Keep Failing to connect to my Cosmos DB, saying timeout

Question

Keep Failing to connect to my Cosmos DB, saying timeout

Isaac 10

I have an Azure Cosmos DB for MongoDB (vCore) with M20 tier, 2 vCores, 4 GiB RAM. It works fine previously, and I didn't change any settings after creation. Just started from yesterday, I keep failing to connect to the database with timeouts. I checked the metrics and all the CPU, memory, storage usages look fine and stable.

User's image

Also, I'm pretty sure it's not the network policy because I opened 0.0.0.0-255.255.255.255 since creation and it works fine previously. I didn't change any policies before the issue happened.
User's image

1 answer

Your answer

Answer 1

Swapnesh Panchal 750 Microsoft External Staff Moderator

Hi Isaac ,
Thank you for reaching out on Microsoft Q&A forum.
Cluster looks healthy and your firewall is open, so sudden “timeout” on cosmos db for mongodb (vCore) is almost always dns or something in the outbound path (vpn/proxy/ipv6).

check access mode
- public: you should reach the public hostname over the internet
- private endpoint: dns must return the private ip and the private dns zone must be linked to your vnet
use the right port
- mongodb vcore listens on 27017 (tls)
test tcp from your machine
- windows: Test-NetConnection -Port 27017
- linux/mac: nc -vz 27017
- if this fails, something on the path blocks it
bypass srv
- try a direct string: mongodb://:@:27017/?tls=true&authSource=admin&directConnection=true
- if this works but mongodb+srv fails, it’s a dns/srv issue
check dns
- nslookup → expect public ip (public) or private ip (private link)
- if using srv: nslookup -type=SRV _mongodb._tcp.
- if you see ipv6 (AAAA) answers, disable ipv6 or force ipv4 and retry
- flush dns cache and try again
check tls handshake
- openssl s_client -connect :27017 -tls1_2 -servername -brief
- hang/fail usually means a proxy or tls inspection
remove middleboxes
- disconnect vpn and proxy; try a mobile hotspot
- ensure local firewall allows outbound 27017
- recheck your current public ip if you rely on allowlists
control test from azure
- create a small azure vm, install mongosh, connect with the same string
- works from vm but not from your place → your egress is the problem
- fails from both → likely private dns link, nsg/udr, or rare regional issue
update client
- use the latest mongosh/driver, tls 1.2+
- set connectTimeoutMS to 10000–20000
- enable tcp keep-alive if idle sockets drop later

Refer to this resource for complete details:

Troubleshoot common issues in Azure Cosmos DB for MongoDB vCore
Configure an IP firewall for your Azure Cosmos DB account
Azure Cosmos DB Data Explorer fails to connect if it still times out, please share required details in private message.

Isaac 10 Reputation points

2025-10-08T21:15:41.6066667+00:00
Thanks, I checked the connection address of my cosmos db

<name>.mongocluster.cosmos.azure.com

And strangely the dns lookup failed - I tried my own PC, our remote server, and dns lookup service hosted online. What could be a problem behind this?
Swapnesh Panchal 750 Reputation points Microsoft External Staff Moderator

2025-10-09T18:30:57.83+00:00

Hi Isaac ,
Please provide the necessary details in private message for further investigation.
Swapnesh Panchal 750 Reputation points Microsoft External Staff Moderator

2025-10-16T21:01:53.4233333+00:00

Hi Isaac ,

Thank you for your patience. Could you please perform the following additional checks? Screenshots would be very helpful. The metrics look fine; however, the 'host not found / timeout' error suggests a DNS or endpoint issue rather than a capacity problem. Please verify these points.

• Endpoint sanity: use the data endpoint exactly as shown under “Connection strings” (<cluster>.mongo.cosmos.azure.com). Avoid any management/admin “-mgmt-” or odd “azure-…” variants.

• Bypass SRV lookups: try a direct, non-SRV string to rule out resolver issues: mongodb://<user>:<pwd>@<host>:27017/?tls=true&authSource=admin&directConnection=true&retryWrites=false If this works, your DNS is dropping SRV records.

• Resolver/DoH: temporarily switch your DNS to 1.1.1.1 or 8.8.8.8 (and disable DNS-over-HTTPS/VPN/proxy). Some resolvers block underscores in SRV records used by Mongo.

• Connections metric: check Metrics → “Connections.” If it’s flat at a cap, recycle client apps to clear pooled connections.

• Driver/TLS: update the Mongo driver and ensure TLS 1.2 + SNI are enabled; very old clients can fail Cosmos’ TLS handshake.
Swapnesh Panchal 750 Reputation points Microsoft External Staff Moderator

2025-10-18T06:11:33.3933333+00:00

Just checking in, if you have any questions or need clarification, feel free to let us know. We’d be happy to contribute.
Isaac 10 Reputation points

2025-10-18T14:40:05.52+00:00

Yes, I tried all these and seems like the problem is with the DNS - the endpoint just can't get resolved at the first place. Also I tried to create a new vCore and the deployment just keeps failing - seems like there's something wrong with the whole account
Isaac 10 Reputation points

2025-10-19T17:39:37.5+00:00

I didn't change anything, but it went back to normal today. Thanks for your help

Share via

Keep Failing to connect to my Cosmos DB, saying timeout

1 answer

Your answer