Connection Issues
Clients can’t connect, or connections drop intermittently. Work through the checks below to isolate the problem.
Connection path
Where failures happen
Client
Connection refused Port, firewall
Network / Firewall
503 Service Unavailable Starting up, not ready
'%20d='M256%2032%20L416%2096%20V224%20C416%20336%20320%20432%20256%20464%20C192%20432%2096%20336%2096%20224%20V96%20Z'/%3e%3cg%20stroke='%23ffffff'%20stroke-opacity='0.35'%20stroke-width='4'%3e%3cline%20x1='160'%20y1='180'%20x2='352'%20y2='180'/%3e%3cline%20x1='160'%20y1='220'%20x2='352'%20y2='220'/%3e%3cline%20x1='160'%20y1='260'%20x2='352'%20y2='260'/%3e%3c/g%3e%3cpath%20fill='%23ffffff'%20d='M256%20140%20L290%20220%20L256%20300%20L222%20220%20Z'/%3e%3c/svg%3e){kind=small}
Intermittent timeouts Pool exhaustion, backend down
LDAP Backend
Database errors Auth, connectivity, SSL
PostgreSQL
Quick checks
Section titled “Quick checks”# Service healthcurl http://localhost:8080/readyz
# Channel statuscurl -s http://localhost:8080/observe/channels | jq
# Database connectivitycurl -s http://localhost:8080/observe/doctor | jq '.checks[] | select(.name | startswith("db"))'Symptom: LDAP connection refused
Section titled “Symptom: LDAP connection refused”Check 1: Is LDAP enabled?
Section titled “Check 1: Is LDAP enabled?”curl -s http://localhost:8080/observe/channels | jq '.ldap'Expected: enabled: true, running: true
If disabled: Set channels.ldap.enabled = true in config.
Check 2: Correct port?
Section titled “Check 2: Correct port?”curl -s http://localhost:8080/observe/channels | jq '.ldap.bindings[].actualPort'The actual port may differ from the configured port when using ephemeral ports.
Check 3: Firewall
Section titled “Check 3: Firewall”Verify traffic is allowed to the LDAP port:
nc -zv identity-scribe-host 10389Symptom: REST API returns 503
Section titled “Symptom: REST API returns 503”Check 1: Is the service starting?
Section titled “Check 1: Is the service starting?”curl http://localhost:8080/startedzIf not started: Check logs for startup errors.
Check 2: Is the database connected?
Section titled “Check 2: Is the database connected?”curl -s http://localhost:8080/observe/doctor | jq '.checks.db'Check 3: Is initial sync complete?
Section titled “Check 3: Is initial sync complete?”curl http://localhost:8080/readyz?verboseReadiness requires initial sync to complete.
Symptom: Intermittent timeouts
Section titled “Symptom: Intermittent timeouts”Check 1: Pool exhaustion
Section titled “Check 1: Pool exhaustion”curl -s http://localhost:8080/metrics | grep -E "hikari.*(pending|active)"If pending > 0 frequently: Increase pool sizes.
Check 2: Source LDAP issues
Section titled “Check 2: Source LDAP issues”Check ingest lag:
curl -s http://localhost:8080/observe/stats/ingest | jq '.entry_types[].lag_seconds'High lag points to source LDAP problems.
Check 3: Network timeouts
Section titled “Check 3: Network timeouts”Increase timeouts if the network is slow:
ldap.soTimeout = 30000database.queryHttpAcquisitionTimeout = 10sDatabase connection checklist
Section titled “Database connection checklist”| Check | Command |
|---|---|
| PostgreSQL running | pg_isready -h localhost -p 5432 |
| Credentials correct | Check SCRIBE_DATABASE_USER/PASSWORD |
| SSL required | Set ?sslmode=require in URL |
| Network reachable | nc -zv db-host 5432 |
| Pool not exhausted | Check hikaricp_connections_pending |
Related
Section titled “Related”- Deployment — System requirements
- Configuration — Connection settings
- Error Handling — Error codes, retries, and support workflow