Details
-
Task
-
Resolution: Works as Designed
-
Major - P3
-
None
-
2.10.3
-
None
-
Windows Server 2019
C# 4.6.1
MongoDB Driver 2.10.3
ATLAS cluster
Description
When connecting to ATLAS cluster from a secure server we're receiving the following error:
Exception encountered: A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = MongoDB.Driver.MongoClient+AreSessionsSupportedServerSelector, LatencyLimitingServerSelector{ AllowedLatencyRange = 00:00:00.0150000 } }. Client view of cluster state is { ClusterId : "2", ConnectionMode : "Automatic", Type : "Unknown", State : "Disconnected", Servers : [{ ServerId: "{ ClusterId : 2, EndPoint : "Unspecified/MYCLUSTERNAME-shard-00-00.34sww.mongodb.net:27017" }", EndPoint: "Unspecified/MYCLUSTERNAME-shard-00-00.34sww.mongodb.net:27017", State: "Disconnected", Type: "Unknown", HeartbeatException: "MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. |
Our source looks like this:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
|
|
|
var settings = new MongoClientSettings |
{
|
ApplicationName = "iApply", |
ConnectionMode = ConnectionMode.Automatic,
|
Server = new MongoServerAddress(clusterSVRHostnmae), |
Credential = MongoCredential.CreateCredential(authDb, username, password),
|
Scheme = ConnectionStringScheme.MongoDBPlusSrv,
|
UseTls = true, |
GuidRepresentation = GuidRepresentation.CSharpLegacy
|
};
|
|
|
// settings.SslSettings = new SslSettings
|
// {
|
// CheckCertificateRevocation = true // <= this causes timeout on servers with restricted connectivity!!!
|
// };
|
|
|
var client = new MongoClient(settings); |
var db = client.GetDatabase("databaseName"); |
As it's caused problems in the past, we've commented out `CheckCertificateRevocation` as we've seen this cause timeouts. However in this case, it's not helping.
We DO NOT want to disable certificate validation in production for obvious security reasons.
Things we've tried:
- We've ensured all IP Addresses are whitelisted.
- We CAN connect from Compass from the SAME server.
- We CAN telnet to one of the resolved IP addresses on port 27017 from the same server.
- The C# code DOES work from other servers, but not this one (production).