Help Center/ Document Database Service/ FAQs/ Database Connection/ What Should I Do If I Fail to Connect to a DDS Instance?
Updated on 2023-02-28 GMT+08:00

What Should I Do If I Fail to Connect to a DDS Instance?

Possible Causes

Locate the fault from the following aspects:

  1. Check whether the DB instance is available.

    For example, if the system is faulty, a DB instance is abnormal, or a DB instance or a table is locked.

  2. (Common) Check whether the client connection is correct.
    1. Download the database installation package from the official website. For details, see How Can I Install a MongoDB Client?
    2. Use a MongoDB client 4.0 or later to connect to the DB instance.
    3. If you connect to a DB instance over a private network, ensure that the DB instance and ECS are in the same region and VPC.
    4. If you connect to a DB instance over a public network, bind an EIP to the DB instance and then connect to the DB instance through the EIP.
  3. Check the connection method.

    Run the following commands to enable and disable SSL on the console: Example:

    • Enable SSL: ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p--authenticationDatabaseadmin--ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames
    • Disable SSL: ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p --authenticationDatabase admin
  4. Check whether the parameters in the connection command are correct.

    Check whether the following parameters are configured correctly: connection address, port number, username, password, and connection method.

  5. (Common) Check whether the network connectivity is normal.
    Private network connection
    1. Ensure that the ECS and DDS instance are in the same region and VPC.

      If the ECS and DB instance are in different VPCs, set up a VPC peering connection to enable network communication between the two VPCs.

    2. Check security group rules.
      1. To access a cluster instance in a different security group from the ECS, add an inbound rule for the security group.
    3. On the ECS, check whether the DB instance port can be connected.

    Public network connection

    1. Check security group rules.
      1. To access a cluster instance in a different security group from the ECS, add an inbound rule for the security group.
    2. Check network ACL rules.
    3. Ping the ECS to the DB instance in the same region.

    Cross-CIDR block access (configuring IP address mapping)

    If a client and a replica set instance are deployed in different CIDR blocks and the client is not in 192.168.0.0/16, 172.16.0.0/24, or 10.0.0.0/8, configure Cross-CIDR Access for the instance to communicate with the client.

    1. Ensure that the source ECS can communicate with the instance node. If the network is abnormal, configure the network settings by referring to VPC Peering Connection.
    2. For details about how to configure cross-CIDR block access, see Configuring Cross-CIDR Access.
  6. (Common) Check whether the number of connections to the DB instance reaches the upper limit.

    If there is an excessive number of database connections, applications may fail to be connected.

  7. (Common) Check whether the disk is full.

    If the instance disk usage is too high, the instance status is abnormal and the instance cannot be connected.

  8. Check whether the CPU usage is too high.

    The CPU usage is high or close to 100%. As a result, data read/write processing is slow, connections cannot be obtained, and errors are reported, affecting service running.

  9. View the common connection error messages

    Find corresponding solutions based on connection error messages.

Fault Locating

  1. Check whether the DB instance is available.

    Check method: Check whether the database instance status is Available on the console.

    Possible cause: The DDS system is faulty, the instance status is abnormal, or the instance or table is locked.

    Solution

    • If the DDS instance status is abnormal, contact O&M personnel.
    • If the system is faulty or the instance or table is locked, restart the instance. For details, see Restarting an Instance.
    Figure 1 Checking the instance status
  2. Check whether the client connection is correct.

    You are advised to use a MongoDB client of version 4.0 or later to connect to the instance. For details about how to install a MongoDB client, see How Can I Install a MongoDB Client?

    The following uses connecting to a cluster as an example:

    1. For details about how to connect to a DB instance over a private network, see Connecting to a DB Instance Over Private Networks.
    2. For details about how to connect to a DB instance over a public network, see Connecting to a DB Instance Over Public Networks.
    Table 1 Connection methods

    Method

    Scenario

    Private network

    DDS provides a private IP address by default.

    If your applications are deployed on an ECS that is in the same region and VPC as the DB instance, you are advised to connect to the ECS and DB instance through a private IP address.

    Public network

    If you cannot access the DB instance over a private IP address, you are advised to bind an EIP to the DB instance and then connect to the DB instance through the EIP.

    For EIP pricing details, see EIP billing details.

  3. Check the connection method.
    1. SSL connection is recommended. Enable SSL on the Connections page and upload the certificate to the ECS.
      ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p--authenticationDatabaseadmin--ssl --sslCAFile<FILE_PATH> --sslAllowInvalidHostnames
      Figure 2 Enabling SSL
    2. Unencrypted connection: Disable SSL on the Connections page.

      ./mongo --host<DB_HOST>--port<DB_PORT>-u<DB_USER>-p --authenticationDatabase admin

      Figure 3 Disabling SSL
  4. Check whether the parameters in the connection command are correct.

    Ensure that the connection address, port, username and password are correct, and try to connect to the DB instance again in SSL mode.

    SSL private network connection example:./mongo mongodb://rwuser:<password>@<DB_HOST>:<DB_PORT>,<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

    • Connection address

      The connection information can be obtained in the Address column on the Instances page.

      Figure 4 Connection address
    • Database port

      On the Private Connection tab of the Connections page, obtain the database port in the Database Port field.

    • Username and password

      If the password of the root administrator is incorrect or you forget the password, reset the administrator password.

    • Certificate

      Obtain the SSL certificate name from the directory where the command is executed.

    SSL public network connection example:./mongo mongodb://rwuser:<password>@<DB_HOST>:<DB_PORT>/test?authSource=admin --ssl --sslCAFile <FILE_PATH> --sslAllowInvalidHostnames

    • Connection address

      Click the instance name. On the Public Connection tab of the Connections page, obtain the public connection address in the Public Network Connection Address field.

    • Database port

      On the Public Connection tab of the Connections page, obtain the database port in the Database Port field.

    • Username and password

      If the password of the root administrator is incorrect or you forget the password, reset the administrator password.

    • Certificate

      Obtain the SSL certificate name from the directory where the command is executed.

  5. Check whether the network connection is normal.
    Private network connection
    1. Check whether the ECS and DDS instance are in the same region and VPC.
      • If the ECS and DB instance are in different regions, they cannot communicate with each other. Select a region near to your service area to reduce network latency and experience faster access.
      • If the ECS and DB instance are in different VPCs, set up a VPC peering connection to enable network communication between the two VPCs.
    2. Check security group rules.

      To access DB instances in a different security group from the ECS, add an inbound rule for the security group.

    3. On the ECS, check whether the DB instance port can be connected.
      telnet <DB instance address> {8635}
      • If the connection is normal, the network is normal.
      • If the connection fails, submit a to customer service for assistance.

    Public network connection

    1. Check security group rules.

      To access DB instances in a different security group from the ECS, add an inbound rule for the security group.

    2. Check network ACL rules.
      1. Go to the Network ACLs.
      2. Check whether the NIC bound to the EIP is in the subnet associated with the network ACL.
      3. Check whether the network ACL is enabled.

        If yes, add an ICMP rule to allow traffic.

      The default network ACL rule denies all inbound and outbound packets. After the network ACL is disabled, the default rule still takes effect.

    3. Ping the ECS to the DB instance in the same region.

      If you cannot ping the EIP on the original ECS, select another ECS in the same region and ping the EIP again. If the ping is successful, the network is normal. If the ping failed, .

    Cross-CIDR block access (configuring IP address mapping)

    If a client and a replica set instance are deployed in different CIDR blocks and the client is not in 192.168.0.0/16, 172.16.0.0/24, or 10.0.0.0/8, configure Cross-CIDR Access for the instance to communicate with the client.

    1. Ensure that the source ECS can communicate with the instance node. If the network is abnormal, configure the network settings by referring to VPC Peering Connection.
    2. For details about how to configure cross-CIDR block access, see Configuring Cross-CIDR Access.
  6. Check whether the number of connections to the DB instance reaches the upper limit.
    1. Check whether the number of connections to the DB instance has reached the upper limit. For details, see How Do I Query and Limit the Number of Connections?

      If the number of instance connections reaches the upper limit, see What Can I Do If the Number of Connections of an Instance Reaches Its Maximum?

    2. Check whether any metrics are abnormal and whether any alarms are generated on the Cloud Eye console. Cloud Eye monitors database metrics, such as the CPU usage, memory usage, storage space usage, and database connections, and allows you to set alarm policies to identify risks in advance if any alarms are generated.
  7. Check whether the disk is full.

    Check method: View the storage space usage on the management console or Cloud Eye.

    • On the management console

      Locate the target instance and click its name to go to the Basic Information page. In the Storage Space area, view the storage space usage.

      Figure 5 Storage space
    • On Cloud Eye

      Locate the target instance and click View Metric in the Operation column. On the displayed page, view the storage space usage.

    Possible cause: When the instance status is Storage full, the instance needs to preserve at least 15% of its capacity to work properly.

    Solution:

    • As your service data grows, the original storage space may be insufficient. You are advised to scale up storage space. For details, see Scaling Up Storage Space.
    • Process expired data files in a timely manner.
    • Check whether any metrics are abnormal and whether any alarms are generated on the Cloud Eye console. Cloud Eye monitors database metrics, such as the CPU usage, memory usage, storage space usage, and database connections, and allows you to set alarm policies to identify risks in advance if any alarms are generated.
  8. Check whether the CPU usage is too high.

    The CPU usage is high or close to 100%. As a result, data read/write processing is slow, connections cannot be obtained, and errors are reported, affecting service running.

    Solution: For details, see What Should I Do If CPU Usage Is Unusually High?

  9. View common connection error messages.
    • Connection failure message: network error while attempting to run command 'isMaster'

      An error is reported when you run the following command to connect to a DDS DB instance:

      ./mongo --host 192.168.168.182 --port 8635 -u rwuser -p xxxxxxxxxx --authenticationDatabase admin

      Figure 6 Connection failed

      For details about how to rectify the fault, see Connection Failure Message: network error while attempting to run command 'isMaster'.

    • Connection failure messages: No route to host and connection attempt failed.

      An error is reported when you run the following command to connect to a DDS DB instance:

      mongo --host 192.168.1.6 --port 8635 -u rwuser -p xxxxxxxxx --authenticationDatabase admin --ssl --sslCAFile /root/ca.crt --sslAllowInvalidHostnames

      Error message:

      MongoDB shell version v3.4.17
      connecting to: mongodb://192.168.1.6:8635/
      2019-09-19T09:38:36.954+0800 W NETWORK  [thread1] Failed to connect to 192.168.1.6:8635, in(checking socket for error after poll), reason: No route to host
      2019-09-19T09:38:36.954+0800 E QUERY    [thread1] Error: couldn't connect to server 192.168.1.6:8635, connection attempt failed :
      connect@src/mongo/shell/mongo.js:240:13
      @(connect):1:6
      exception: connect failed

      For details about how to rectify the fault, see Connection Failure Messages: "No route to host" and "connection attempt failed".

    • Connection failure messages: No route to host and connection attempt failed

      An error is reported when you run the following command to connect to a DDS DB instance:

      mongo --host 192.168.168.116 --port 8635 -u rwuser -p xxxxxxxxx --authenticationDatabase admin --ssl --sslCAFile /root/ca.crt --sslAllowInvalidHostnames

      Error message:

      MongoDB shell version v3.4.17
      connecting to: mongodb://192.168.168.116:8635/
      2019-09-19T09:39:24.306+0800 W NETWORK  [thread1] The server certificate does not match the host name. Hostname: 192.168.168.116 does not match CN: 172.16.2.65
      MongoDB server version: 4.0.3
      WARNING: shell and server versions do not match
      2019-09-19T09:39:24.329+0800 E QUERY    [thread1] Error: Authentication failed. :
      DB.prototype._authOrThrow@src/mongo/shell/db.js:1461:20
      @(auth):6:1
      @(auth):1:2
      exception: login failed

      For details about how to rectify the fault, see Connection Failure Messages: "No route to host" and "connection attempt failed".

    • Connection failure message: couldn't connect to server.

      An error is reported when you run the following command to connect to a DDS DB instance:

      mongo --host 192.168.64.201 --port 8635 -u rwuser -p xxxxxxxxx --authenticationDatabase admin --ssl --sslCAFile /root/ca.crt --sslAllowInvalidHostnames

      Error message:

      MongoDB shell version v3.4.17
      connecting to: mongodb://192.168.64.201:8635/
      2019-09-19T09:45:48.168+0800 W NETWORK  [thread1] Failed to connect to 192.168.64.201:8635 after 5000ms milliseconds, giving up.
      2019-09-19T09:45:48.168+0800 E QUERY    [thread1] Error: couldn't connect to server 192.168.64.201:8635, connection attempt failed :
      connect@src/mongo/shell/mongo.js:240:13
      @(connect):1:6
      exception: connect failed

      For details about how to rectify the fault, see Connection Failure Message: "couldn't connect to server".

    • Connection failure message: cannot list multiple servers in URL without 'replicaSet' option

      An error is reported when you run the following command to connect to a DDS replica set instance:

      ./mongo mongodb://rwuser:xxxxxxxxxxx@192.168.168.116:8635,192.168.200.147:8635/test?authSource=admin&replicaSet=replica

      Error message:

      FailedToParse: Cannot list multiple servers in URL without 'replicaSet' option try 'mongo --help' for more information.

      An error is reported when you run the following command to connect to a DDS DB instance that is compatible with MongoDB 3.4:

      mongo "mongodb://rwuser:xxxxxxxxx@192.168.95.167:8635,192.168.92.43:8635/test?authSource=admin"

      Error message:

      FailedToParse: Cannot list multiple servers in URL without 'replicaSet' option
      try 'mongo --help' for more information.

      For details, see Connection Failure Message: cannot list multiple servers in URL without 'replicaSet' option.

    • Connection failure message: Timeout while receiving message.

      An error is reported when you run the following command to connect to a DDS DB instance through Java driver:

      Error message:

      org.springframework.data.mongodb.UncategorizedMongoDbException: Timeout while receiving message; nested exception is com.mongodb.MongoSocketReadTimeoutException: Timeout while receiving message

      For details about how to rectify the fault, see Connection Failure Message: "Timeout while receiving message".

    • Connection failure messages: exception: login failed and U_STRINGPREP_PROHIBITED_ERROR

      An error is reported when you run the following command to connect to a DDS DB instance:

      ./mongo "mongodb://rwuser:xxxxxx@192.168.0.45:8635,192.168.0.96:8635/test?authSource=admin&replicaSet=replica"

      Error message:

      MongoDB shell version v4.0.3
      connecting to: mongodb://192.168.0.45:8635,192.168.0.96:8635/test?authSource=admin&replicaSet=replica
      2021-11-05T05:52:53.717+0000 I NETWORK  [js] Starting new replica set monitor for replica/192.168.0.45:8635,192.168.0.96:8635
      2021-11-05T05:52:53.718+0000 I NETWORK  [ReplicaSetMonitor-TaskExecutor] Successfully connected to 192.168.0.45:8635 (1 connections now open to 192.168.0.45:8635 with a 5 second timeout)
      2021-11-05T05:52:53.718+0000 I NETWORK  [js] Successfully connected to 192.168.0.96:8635 (1 connections now open to 192.168.0.96:8635 with a 5 second timeout)
      Implicit session: session { "id" : UUID("5945d2a5-8275-4e3c-b06f-632f062a2ead") }
      MongoDB server version: 4.0.3
      2021-11-05T05:52:53.722+0000 I NETWORK  [js] Marking host 192.168.0.96:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.96:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
      2021-11-05T05:52:53.722+0000 I NETWORK  [js] Successfully connected to 192.168.0.45:8635 (1 connections now open to 192.168.0.45:8635 with a 0 second timeout)
      2021-11-05T05:52:53.723+0000 I NETWORK  [js] Marking host 192.168.0.45:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.45:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
      2021-11-05T05:52:53.724+0000 I NETWORK  [js] Marking host 192.168.0.96:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.96:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
      2021-11-05T05:52:53.725+0000 I NETWORK  [js] Marking host 192.168.0.45:8635 as failed :: caused by :: Location50692: can't authenticate against replica set node 192.168.0.45:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR
      2021-11-05T05:52:53.725+0000 E QUERY    [js] Error: can't authenticate against replica set node 192.168.0.45:8635 :: caused by :: Error preflighting normalization: U_STRINGPREP_PROHIBITED_ERROR :
      DB.prototype._authOrThrow@src/mongo/shell/db.js:1685:20
      @(auth):6:1
      @(auth):1:2
      exception: login failed

      For details about how to rectify the fault, see Connection Failure Messages: exception: login failed and U_STRINGPREP_PROHIBITED_ERROR.

  10. If the problem persists, to contact Huawei Cloud customer service for assistance.