Fixing 'MongoDB Connection Refused' and Related Network Errors: A Complete SRE Guide
Resolve MongoDB connection refused, timeout, and authentication failed errors. SRE guide to diagnosing bind_ip, firewalls, disk space, and crash recovery.
- Verify the mongod service is active and listening on the correct network interfaces (check bindIp in mongod.conf).
- Ensure no firewall (UFW, iptables, AWS Security Groups) is blocking traffic on the default MongoDB port 27017.
- Check system resources and logs for underlying issues like 'disk full' (No space left on device) or sudden process crashes triggering recovery.
- Resolve 'Authentication failed' errors by confirming the user exists in the correct authentication database (usually 'admin') and role-based access control (RBAC) is properly configured.
- Address connection timeouts and 'too many connections' by optimizing connection pooling and reviewing 'maxIncomingConnections'.
| Method | When to Use | Time | Risk |
|---|---|---|---|
| Restart mongod Service | Service crashed due to OOM or locked state | 2 mins | Low |
| Update bindIp Configuration | Remote clients receive ECONNREFUSED | 5 mins | Low |
| Free Disk Space & Repair | MongoDB fails to start due to full disk or corruption | 15 mins | High (Data Loss) |
| Adjust Connection Limits | Timeout or 'too many connections' errors under load | 10 mins | Medium |
Understanding the Error
The mongodb connection refused error (often manifesting as MongoNetworkError: connect ECONNREFUSED 127.0.0.1:27017 in Node.js or Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed: SocketException in the mongo shell) is one of the most common issues developers and operations teams encounter.
At its core, ECONNREFUSED means that the client successfully reached the host, but the host actively rejected the connection on the specified port. This is fundamentally different from a timeout, where the packet simply drops into a black hole.
While the root cause is often a misconfigured bind address or a stopped daemon, MongoDB connectivity issues can cascade from other severe underlying problems. As an SRE, you must look beyond the immediate network failure and investigate potential disk exhaustion, corrupted indexes, or unoptimized queries leading to resource starvation.
Step 1: Verify the mongod Process State
The very first step in debugging ECONNREFUSED is confirming that the MongoDB process is actually running. A stopped process cannot accept connections.
Run the following systemd command to check the status:
systemctl status mongod
If the service is inactive or failed, you need to understand why it stopped. Simply restarting the service (systemctl restart mongod) might temporarily restore access, but if the underlying issue persists, it will crash again.
Common Causes for Process Termination:
- MongoDB Disk Full: If MongoDB runs out of disk space, it will shut down to prevent data corruption. Check your syslog or MongoDB logs (
/var/log/mongodb/mongod.log) for messages like:[initandlisten] Fatal Assertion 28595 at src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp ... No space left on device. - OOM (Out of Memory) Killer: The Linux kernel will ruthlessly kill processes if the system runs out of memory. Check
dmesg -T | grep -i oom. - MongoDB Crash Recovery: If the process was ungracefully terminated (e.g., power loss or
kill -9), upon restarting, MongoDB will enter crash recovery mode. The service will be "running" but won't accept connections until the WiredTiger storage engine finishes replaying the journal. During this time, clients may experiencemongodb timeoutor connection refused errors.
Step 2: Network Configuration and the bindIp Directive
If the mongod service is running perfectly, the next culprit is almost always the network configuration. By default, MongoDB binds only to the localhost interface (127.0.0.1). This is a critical security measure to prevent unauthorized remote access.
If your application server is on a different machine or a Docker container trying to reach the host network, the connection will be refused.
Open your MongoDB configuration file (typically /etc/mongod.conf on Linux):
net:
port: 27017
bindIp: 127.0.0.1
To allow remote connections, you must append the private IP address of the MongoDB server, or bind to all interfaces using 0.0.0.0 (ensure your firewalls are strictly configured before doing this!).
net:
port: 27017
bindIp: 127.0.0.1,10.0.0.5 # Binds to localhost and the private IP
After modifying the file, restart the service:
sudo systemctl restart mongod
Step 3: Resolving "MongoDB Authentication Failed"
Once the network connection is established, you might immediately hit an application-layer rejection: MongoServerError: Authentication failed.
This occurs when the client successfully connects to port 27017 but provides invalid credentials, or attempts to authenticate against the wrong database. MongoDB uses a mechanism where users are created within specific databases (typically the admin database for superusers).
If your connection string looks like this: mongodb://myUser:myPassword@10.0.0.5:27017/myAppDatabase, MongoDB attempts to authenticate myUser against myAppDatabase.
If myUser was created in the admin database, you must specify the authSource:
mongodb://myUser:myPassword@10.0.0.5:27017/myAppDatabase?authSource=admin
Additionally, verify that the user hasn't encountered a mongodb permission denied error due to insufficient role-based access control (RBAC). A user might authenticate successfully but lack the readWrite role for the target collection.
Step 4: Timeouts, Too Many Connections, and Performance Bottlenecks
Sometimes, the connection isn't immediately refused, but the client throws a mongodb timeout or MongoServerSelectionError: Server selection timed out after 30000 ms.
1. MongoDB Too Many Connections:
MongoDB has a limit on the number of concurrent connections it can handle, governed by the net.maxIncomingConnections setting (default 65536). However, the operating system's file descriptor limit (ulimit -n) is often the real bottleneck.
If your application leaks connections (e.g., creating a new MongoClient per HTTP request instead of reusing a connection pool), the server will eventually reject new connections. You can check the current connection count in the mongo shell:
db.serverStatus().connections
2. MongoDB Slow Query & Deadlocks:
Connection timeouts can also be a symptom of extreme server load. If a mongodb slow query (e.g., a collection scan on a massive dataset without an index) is saturating the CPU or causing high disk I/O, the server may not respond to connection handshakes in time.
Use the database profiler to identify these queries:
db.setProfilingLevel(1, { slowms: 100 })
While MongoDB handles document-level locking in WiredTiger, complex transactional operations or massive bulk updates can sometimes simulate a mongodb deadlock scenario, where queries queue up, exhausting the connection pool and causing subsequent connection attempts to fail or timeout.
Step 5: Advanced Issues - Corruption and Replication Lag
In high-availability replica sets, connectivity issues can present uniquely.
MongoDB Replication Lag:
If secondary nodes fall too far behind the primary (mongodb replication lag), they might enter a RECOVERING state. During this time, if your client is configured with a read preference of secondary, those nodes will refuse read operations until they catch up.
MongoDB Corruption:
If a server crashes hard and the hardware write cache fails, you might encounter mongodb corruption. The service will fail to start, logging WiredTiger checksum mismatch errors. In these catastrophic scenarios, the connection is refused because the database is offline. You must either restore from a backup, resync the node from another healthy replica set member, or attempt a localized repair (mongod --repair), though the latter can result in data loss.
Frequently Asked Questions
# 1. Check if the MongoDB service is running
sudo systemctl status mongod
# 2. Check if MongoDB is listening on port 27017 and on which interfaces
sudo netstat -tlnp | grep 27017
# Output should look like: tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1234/mongod
# 3. View the last 50 lines of the MongoDB log for crash or disk errors
sudo tail -n 50 /var/log/mongodb/mongod.log
# 4. Check system limits (file descriptors) which can cause connection issues
cat /proc/$(pidof mongod)/limits | grep "Max open files"
# 5. Allow MongoDB port through UFW firewall (if binding to non-localhost)
sudo ufw allow 27017/tcpError Medic Editorial
A collective of senior Site Reliability Engineers and Database Administrators specializing in high-availability infrastructure, incident response, and performance tuning.
Sources
- https://www.mongodb.com/docs/manual/reference/configuration-options/#net.bindIp
- https://www.mongodb.com/docs/manual/tutorial/troubleshoot-connection-issues/
- https://stackoverflow.com/questions/46523321/mongoerror-connect-econnrefused-127-0-0-127017
- https://github.com/mongodb/node-mongodb-native/issues/2809