CommunicationException [Root exception is ConnectException: Connection timed out]

Question

I'm getting this exception occasionally, while trying to connect Active Directory.

javax.naming.CommunicationException: <ServerIP>:<PORT> 
  [Root exception is java.net.ConnectException: Connection timed out: connect]

Here is my code:

    DirContext ctx = null;
    Properties env = new Properties();

    env.put(Context.SECURITY_PRINCIPAL, <Bind_USER>);
    env.put(Context.SECURITY_CREDENTIALS, <Bind_USER_PWD>);
    env.put(Context.PROVIDER_URL, "ldap://<ServerIP>:<PORT>");            
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

    ctx = new InitialDirContext(env);

Getting the connection timeout exception in this line ctx = new InitialDirContext(env);. It doesn't happen every-time, but happens quite often.

Please advise me, how to get rid of this issue?

Answer 1

I began to notice this as well when I swapped out the use of a Timer with that of ScheduledExecutorService for launching my Ldap Server. The problem turned out to be a race condition. I changed the launch time of my Ldap Server from 0 delay to a 5 second delay and this seems to have resolved the java.net.ConnectException to my Ldap Server.

Race condition existed here :

final ScheduledExecutorService ses = Executors.newSingleThreadScheduledExecutor(); ses.scheduleWithFixedDelay(ldapServer, 0, 5, TimeUnit.SECONDS);

Race condition resolved here :

final ScheduledExecutorService ses = Executors.newSingleThreadScheduledExecutor(); ses.scheduleWithFixedDelay(ldapServer, 5, 5, TimeUnit.SECONDS);

Answer 2

Had the same intermittent issue, although the config pointed to a domain name (not an IP).

By using NSLOOKUP, it was discovered that a non-existent DC was listed which was causing intermittent connection issues.

Answer 3

This happens to me occasionally as well. And because it only happens ~1% of the time, I doubt it's any of the reasons listed in Juned's answer since nothing changes in my setting.

For me it happens quite randomly and is fixed without any specific action on my part. This makes me believe that the answer provided here is correct:

It is most likely a connection leak. Connection timeout can be caused by many things but most of them would cause it every time. Very likely the LDAP server has a maximum number of connections it will handle simultaneously, and beyond that it won't call accept(), so new incoming connections remain in the backlog queue, which fills up, which can cause further incoming connections to time out.

@OP Can you run netstat -anp at the server when this happens, to check the hypothesis above? Can you also set a connection-idle timeout at the LDAP server? That would fix connection leaks but in a brute-force way that may break other things.

Answer 4

I have been getting the same error after moving over to LDAPS I am now using Port 636 and I discovered that one of the Domain Controllers on the Domain I connect to is blocked on port 636.

[Root exception is java.net.ConnectException: Connection timed out: connect] I