Pbm-agent unable to authenticate using mechanism "SCRAM-SHA-1"

Hi there!

I’ve followed the initial setup on the PBM documentation, i’ve connected my pbm-agent process to the mongoc running on 27019. I’ve created both the role and the user on the admin database on port 27017, which is running my mongos process. I have a sharded cluster with 4 nodes, on each node i have an instance of mongoc, mongod and mongos. When i try pbm status it fails Error: get status of cluster: connect to shard1-rs [shard1-rs/172.31.1.225:27018,172.31.26.195:27018,172.31.47.6:27018]: ping: connection() error occured during connection. Apparently it fails when connecting to the mongod process on port 27018, mostly auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed.

Anyone has been through the same error?

1 Like

Hi @michaelcoelho
I don’t quite understand the topology of your cluster. What mongoc stand for? Is this configserver?
Can you post a full output of pbm status?

This error looks like you don’t have a pbm user or you are trying to connect with the wrong creds. Have you created the pbm user on shard1-rs [shard1-rs/172.31.1.225:27018,172.31.26.195:27018,172.31.47.6:27018]?

Just in case, the pbm user should be created on every replica set. In a sharded cluster, this means every shard replica set and the config server replica set. As well as the instance pbm-agent should be connected to each node (mongod) on every replica set (a configserver replicaset included).

1 Like

Hei @AndrewPogrebnoi , thanks for replying!

the mongoc is the config server replica set and mongos is the query router. So, i need to spin up two pbm-agent instances on each node, one connected to mongod and the other to config server replicaset?

1 Like

Yes, if you have two mongod processes (mongod and the config server node) on each node then you have to run two pbm-agents. Despite where physically mongod instances (config server included) are running each of them should have its own agent connected. And each replicaset (config server included) should have the pbm user.

1 Like