Mongodb connection timeout issues

Question

Mongodb connection timeout issues

Garett Matsilele 20

Hi,

I am experiencing connectivity issues between an Azure App Service and Azure Cosmos DB for MongoDB after making infrastructure and application updates.

Environment:

Azure App Service (Linux container)

Azure Cosmos DB for MongoDB vCore

Private Endpoint enabled

App Service integrated with VNet

Private DNS zones configured

Issue: The application previously worked correctly. After recent updates and networking changes, the application can no longer connect to Cosmos DB over the private endpoint.

Current behavior:

DNS resolution works correctly from the App Service Kudu console.

The MongoDB hostname resolves to the private IP successfully.

However, TCP connectivity to port 10260 times out.

Kudu test results:

nslookup fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com

Result: fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com -> fc-ce88da977caf-000.global.privatelink.mongocluster.cosmos.azure.com -> 10.0.4.4

However:

tcpping fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com 10260

Results in: seq 0: no response (timeout)

What has already been verified:

Private Endpoint status = Approved

Private DNS zones linked to VNet

DNS records exist and resolve correctly

App Service VNet integration configured

Dedicated subnet created for private endpoints

Firewall rules and App Service outbound IPs added

Public access temporarily enabled for testing

App Service restarted multiple times

New private endpoint created and attached to a dedicated subnet

Additional observations:

One older private endpoint DNS configuration previously showed “Connection disconnected”.

New private endpoint now resolves correctly to 10.0.4.4.

DNS appears healthy, but network connectivity to port 10260 still fails.

Question: Could this indicate a backend issue with the private endpoint, routing propagation, or Cosmos DB networking? Are there additional diagnostics recommended for validating private endpoint connectivity specifically for Cosmos DB MongoDB vCore?

Any help would be appreciated.

Manoj Kumar Boyini 16,725 Reputation points Microsoft External Staff Moderator

2026-05-12T13:44:29.0366667+00:00

Hi Garett Matsilele

I understand that you are experiencing connectivity issues to your MongoDB vCore account.

To proceed with a detailed investigation, could you please help us with the below information and test results?

Issue Behavior

Is the issue consistent or transient?

Please share the exact error message/exception you are seeing (including stack trace if available).

If possible, provide the Activity IDs or timestamps when the issue occurred.

Any application logs, diagnostic logs or connection trace logs captured during the failure would be very helpful.

Please provide the results of Network & Connectivity Checks in Private Message

Kindly run the following command from one of the affected client machines and share the output:

PowerShell
Test-NetConnection <server-hostname | ip-address> 10260

Connection with Mongosh:
mongosh mongodb+srv://<user>:<password>@<accountName>.mongocluster.cosmos.azure.com/?tls=true&authMechanism=SCRAM-SHA-256&retrywrites=false&maxIdleTimeMS=120000

check if DNS resolves to expected IPs
$ nslookup -type=SRV _mongodb.tcp.<cluster-name>.<domain>

Once we receive these details, we will review the logs, validate the network reachability, and proceed with the next steps.

Garett Matsilele 20

Hi Manoj,

Thank you for the response.

Please find the requested diagnostics below.

Issue Behavior:

The issue is consistent and reproducible.

The application was previously working correctly before infrastructure/network updates.

After updates, the application can no longer establish MongoDB connectivity over the private endpoint.

Kudu DNS Test:

kudu_ssh_user@ffb429f27dbd:/$ nslookup fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com

Server:         127.0.0.11
Address:        127.0.0.11#53

Non-authoritative answer:
fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com canonical name =
fc-ce88da977caf-000.global.privatelink.mongocluster.cosmos.azure.com.

Name:
fc-ce88da977caf-000.global.privatelink.mongocluster.cosmos.azure.com

Address: 10.0.4.4

Kudu TCP Connectivity Test:

kudu_ssh_user@ffb429f27dbd:/$ tcpping fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com 10260

seq 0: no response (timeout)
seq 1: no response (timeout)
seq 2: no response (timeout)
seq 3: no response (timeout)
seq 4: no response (timeout)
seq 5: no response (timeout)
seq 6: no response (timeout)
seq 7: no response (timeout)

mongosh Connectivity Test:

mongosh "mongodb+srv://<username>:<password>@xhihangule-api.mongocluster.cosmos.azure.com/?tls=true&authMechanism=SCRAM-SHA-256&retryWrites=false&maxIdleTimeMS=120000"

MongoServerSelectionError:
connect ETIMEDOUT 4.205.247.145:10260

PowerShell Test-NetConnection:

PS C:\Users\garet> Test-NetConnection fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com -Port 10260

WARNING: TCP connect to (4.205.247.145 : 10260) failed

ComputerName           :
fc-ce88da977caf-000.global.mongocluster.cosmos.azure.com

RemoteAddress          : 4.205.247.145
RemotePort             : 10260
PingSucceeded          : True
TcpTestSucceeded       : False

SRV DNS Lookup:

nslookup -type=SRV _mongodb._tcp.xhihangule-api.mongocluster.cosmos.azure.com

Non-authoritative answer:

_mongodb._tcp.xhihangule-api.mongocluster.cosmos.azure.com
SRV service location:

priority       = 0
weight         = 0
port           = 10260
svr hostname   =
fc-ce88da977caf-000.mongocluster.cosmos.azure.com

Additional Notes:

Private endpoint status is Approved.

DNS resolves correctly to the private IP (10.0.4.4) inside the App Service Kudu console.

App Service is integrated with the VNet.

Private DNS zone integration is configured.

Dedicated subnet for private endpoints has been created.

Connectivity issue appears specifically related to TCP reachability on port 10260.

Please let me know if there are additional diagnostics or backend checks that can be performed.

Manoj Kumar Boyini 16,725 Reputation points Microsoft External Staff Moderator

2026-05-12T14:52:51.8266667+00:00

Hi Garett Matsilele

I kindly request you to please share the details requested in the private message for further investigation.
Garett Matsilele 20 Reputation points

2026-05-13T09:20:49.9233333+00:00

Hi Manoj

I sent the requested details.
Garett Matsilele 20 Reputation points

2026-05-13T13:06:10.2866667+00:00
The application infrastructure is operational and newly created clusters connect successfully.

However, all clusters containing production data, including Point-in-Time restored clusters, are timing out on port 10260 and remain inaccessible.

This is now a production-impacting data accessibility issue.

Please escalate to the Azure Cosmos DB / DocumentDB engineering team to investigate backend connectivity or node routing issues affecting the Canada Central region clusters.

The data appears intact, but connectivity to the cluster nodes is failing consistently across:

original cluster

restored clusters

public endpoints

private endpoints

A newly created empty cluster works correctly, confirming the issue is isolated to the affected production/recovery clusters.
Manoj Kumar Boyini 16,725 Reputation points Microsoft External Staff Moderator

2026-05-19T13:18:08.31+00:00

Hi @Garett Matsilele

Just checking in to see if the information provided earlier was helpful. Please let us know if you need any additional details or assistance, and we’ll gladly continue supporting you.

Answer accepted by question author

0 additional answers

Your answer

Manoj Kumar Boyini 16,725 Reputation points Microsoft External Staff Moderator

2026-05-12T13:44:29.0366667+00:00

Hi Garett Matsilele

I understand that you are experiencing connectivity issues to your MongoDB vCore account.

To proceed with a detailed investigation, could you please help us with the below information and test results?

Issue Behavior

Is the issue consistent or transient?

Please share the exact error message/exception you are seeing (including stack trace if available).

If possible, provide the Activity IDs or timestamps when the issue occurred.

Any application logs, diagnostic logs or connection trace logs captured during the failure would be very helpful.

Please provide the results of Network & Connectivity Checks in Private Message

Kindly run the following command from one of the affected client machines and share the output:

PowerShell
Test-NetConnection <server-hostname | ip-address> 10260

Connection with Mongosh:
mongosh mongodb+srv://<user>:<password>@<accountName>.mongocluster.cosmos.azure.com/?tls=true&authMechanism=SCRAM-SHA-256&retrywrites=false&maxIdleTimeMS=120000

check if DNS resolves to expected IPs
$ nslookup -type=SRV _mongodb.tcp.<cluster-name>.<domain>

Once we receive these details, we will review the logs, validate the network reachability, and proceed with the next steps.
Manoj Kumar Boyini 16,725 Reputation points Microsoft External Staff Moderator

2026-05-12T14:52:51.8266667+00:00

Hi Garett Matsilele

I kindly request you to please share the details requested in the private message for further investigation.
Garett Matsilele 20 Reputation points

2026-05-13T09:20:49.9233333+00:00

Hi Manoj

I sent the requested details.
Garett Matsilele 20 Reputation points

2026-05-13T13:06:10.2866667+00:00

The application infrastructure is operational and newly created clusters connect successfully.

However, all clusters containing production data, including Point-in-Time restored clusters, are timing out on port 10260 and remain inaccessible.

This is now a production-impacting data accessibility issue.

Please escalate to the Azure Cosmos DB / DocumentDB engineering team to investigate backend connectivity or node routing issues affecting the Canada Central region clusters.

The data appears intact, but connectivity to the cluster nodes is failing consistently across:

original cluster

restored clusters

public endpoints

private endpoints

A newly created empty cluster works correctly, confirming the issue is isolated to the affected production/recovery clusters.
Manoj Kumar Boyini 16,725 Reputation points Microsoft External Staff Moderator

2026-05-19T13:18:08.31+00:00

Hi @Garett Matsilele

Just checking in to see if the information provided earlier was helpful. Please let us know if you need any additional details or assistance, and we’ll gladly continue supporting you.

Answer 1

Hi Garett Matsilele

Thank you for your detailed troubleshooting so far, this is very helpful.

From the results you shared:

DNS resolution is working correctly and resolving to the private endpoint IP
However, TCP connectivity to port 10260 is timing out

This combination generally indicates that the issue is not with Cosmos DB or the private endpoint itself, but rather with network connectivity in the path between your application and the private endpoint.

In Azure Cosmos DB for MongoDB vCore, if DNS resolves successfully but TCP connection fails, it typically means the traffic is being blocked by network controls such as:

Network Security Groups (NSGs)
Route tables (UDRs)
Firewall or appliance in the VNet (e.g., NVA, proxy)
Subnet-level restrictions or outbound rules from the App Service integration subnet

Recommended next step: Please work with your networking/IT team to verify that outbound traffic from the App Service subnet to the private endpoint IP on port 10260 is fully allowed, and that there are no blocking rules in NSG/UDR/firewall along the path.

If needed, tools like Test-NetConnection, psping, or telnet can help confirm whether the port is reachable from within the VNet.

Please let us know if you have any questions or concerns.

Share via

Mongodb connection timeout issues

0 additional answers

Your answer