Intermittent ActiveDirectoryServicePrincipal authentication failure with JDBC – java.net.ConnectException: Connection timed out

Question

We are using the Microsoft JDBC driver to connect to Azure SQL Database with Authentication=ActiveDirectoryServicePrincipal.

The connection works most of the time, but we are seeing intermittent failures during authentication with the following error:

com.microsoft.sqlserver.jdbc.SQLServerException: Failed to authenticate the user <client-id> in Active Directory (Authentication=ActiveDirectoryServicePrincipal).

Caused by: java.net.ConnectException: Connection timed out

Stack trace (relevant part):

at com.microsoft.sqlserver.jdbc.SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal

at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken

at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon

at java.sql.DriverManager.getConnection

Key observations:

• This issue is intermittent (same credentials work on retry)
• Happens during token acquisition (MSAL) before SQL login completes
• No changes in client ID / secret
• Same code path sometimes succeeds immediately after failure

Environment:

• Java application using Microsoft JDBC driver
• Authentication: ActiveDirectoryServicePrincipal
• Running in (container/VM – specify if needed)
• Connections are created programmatically (not always pooled)
• Component Where Version mssql-jdbc mt-service/pom.xml 10.2.3.jre17 msal4j Parent pom (dependencyManagement) 1.16.0 msal4j mt-service/pom.xml (direct) 1.30.0-beta

Questions:

1. What could cause intermittent timeouts during MSAL token acquisition for service principal auth?
2. Are there known issues with JDBC + MSAL4J + Azure AD endpoint connectivity causing this behavior?
3. What are recommended best practices for:
   • Retry handling for token acquisition failures?
     • Tuning loginTimeout or other JDBC properties?
     1. Are there specific network endpoints or dependencies we should validate for reliability?

Any guidance on diagnosing or stabilizing this would be very helpful.We are using the Microsoft JDBC driver to connect to Azure SQL Database with Authentication=ActiveDirectoryServicePrincipal.We are using the Microsoft JDBC driver to connect to Azure SQL Database with Authentication=ActiveDirectoryServicePrincipal.

The connection works most of the time, but we are seeing intermittent failures during authentication with the following error:

com.microsoft.sqlserver.jdbc.SQLServerException: Failed to authenticate the user <client-id> in Active Directory (Authentication=ActiveDirectoryServicePrincipal).

Caused by: java.net.ConnectException: Connection timed out

Stack trace (relevant part):

at com.microsoft.sqlserver.jdbc.SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal

at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken

at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon

at java.sql.DriverManager.getConnection

Key observations:

• This issue is intermittent (same credentials work on retry)
• Happens during token acquisition (MSAL) before SQL login completes
• No changes in client ID / secret
• Same code path sometimes succeeds immediately after failure

Environment:

• Java application using Microsoft JDBC driver
• Authentication: ActiveDirectoryServicePrincipal
• Running in (container/VM – specify if needed)
• Connections are created programmatically (not always pooled)
• Component Where Version
  mssql-jdbc mt-service/pom.xml 10.2.3.jre17
  msal4j Parent pom (dependencyManagement) 1.16.0
  msal4j mt-service/pom.xml (direct) 1.30.0-beta

Questions:

1. What could cause intermittent timeouts during MSAL token acquisition for service principal auth?
2. Are there known issues with JDBC + MSAL4J + Azure AD endpoint connectivity causing this behavior?
3. What are recommended best practices for:
   • Retry handling for token acquisition failures?
   • Tuning loginTimeout or other JDBC properties?
4. Are there specific network endpoints or dependencies we should validate for reliability?

Any guidance on diagnosing or stabilizing this would be very helpful.We are using the Microsoft JDBC driver to connect to Azure SQL Database with Authentication=ActiveDirectoryServicePrincipal.

Answer 1

Hi ,

Thanks for reaching out to Microsoft Q&A.

I belive this issue is not related to azure SQL itself but occurs during token acquisition from Microsoft Entra ID via MSAL, and the intermittent ConnectException: timeout strongly indicates transient network or dependency instability. The most common causes in such scenarios are unreliable outbound connectivity to AAD endpoints (for example DNS latency, firewall or proxy interference, or SNAT port exhaustion in container or VM environments), combined with a connection pattern that creates new JDBC connections frequently, which in turn triggers repeated token requests and amplifies the probability of failure. The presence of mixed and beta versions of msal4j further increases instability risk. To stabilise, the focus should be on reducing token acquisition frequency through proper connection pooling, introducing controlled retries for transient failures, aligning on a stable MSAL version, and validating network reliability to AAD endpoints. In most real-world cases, once connection reuse and network path stability are addressed, these intermittent authentication timeouts disappear.

Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.