Pbm-agent unable to authenticate using mechanism "SCRAM-SHA-1"

Hi there!

I’ve followed the initial setup on the PBM documentation, i’ve connected my pbm-agent process to the mongoc running on 27019. I’ve created both the role and the user on the admin database on port 27017, which is running my mongos process. I have a sharded cluster with 4 nodes, on each node i have an instance of mongoc, mongod and mongos. When i try pbm status it fails Error: get status of cluster: connect to shard1-rs [shard1-rs/172.31.1.225:27018,172.31.26.195:27018,172.31.47.6:27018]: ping: connection() error occured during connection. Apparently it fails when connecting to the mongod process on port 27018, mostly auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed.

Anyone has been through the same error?

Hi @michaelcoelho
I don’t quite understand the topology of your cluster. What mongoc stand for? Is this configserver?
Can you post a full output of pbm status?

This error looks like you don’t have a pbm user or you are trying to connect with the wrong creds. Have you created the pbm user on shard1-rs [shard1-rs/172.31.1.225:27018,172.31.26.195:27018,172.31.47.6:27018]?

Just in case, the pbm user should be created on every replica set. In a sharded cluster, this means every shard replica set and the config server replica set. As well as the instance pbm-agent should be connected to each node (mongod) on every replica set (a configserver replicaset included).

Hei @Andrew_Pogrebnoi , thanks for replying!

the mongoc is the config server replica set and mongos is the query router. So, i need to spin up two pbm-agent instances on each node, one connected to mongod and the other to config server replicaset?

Yes, if you have two mongod processes (mongod and the config server node) on each node then you have to run two pbm-agents. Despite where physically mongod instances (config server included) are running each of them should have its own agent connected. And each replicaset (config server included) should have the pbm user.