Can't connect to Atlas Class Cluster

I'm able to ping to cluster0-shard-00-00-jxeqq.mongodb.netand I can connect from Compass but when I try to connect from the mongo shell I get the message exception: connect failed.

The MongoDB shell version is 4.0.3

The string i’m copying in the shell is:

mongo "mongodb://cluster0-shard-00-00-jxeqq.mongodb.net:27017,cluster0-shard-00-01-jxeqq.mongodb.net:27017,cluster0-shard-00-02-jxeqq.mongodb.net:27017/test?replicaSet=Cluster0-shard-0" --authenticationDatabase admin --ssl --username m001-student --password m001-mongodb-basics

Here’s the output:
Captura 

It’s a tricky problem with the server’s certificate. Your system is telling you that it cannot reach the Validation Authority for the remote Mongo system. The VA is used to verify that a certificate is still valid. Seems odd that Compass does not complain about this.

Are you behind a proxy or firewall which only opens to very specific connections?

i have almost same problem, how can i fix it

Yours is in now way at all similar to @Antonio_79832’s problem :smiley:

Antonio has certificate problems, while you simply have a syntax error in your command. The error message literally says so.

Your problem, is that you’re running a Linux command in the Mongo shell :slight_smile: You need to run your “mongo” call from Bash, not inside the mongo shell.

2 Likes

I’m not sure, as far as I know I don’t have any restrictions. any idea of how can I check that?

Long explanation:

Summary

I’m working through a few things, so you can test :slight_smile:

One good way to test the connection to one of the shard nodes, while at the same testing its certificate is to run the following:

openssl s_client -connect cluster0-shard-00-00-jxeqq.mongodb.net:27017 </dev/null

This works on Linux/Unix/MacOS. On Windows it can work (if OpenSSL is installed), but you’ll need to leave off the redirection from /dev/null.

I then parse the certificate as follows:

openssl s_client -connect cluster0-shard-00-00-jxeqq.mongodb.net:27017 < /dev/null > /tmp/foo
openssl x509 -in /tmp/foo -text

This tells me that the Validation Authorities are at DigiCert and that you need to be able to talk to:

There’s also OCSP on:

So! The actual test to make sure that your system can verify the certificates!

You should be able to run these commands on the computer that has Compass, without the computer giving you errors. Curl should download these two CRL files. If it cannot, then your computer cannot contact the VA and thus cannot validate the certificate of the Mongo shard node.

EDIT: Corrected commands…

curl -o /tmp/crlfile http://crl3.digicert.com/ssca-sha2-g6.crl
curl -o /tmp/crlfile2 http://crl4.digicert.com/ssca-sha2-g6.crl

Of course, that is assuming that your system has “curl”. If it doesn’t, hopefully you have “wget”.

I’m having trouble with the directory.
I get the message Failed to create the file /tmp/crlfile: No such file or directory
I tried with the reverse slash ‘\’ but still get the same output.

Don’t worry… The fact is that it COULD get the file! You don’t have to save it locally, I just wanted to make sure the curl didn’t barf a few kB of text onto your screen.

But this is good! Your system -can- get the CRL… So now it’s an interesting question! Why can’t your Compass get the CRL to validate the cert?

Say… what happens when you run the following?

openssl s_client -connect cluster0-shard-00-00-jxeqq.mongodb.net:27017 </dev/null

At the bottom it should say:

Verify return code: 0 (ok)

Hi RAFI.
I need help in connecting atlas cluster from mongodb shell.i am getting the below error .i have installed on windows. please let me know what i need to change in the command.
C:\Program Files\MongoDB\Server\4.0\bin>mongo “mongodb://cluster0-shard-00-00-jxeqq.mongodb.net:27017,cluster0-shard-00-01-jxeqq.mongodb.net:27017,cluster0-shar
d-00-02-jxeqq.mongodb.net:27017/100YWeatherSmall?replicaSet=Cluster0-shard-0” --authenticationDatabase admin --ssl --username m001-student–password m001-studen
t
MongoDB shell version v4.0.4
Enter password:
connecting to: mongodb://cluster0-shard-00-00-jxeqq.mongodb.net:27017,cluster0-shard-00-01-jxeqq.mongodb.net:27017,cluster0-shard-00-02-jxeqq.mongodb.net:27017/
100YWeatherSmall?replicaSet=Cluster0-shard-0
2018-11-08T08:50:28.645+0800 I NETWORK [js] Starting new replica set monitor for Cluster0-shard-0/cluster0-shard-00-00-jxeqq.mongodb.net:27017,cluster0-shard-0
0-01-jxeqq.mongodb.net:27017,cluster0-shard-00-02-jxeqq.mongodb.net:27017
2018-11-08T08:50:31.224+0800 I NETWORK [js] Successfully connected to cluster0-shard-00-00-jxeqq.mongodb.net:27017 (1 connections now open to cluster0-shard-00
-00-jxeqq.mongodb.net:27017 with a 5 second timeout)
2018-11-08T08:50:31.822+0800 I NETWORK [ReplicaSetMonitor-TaskExecutor] Successfully connected to cluster0-shard-00-02-jxeqq.mongodb.net:27017 (1 connections n
ow open to cluster0-shard-00-02-jxeqq.mongodb.net:27017 with a 5 second timeout)
2018-11-08T08:50:32.657+0800 I NETWORK [js] Successfully connected to cluster0-shard-00-01-jxeqq.mongodb.net:27017 (1 connections now open to cluster0-shard-00
-01-jxeqq.mongodb.net:27017 with a 5 second timeout)
Implicit session: session { “id” : UUID(“c34ba787-88f9-44bc-b466-a659c113d862”) }
MongoDB server version: 3.6.8
WARNING: shell and server versions do not match
2018-11-08T08:50:35.192+0800 E QUERY [js] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1685:20
@(auth):6:1
@(auth):1:2
exception: login failed

Replace password with m001-mongodb-basics. I hope it will working.

1 Like

Thanks rafi.i missed it is working

Hi guys, I’m having some trouble when I trying to connect to Atlas Cluster.
The warning message that I’m receiving is:
shell and server versions do not match.

What is this MongoDB server?
It’s in the 3.6.8 version in my machine and the shell version is in the 4.0.3

I’ve done the instalation just the way it’s in the video.

I have problem with mongo shell connection to my cluster:
2018-11-08T12:48:00.143+0100 E NETWORK [js] SSL peer certificate validation failed: (800B0109)A certificate chain p
rocessed, but terminated in a root certificate which is not trusted by the trust provider.
2018-11-08T12:48:00.146+0100 E NETWORK [js] SSL peer certificate validation failed: (800B0109)A certificate chain p
rocessed, but terminated in a root certificate which is not trusted by the trust provider.
2018-11-08T12:48:00.365+0100 E NETWORK [js] SSL peer certificate validation failed: (800B0109)A certificate chain p
rocessed, but terminated in a root certificate which is not trusted by the trust provider.
2018-11-08T12:48:00.369+0100 E NETWORK [js] SSL peer certificate validation failed: (800B0109)A certificate chain p
rocessed, but terminated in a root certificate which is not trusted by the trust provider.
2018-11-08T12:48:00.565+0100 E NETWORK [js] SSL peer certificate validation failed: (800B0109)A certificate chain p
rocessed, but terminated in a root certificate which is not trusted by the trust provider.
2018-11-08T12:48:00.569+0100 E NETWORK [js] SSL peer certificate validation failed: (800B0109)A certificate chain p
rocessed, but terminated in a root certificate which is not trusted by the trust provider.
2018-11-08T12:48:00.571+0100 W NETWORK [js] Unable to reach primary for set Cluster0-shard-0
2018-11-08T12:48:00.571+0100 E QUERY [js] Error: connect failed to replica set Cluster0-shard-0/cluster0-shard-00
-00-astdj.mongodb.net:27017,cluster0-shard-00-01-astdj.mongodb.net:27017,cluster0-shard-00-02-astdj.mongodb.net:2701
7 :
connect@src/mongo/shell/mongo.js:257:13
@(connect):1:6
exception: connect failed

It seems this is certificate problem. What should I do?

mongo -version
MongoDB shell version v4.0.4
git version: f288a3bdf201007f3693c58e140056adf8b04839
allocator: tcmalloc
modules: enterprise
build environment:
distmod: windows-64
distarch: x86_64
target_arch: x86_64

1 Like

Your Mongo shell does not trust the CA who issued the Mongo server’s certificate. That’s pretty interesting because they should be handed out by DigiCert…

I couldn’t solve it. I tried on another computer, seems it’s working with a warning; the warning is that the server and the shell version doesn’t match, is that a problem?

I can see the collections and use de data bases.

No that’s perfectly fine.

Glad you got it to work

hi mr rafi, I got the same issue, can you help me to fix the issue please ?

what needs to change

You should run the mongo command from the Windows shell, not the Mongo shell.

Do not start “mongo --nodb” first. You cannot run the mongo shell inside the mongo shell.

Try to understand what each command you enter tries to do.

EDIT:
If you want to first start the mongo shell and then initiate the connection, you can run connect():

connect("cluster0-shard-00-00-jxeqq.mongodb.net:27017/test","m001-student","m001-mongodb-basics")

Only problematic thing is that this does not seem to allow you to tweak SSL settings.

I hope, you found the solution.

Can you help me with my problem I mentioned early?