Troubleshooting Connection Issues to Neo4j

I have a problem in dotnet connection with neo4j

Error:-
An unhandled exception of type 'Neo4j.Driver.V1.ServiceUnavailableException' occurred in Neo4j.Driver.dll

Additional information: Failed after retried for 6 times in 30000ms. Make sure that your database is online and retry again.

I'm using,
visual studio 2015,
Neo4j driver 1.7,
Neo4j desktop application with 4.1.0

I'm having trouble connecting to neo4j browser behind haproxy. I'm running 4.1 Enterprise in a casual cluster configuration. I have no issues connecting to individual cluster members. However the browser fails to load when I access cluster via haproxy. This same configuration worked in 3.5 Enterprise.

I can verify that it connects to a server and starts to load js files via the proxy log and network traffic in browser. It appears to timeout while loading ui.chunkhash.bundle.js, cypher-codemirror.chunkhash.bundle.js or app-340ee6332805876eb588.js

I increased ha proxy timeouts to 2 minutes. I tried changing the default advertising address to the load balancer and to the cluster member. Neither worked Does Neo4j 4.1 Enterprise work behind haproxy or any load balancers?

@david.allen
We're facing the issue - We're trying to visualize neo4j data on frontend, react app using neovis library, We get, "Uncaught Error: Encryption/trust can only be configured either through URL or config, not both". We currently use neo4j version 3.5 deployed on AWS.

@pratikmakune3 This error:

Uncaught Error: Encryption/trust can only be configured either through URL or config, not both

When you create a driver instance, you can pass it configuration parameters. One of them is "trust" which specifies whether or not to trust self-signed certificates, for example. Here's an example of driver configuration options I'm talking about: https://neo4j.com/docs/api/javascript-driver/current/function/index.html#static-function-driver

When you specify a Neo4j URL, you can specify the same information. For example neo4j+s:// means that you insist on secure certs, while neo4j+ssc:// means that self-signed certificates are also OK.

If you did this in javascript:

const driver = neo4j.driver("neo4j+ssc://myhost", authDetails, { trust: 'TRUST_SYSTEM_CA_SIGNED_CERTIFICATES' })

Then you would both be telling the driver to only trust system CA signed certs but ALSO be telling it to trust self-signed certs as well. This is a conflict, and so you would get this error.

The solution is to specify the trust strategy in EITHER the URL or the driver settings, but never both, which explains the message. For example, if in that code example you used neo4j:// instead of neo4j+ssc:// it would probably work.

2 Likes

I solved our issue here.. works sweet !! except now mongodb relationships as objids are not showing as lines in neo.. BUT we sovled by ensuring our neo4j db was created ! using v 3.5.17 .. no now connection issue from mono-connector

@david.allen

Neo4j version: 4.2.6

I have problem using cypher shell after making changes to neo4j.conf:

dbms.default_listen_address=0.0.0.0

dbms.default_advertised_address=abc.com

dbms.connector.bolt.tls_level=REQUIRED

dbms.connector.http.enabled=false

dbms.connector.https.enabled=true

dbms.ssl.policy.bolt.enabled=true
dbms.ssl.policy.bolt.base_directory=certificates/bolt
dbms.ssl.policy.bolt.private_key=private.key
dbms.ssl.policy.bolt.public_certificate=public.crt
dbms.ssl.policy.bolt.client_auth=NONE

dbms.ssl.policy.https.enabled=true
dbms.ssl.policy.https.base_directory=certificates/https
dbms.ssl.policy.https.private_key=private.key
dbms.ssl.policy.https.public_certificate=public.crt
dbms.ssl.policy.https.client_auth=NONE

Using browser, abc.com:7473 works fine and abc.com:7687 returns not a WebSocket handshake request: missing upgrade.

# expected error when I call without stating address
$ ./cypher-shell
Connection to the database terminated. Please ensure that your database is listening on the correct host and port and that you have compatible encryption settings both on Neo4j server and driver. Note that the default encryption setting has changed in Neo4j 4.0.
# I tried the following, but they gave the same error
$ ./cypher-shell -a abc.com:7687
$ ./cypher-shell -a neo4j://abc.com:7687
$ ./cypher-shell -a neo4j+s://abc.com:7687
$ ./cypher-shell -a bolt://abc.com:7687
$ ./cypher-shell -a bolt+s://abc.com:7687

This problem goes away if I set dbms.connector.bolt.tls_level=OPTIONAL. Can I understand how I can fix this?

Also I would like to hear your opinion on dbms.default_listen_address=0.0.0.0, to make it more secure, I should change 0.0.0.0 to specific ip right?