL without 'replicaSet' option

     An error is reported when you run the following command to connect to a DDS replica set instance:

     ./mongo mongodb://rwuser:xxxxxxxxxxx@192.168.168.116:8635,192.168.200.147:8635/test?authSource=admin&replicaSet=replica

     Error message:

     FailedToParse: Cannot list multiple servers in URL without 'replicaSet' option try 'mongo --help' for more information.

     An error is reported when you run the following command to connect to a DDS DB instance that is compatible with MongoDB 3.4:

     mongo "mongodb://rwuser:xxxxxxxxx@192.168.95.167:8635,192.168.92.43:8635/test?authSource=admin"

     Error message:

     FailedToParse: Cannot list multiple servers in URL without 'replicaSet' option
     try 'mongo --help' for more information.

     For details, see Connection Failure Message: cannot list multiple servers in URL without 'replicaSet' option.

   • Connection failure message: Timeout while receiving message.

     An error is reported when you run the following command to connect to a DDS DB instance through Java driver:

     Error message:

     org.springframework.data.mongodb.UncategorizedMongoDbException: Timeout while receiving message; nested exception is com.mongodb.MongoSocketReadTimeoutException: Timeout while receiving message

     For details about how to rectify the fault, see Connection Failure Message: "Timeout while receiving message".

   • Connection failure messages: exception: login failed and U_STRINGPREP_PROHIBITED_ERROR

     An error is reported when you run the following command to connect to a DDS DB instance:

     ./mongo "mongodb://rwuser:xxxxxx@192.168.0.45:8635,192.168.0.96:8635/test?authSource=admin&replicaSet=replica"

     Error message:

     MongoDB shell version v4.0.3
     connecting to: mongodb://192.168.0.45:8635,192.168.0.96:8635/test?authSource=admin&replicaSet=replica
     2021-11-05T05:52:53.717+0000 I NETWORK  [js] Starting new replica set monitor for replica/192.168.0.45:8635,192.168.0.96:8635
     2021-11-05T05:52:53.718+0000 I NETWORK  [ReplicaSetMonitor-TaskExecutor] Successfully connected to 192.168.0.45:8635 (1 connections now open to 192.168.0.45:8635 with a 5 second timeout)
     2021-11-05T05:52:53.718+0000 I NETWORK  [js] Successfully connected to 192.168.0.96:8635 (1 connections now open to 192.168.0.96:8635 with a 5 second timeout)
     Implicit session: session { "id" : UUID("5945d2a5-8275-4e3c-b06f-632f062a2ead") }
     MongoDB server version: 4.0.3
     2021-11-05T05:52:53.722+0000 I NETWORK  [js] Marking host 192.168.0.96:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.96:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
     2021-11-05T05:52:53.722+0000 I NETWORK  [js] Successfully connected to 192.168.0.45:8635 (1 connections now open to 192.168.0.45:8635 with a 0 second timeout)
     2021-11-05T05:52:53.723+0000 I NETWORK  [js] Marking host 192.168.0.45:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.45:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
     2021-11-05T05:52:53.724+0000 I NETWORK  [js] Marking host 192.168.0.96:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.96:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
     2021-11-05T05:52:53.725+0000 I NETWORK  [js] Marking host 192.168.0.45:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.45:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
     2021-11-05T05:52:53.725+0000 E QUERY    [js] Error: can't authenticate against replica set node 192.168.0.45:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR :
     DB.prototype._authOrThrow@src/mongo/shell/db.js:1685:20
     @(auth):6:1
     @(auth):1:2
     exception: login failed

     For details about how to rectify the fault, see Connection Failure Messages: exception: login failed and U_STRINGPREP_PROHIBITED_ERROR.

10. If the problem persists, submit a service ticket.