Articles in this section

See more

Error when connecting to Neo4j Aura: Error code: 'ServiceUnavailable', name: 'Neo4jError'

Stephen Fritz
  • Updated
Follow

You may receive one of the following errors while connecting your Application to Aura DB through a driver:

  • Could not connect to any routing servers
  • If you do not tell the driver that encryption is on, you may see the "ServiceUnavailable" error, along with an error telling you "No routing servers available" in your browser's console log, similar to:
    Neo4jError: Could not perform discovery. No routing servers available. Known routing table: RoutingTable[database=default database, expirationTime=0, currentTime=1576853357420, routers=[], readers=[], writers=[]]

Causes

  • Neo4j 4.0.x and later drivers have replaced the 'bolt+routing://' protocol with 'neo4j://' protocol.
  • Additionally, Neo4j Aura has stricter encryption requirements.
  • On rare occasions, the ServiceUnavailable error could be transient

Solution

  • Since v4.0.1 of the Java and .NET drivers, and v4.0.2 of the JavaScript driver, you can configure the encryption and trust settings of the driver directly through the connection URI.
  • The neo4j+s and bolt+s schemes enable encryption and full certificate checks against the system's local CA store. The neo4j+ssc and bolt+ssc schemes also enable encryption with no certificate checks, typically for use with self-signed certificates.
URI Routing  Description

neo4j+s

 Yes

 Secured with full certificate

neo4j+ssc

 Yes

 Secured with a self-signed certificate

bolt+s

 No

 Secured with full certificate

bolt+ssc

 No

  Secured with a self-signed certificate
 

Any of these schemes would work with Aura. However, we generally recommend using neo4j+s as it is more secure and less prone to potential man-in-the-middle attacks.

Note:
You cannot use one of the Secured URI schemes and have encryption enabled in the driver configuration at the same time. Attempting to do so will result in the below error:

The config settings 'encrypted' and 'trust' can only be used with the URI schemes ['bolt', 'neo4j'].

Using the unencrypted connection schemes (bolt:// or neo4j://):

If you have to use the unencrypted connection schemes for some reason, you must explicitly tell the driver that encryption is on.

For example, using the Javascript driver, your neo4j.driver() call should look something like this:

const driver = neo4j.driver(DBID, neo4j.auth.basic(username, password), {
 encrypted: 'ENCRYPTION_ON', trust:'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES'
})

Python Example:

x = neo4j.GraphDatabase.driver("neo4j://<DBID>.databases.neo4j.io:7687", 
auth=(<username>, <password>),encrypted=True, trust='TRUST_SYSTEM_CA_SIGNED_CERTIFICATES')

Transient errors:

It is advisable to setup a retry mechanism in your client application to handle transient errors.
For ServiceUnavailable exceptions, this retry attempt should include reinitializing the driver object.

 

 

Tags: routingTags: serverTags: Could not connect to any routing serversTags: unable connectTags: Routing errorTags: ServiceUnavailable

Related articles

Comments

0 comments

Please sign in to leave a comment.