MongoDB Self-signed SSL connection: SSL peer certificate validation failed - mongodb

I have followed this guide Self-signed SSL connection using PyMongo, by Wan Bachtiar to create three .pem files; server.pem, client.pem and ca.pem.
I am using Ubuntu 16.04 and MongoDB v3.2.11.
The purpose is to secure the MongoDB before opening it to the public internet.
lets start the mongod:
$ mongod --auth --port 27017 --dbpath /data/db1
--sslMode requireSSL --sslPEMKeyFile /etc/ssl/server.pem
--sslCAFile /etc/ssl/ca.pem --sslAllowInvalidHostnames &
Output:
root#tim:/etc/ssl# 2017-01-13T12:58:55.150+0000 I CONTROL [initandlisten] MongoDB starting : pid=19058 port=27017 dbpath=/data/db1 64-bit host=tim
2017-01-13T12:58:55.150+0000 I CONTROL [initandlisten] db version v3.2.11
2017-01-13T12:58:55.151+0000 I CONTROL [initandlisten] git version: 009580ad490190ba33d1c6253ebd8d91808923e4
2017-01-13T12:58:55.151+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016
2017-01-13T12:58:55.152+0000 I CONTROL [initandlisten] allocator: tcmalloc
2017-01-13T12:58:55.152+0000 I CONTROL [initandlisten] modules: none
2017-01-13T12:58:55.152+0000 I CONTROL [initandlisten] build environment:
2017-01-13T12:58:55.152+0000 I CONTROL [initandlisten] distmod: ubuntu1604
2017-01-13T12:58:55.152+0000 I CONTROL [initandlisten] distarch: x86_64
2017-01-13T12:58:55.152+0000 I CONTROL [initandlisten] target_arch: x86_64
2017-01-13T12:58:55.153+0000 I CONTROL [initandlisten] options: { net: { port: 27017, ssl: { CAFile: "/etc/ssl/ca.pem", PEMKeyFile: "/etc/ssl/server.pem", allowInvalidHostnames: true, mode: "requireSSL" }
}, security: { authorization: "enabled" }, storage: { dbPath: "/data/db1" } }
2017-01-13T12:58:55.211+0000 I - [initandlisten] Detected data files in /data/db1 created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-01-13T12:58:55.212+0000 W - [initandlisten] Detected unclean shutdown - /data/db1/mongod.lock is not empty.
2017-01-13T12:58:55.212+0000 W STORAGE [initandlisten] Recovering data from the last clean checkpoint.
2017-01-13T12:58:55.212+0000 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_max=4)
,config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-01-13T12:58:55.886+0000 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2017-01-13T12:58:55.886+0000 I CONTROL [initandlisten]
2017-01-13T12:58:55.895+0000 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db1/diagnostic.data'
2017-01-13T12:58:55.897+0000 I NETWORK [initandlisten] waiting for connections on port 27017 ssl
2017-01-13T12:58:55.897+0000 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2017-01-13T12:58:56.026+0000 I FTDC [ftdc] Unclean full-time diagnostic data capture shutdown detected, found interim file, some metrics may have been lost. OK
After running the mongod, I start the mongo shell:
$ mongo --port 27017 -u "my username" -p "my password"
--authenticationDatabase "" --ssl --sslPEMKeyFile /etc/ssl/client.pem
--sslCAFile /etc/ssl/ca.pem --host tim
The output is similar to the question by Marshall Farrier; lets have a look.
MongoDB shell version: 3.2.11
connecting to: 127.0.0.1:27017/datatest
2017-01-13T12:35:58.247+0000 I NETWORK [initandlisten] connection accepted from 127.0.0.1:38902 #8 (1 connection now open)
2017-01-13T12:35:58.259+0000 E NETWORK [thread1] SSL peer certificate validation failed: self signed certificate
2017-01-13T12:35:58.259+0000 E QUERY [thread1] Error: socket exception [CONNECT_ERROR] for SSL peer certificate validation failed: self signed certificate :
connect#src/mongo/shell/mongo.js:231:14
#(connect):1:6
2017-01-13T12:35:58.263+0000 E NETWORK [conn8] SSL peer certificate validation failed: self signed certificate
2017-01-13T12:35:58.263+0000 I NETWORK [conn8] end connection 127.0.0.1:38902 (0 connections now open)
What am I doing wrong?


After some searching, it seems like this error is due to the fact that the hostname "CN" was incorrect.
From digitalocean:
Whenever you generate a CSR, you will be prompted to provide information regarding the certificate. This information is known as a Distinguised Name (DN). An important field in the DN is the Common Name (CN), which should be the exact Fully Qualified Domain Name (FQDN) of the host that you intend to use the certificate with.
Also from MongoDB documentation:
If your MongoDB deployment uses SSL, you must also specify the --host option. mongo verifies that the hostname of the mongod or mongos to which you are connecting matches the CN or SAN of the mongod or mongos‘s --sslPEMKeyFile certificate. If the hostname does not match the CN/SAN, mongo will fail to connect.
SOLUTION:
I regenerated the keys, replaced localhost with any other hostname in the CN = <hostname> and completed the guide by Wan Bachtiar.
Running the following command after completion worked:
$ mongo --port 27017 -u '<_username_>' -p '<_password_>'
--authenticationDatabase "<_my db_>" --ssl --sslPEMKeyFile
/etc/ssl/client.pem --sslCAFile /etc/ssl/ca.pem --host localhost
Note:
The MongoDB folows a strict ruling of who has access to what db, a quick test in the mongo shell:
> show dbs
return an error. However, my user actually only have access to the db specified in "<my db>", so looping through the rows in "<my db>" works perfectly.

Related

Unable to connect local mongod server from EC2, whereas able to connect from vice versa

Unable to connect my local MongoDB server from AWS EC2 instance, whereas I am able to connect vice versa.
From EC2 to Local Mongod server:
root#ip-172-31-31-13:~# mongo -u krishna -p Kmk123## 192.168.0.104/admin
MongoDB shell version v4.0.12
connecting to: mongodb://192.168.0.104:27017/admin?gssapiServiceName=mongodb
2019-08-26T16:48:14.271+0000 E QUERY [js] Error: couldn't connect to server 192.168.0.104:27017, connection attempt failed: SocketException: Error connecting to 192.168.0.104:27017 :: caused by :: Connection timed out :
connect#src/mongo/shell/mongo.js:344:17
#(connect):2:6
exception: connect failed
root#ip-172-31-31-13:~#
From Local to AWS EC2 :
[root#krishna ~]# mongo -u root -p root123 ec2-18-206-199-178.compute-1.amazonaws.com/admin
MongoDB shell version v4.0.12
connecting to: mongodb://ec2-18-206-199-178.compute-1.amazonaws.com:27017/admin?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("a6b35f6a-3e71-4ada-b10a-c0783743837b") }
MongoDB server version: 4.0.12
Server has startup warnings:
2019-08-26T16:36:21.897+0000 I STORAGE [initandlisten]
2019-08-26T16:36:21.897+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2019-08-26T16:36:21.897+0000 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
2019-08-26T16:36:22.912+0000 I CONTROL [initandlisten]
2019-08-26T16:36:22.912+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten]
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten]
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten]
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2019-08-26T16:36:22.913+0000 I CONTROL [initandlisten]
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).
The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.
To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
>
>
I have edited SG of EC2 instace as below:
SSH TCP 22 0.0.0.0/0 Custom TCP Rule TCP 27017 0.0.0.0/0 Custom TCP
Rule TCP 27017::/0

You need to update mongod.conf file to allow your mongodb accessed from remote. It works for me when I do all the things mentioned in following page.
Ref: https://ianlondon.github.io/blog/mongodb-auth/

Mongo Shell from local is not getting connected to mongo server running in docker

I ran mongo server in docker and the logs came up just fine.
2019-04-12T10:39:51.334+0000 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=8a03346e57d7
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] db version v3.2.22
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] git version: 105acca0d443f9a47c1a5bd608fd7133840a58dd
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] allocator: tcmalloc
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] modules: none
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] build environment:
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] distmod: rhel70
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] distarch: x86_64
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] target_arch: x86_64
2019-04-12T10:39:51.335+0000 I CONTROL [initandlisten] options: { net: { port: 27017 }, processManagement: { pidFilePath: "/var/run/mongodb/mongod.pid" }, storage: { dbPath: "/data/db" } }
2019-04-12T10:39:51.339+0000 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),verbose=(recovery_progress),
2019-04-12T10:39:51.389+0000 I CONTROL [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2019-04-12T10:39:51.389+0000 I CONTROL [initandlisten]
2019-04-12T10:39:51.406+0000 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2019-04-12T10:39:51.406+0000 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
2019-04-12T10:39:51.406+0000 I NETWORK [initandlisten] waiting for connections on port 27017
But, while connecting the mongodb server from local shell, the connection is getting timedout.
~/mongodb/bin/mongo --host 172.17.0.2
MongoDB shell version v3.6.11
connecting to: mongodb://172.17.0.2:27017/?gssapiServiceName=mongodb
2019-04-12T16:04:45.750+0530 W NETWORK [thread1] Failed to connect to 172.17.0.2:27017 after 5000ms milliseconds, giving up.
2019-04-12T16:04:45.753+0530 E QUERY [thread1] Error: couldn't connect to server 172.17.0.2:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:263:13
#(connect):1:6
exception: connect failed
where 172.17.0.2 is the IP obtained by running docker inspect <container-id
I was able to connect mongo shell with in the docker using the command docker exec --it <container-id> bash.
Here's the Docker file for refrence.
RUN echo -e "\
[mongodb]\n\
name=MongoDB Repository\n\
baseurl=https://repo.mongodb.org/yum/redhat/7Server/mongodb-org/3.2/x86_64/\n\
gpgcheck=0\n\
enabled=1\n" >> /etc/yum.repos.d/mongodb.repo
# Install mongodb
RUN yum update -y && yum install -y mongodb-org
# Set up directory requirements
RUN mkdir -p /data/db /var/log/mongodb /var/run/mongodb
VOLUME ["/data/db", "/var/log/mongodb"]
# Expose port 27017 from the container to the host
EXPOSE 27017
# Start mongodb
ENTRYPOINT ["/usr/bin/mongod"]
CMD ["--port", "27017", "--dbpath", "/data/db", "--pidfilepath", "/var/run/mongodb/mongod.pid"]
Let me know if I am missing something.
Using MacOS

MEAN stack - Mongo output problems

I'm new to the MEAN stack
I'm following this tutorial - https://coursetro.com/posts/code/84/Setting-up-an-Angular-4-MEAN-Stack-(Tutorial)
I have everything installed.
When I run mongod I get
2017-12-30T11:38:12.746+0000 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
2017-12-30T11:38:12.746+0000 I NETWORK [initandlisten] waiting for connections on port 27017
2017-12-30T11:39:24.412+0000 I NETWORK [listener] connection accepted from 127.0.0.1:58237 #1 (1 connection now open)
2017-12-30T11:39:24.412+0000 I NETWORK [conn1] received client metadata from 127.0.0.1:58237 conn: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.6.1" }, os: { type: "Darwin", name: "Mac OS X", architecture: "x86_64", version: "17.2.0" } }
Then in a different window I run mongo and get
2017-12-30T11:38:12.737+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-12-30T11:38:12.737+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2017-12-30T11:38:12.737+0000 I CONTROL [initandlisten]
2017-12-30T11:38:12.737+0000 I CONTROL [initandlisten] ** WARNING: This server is bound to localhost.
2017-12-30T11:38:12.737+0000 I CONTROL [initandlisten] ** Remote systems will be unable to connect to this server.
2017-12-30T11:38:12.737+0000 I CONTROL [initandlisten] ** Start the server with --bind_ip <address> to specify which IP
2017-12-30T11:38:12.737+0000 I CONTROL [initandlisten] ** addresses it should serve responses from, or with --bind_ip_all to
2017-12-30T11:38:12.738+0000 I CONTROL [initandlisten] ** bind to all interfaces. If this behavior is desired, start the
2017-12-30T11:38:12.738+0000 I CONTROL [initandlisten] ** server with --bind_ip 127.0.0.1 to disable this warning.
2017-12-30T11:38:12.738+0000 I CONTROL [initandlisten]
In the browser window I see the 'app works' from Angular but I dont see output from mongo.
Do the outputs from mongod and mongo look correct, are the warnings from mongo something I need to fix.

Based on the log what i can say is mongo is installed Properly.
Make sure your Node Server is running.(Your node Server is not communicating with mongo)
Check Your node console or press F12 in browser and check Network Response.

Unable to connect to mongo server

Im using mongoDb V 3.4 and trying to start the server but it says
C:\Users\gokul ram>mongo
MongoDB shell version v3.4.10
connecting to: mongodb://127.0.0.1:27017
2017-11-18T09:25:27.061+0530 W NETWORK [thread1] Failed to connect to 127.0.0.1:27017 after 5000ms milliseconds, giving up.
2017-11-18T09:25:27.062+0530 E QUERY [thread1] Error: couldn't connect to server 127.0.0.1:27017, connection attempt failed :
connect#src/mongo/shell/mongo.js:237:13
#(connect):1:6
exception: connect failed
I also tried with --dbpath command, but it is waiting for connection for long time, still not getting connected
C:\Program Files\MongoDB\Server\3.4\bin>mongod --dbpath "C:/data/db"
2017-11-18T09:36:03.368+0530 I CONTROL [initandlisten] MongoDB starting : pid=4660 port=27017 dbpath=C:/data/db 64-bit host=GOK_RAM
2017-11-18T09:36:03.370+0530 I CONTROL [initandlisten] targetMinOS: Windows 7/Windows Server 2008 R2
2017-11-18T09:36:03.370+0530 I CONTROL [initandlisten] db version v3.4.10
2017-11-18T09:36:03.371+0530 I CONTROL [initandlisten] git version: 078f28920cb24de0dd479b5ea6c66c644f6326e9
2017-11-18T09:36:03.371+0530 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1u-fips 22 Sep 2016
2017-11-18T09:36:03.371+0530 I CONTROL [initandlisten] allocator: tcmalloc
2017-11-18T09:36:03.371+0530 I CONTROL [initandlisten] modules: none
2017-11-18T09:36:03.371+0530 I CONTROL [initandlisten] build environment:
2017-11-18T09:36:03.371+0530 I CONTROL [initandlisten] distmod: 2008plus-ssl
2017-11-18T09:36:03.371+0530 I CONTROL [initandlisten] distarch: x86_64
2017-11-18T09:36:03.372+0530 I CONTROL [initandlisten] target_arch: x86_64
2017-11-18T09:36:03.372+0530 I CONTROL [initandlisten] options: { storage: { dbPath: "C:/data/db" } }
2017-11-18T09:36:03.375+0530 I - [initandlisten] Detected data files in C:/data/db created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-11-18T09:36:03.376+0530 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1509M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-11-18T09:36:04.096+0530 I CONTROL [initandlisten]
2017-11-18T09:36:04.097+0530 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2017-11-18T09:36:04.097+0530 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2017-11-18T09:36:04.098+0530 I CONTROL [initandlisten]
2017-11-18T09:36:04.098+0530 I CONTROL [initandlisten] Hotfix KB2731284 or later update is not installed, will zero-out data files.
2017-11-18T09:36:04.098+0530 I CONTROL [initandlisten]
2017-11-18T09:36:05.880+0530 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory 'C:/data/db/diagnostic.data'
2017-11-18T09:36:05.882+0530 I NETWORK [thread1] waiting for connections on port 27017
Is that problem with the mongo db version or my configurations? Any faced the same issue please help me!! Thanks in advance

First: navigate to C:\Program Files\MongoDB\Server\3.4\bin\ and run mongod.exe this will start the server .
second : in a new cmd typein mongo
this might work

You first need to start the mongo server using 'mongod.exe' command and set 'data\db' as dbpath where the data will be stored. Make sure the folders are created before running the command.
adding C:\Program Files\MongoDB\Server\3.4\bin\ to your environment variable 'PATH' will be beneficial.
To run the server type the following command in cmd prompt:
mongod --dbpath = C:\data\db
The server should run with default settings at port 27017
To connect to the server, open another cmd prompt and execute the 'mongo.exe' command. This should work.
Else you can try specifying the port number "mongo --port 27017"

First
We Need to Start the mongo server with --dbpath command
Next open seperate command window,
Set path to mongo bin and use mongo.exe command
Then you can start accesing mongo server.

Unable to connect to mongo on remote server

I have installed mongo on machine1(Ubuntu 14.04.3 LTS server) in my local network. I have also opened the port 27017 as mentioned in this guide using following commands:
sudo iptables -A INPUT -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT
Current rules are (iptables -L):
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:27017 state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:27017 state ESTABLISHED
But I am not able to connect to this port from machine2 (in the same network):
$ mongo --host 192.168.0.108
MongoDB shell version: 3.0.4
connecting to: 192.168.0.108:27017/test
2016-01-23T18:02:14.848+0530 W NETWORK Failed to connect to 192.168.0.108:27017, reason: errno:61 Connection refused
2016-01-23T18:02:14.850+0530 E QUERY Error: couldn't connect to server 192.168.0.108:27017 (192.168.0.108), connection attempt failed
at connect (src/mongo/shell/mongo.js:181:14)
at (connect):1:6 at src/mongo/shell/mongo.js:181
exception: connect failed
I also tried checking if port is opened or not:
$ nc -v 192.168.0.108 27017
nc: connectx to 192.168.0.108 port 27017 (tcp) failed: Connection refused
I am not sure what I am missing. Must be some silly mistake as I am setting up mongo for the first time. Pls help.
Update (for the doubts raised in current answers)
Yeah its running. I am able to connect to mongo form the same machine but not from the other machine. The daemon is running: $ service mongod status mongod start/running, process 31205 and the port is 27017 $ sudo netstat -tulpn |grep 27017 tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 31205/mongod
I changed the bind_ip to 0.0.0.0 and restarted mongo. Still the same error is coming.
Mongo logs:
$ cat /var/log/mongodb/mongod.log
2016-01-23T16:28:13.155+0530 I CONTROL [initandlisten] MongoDB starting : pid=31205 port=27017 dbpath=/var/lib/mongodb 64-bit host=dexter
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] db version v3.2.1
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] git version: a14d55980c2cdc565d4704a7e3ad37e4e535c1b2
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1f 6 Jan 2014
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] allocator: tcmalloc
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] modules: none
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] build environment:
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] distmod: ubuntu1404
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] distarch: x86_64
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] target_arch: x86_64
2016-01-23T16:28:13.156+0530 I CONTROL [initandlisten] options: { config: "/etc/mongod.conf", net: { bindIp: "127.0.0.1", port: 27017 }, storage: { dbPath: "/var/lib/mongodb", journal: { enabled: true } }, systemLog: { destination: "file", logAppend: true, path: "/var/log/mongodb/mongod.log" } }
2016-01-23T16:28:13.173+0530 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=1G,session_max=20000,eviction=(threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2016-01-23T16:28:14.444+0530 I CONTROL [initandlisten]
2016-01-23T16:28:14.444+0530 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2016-01-23T16:28:14.444+0530 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2016-01-23T16:28:14.444+0530 I CONTROL [initandlisten]
2016-01-23T16:28:14.444+0530 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'.
2016-01-23T16:28:14.444+0530 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2016-01-23T16:28:14.444+0530 I CONTROL [initandlisten]
2016-01-23T16:28:14.444+0530 I FTDC [initandlisten] Initializing full-time diagnostic data capture with directory '/var/lib/mongodb/diagnostic.data'
2016-01-23T16:28:14.444+0530 I NETWORK [HostnameCanonicalizationWorker] Starting hostname canonicalization worker
2016-01-23T16:28:14.949+0530 I NETWORK [initandlisten] waiting for connections on port 27017
2016-01-23T16:38:37.046+0530 I NETWORK [initandlisten] connection accepted from 127.0.0.1:37032 #1 (1 connection now open)
2016-01-23T16:39:31.447+0530 I NETWORK [conn1] end connection 127.0.0.1:37032 (0 connections now open)
2016-01-23T16:49:24.240+0530 I NETWORK [initandlisten] connection accepted from 127.0.0.1:37033 #2 (1 connection now open)
2016-01-23T16:49:38.249+0530 I NETWORK [conn2] end connection 127.0.0.1:37033 (0 connections now open)
2016-01-23T16:51:51.707+0530 I NETWORK [initandlisten] connection accepted from 127.0.0.1:37034 #3 (1 connection now open)
2016-01-23T16:51:55.785+0530 I NETWORK [conn3] end connection 127.0.0.1:37034 (0 connections now open)
2016-01-23T17:32:15.546+0530 I NETWORK [initandlisten] connection accepted from 127.0.0.1:37036 #4 (1 connection now open)
2016-01-23T17:32:21.180+0530 I NETWORK [conn4] end connection 127.0.0.1:37036 (0 connections now open)
2016-01-23T18:11:57.885+0530 I NETWORK [initandlisten] connection accepted from 127.0.0.1:37037 #5 (1 connection now open)
2016-01-23T18:29:55.365+0530 I NETWORK [conn5] end connection 127.0.0.1:37037 (0 connections now open)

make sure that mongodb daemon is running, and listening on 0.0.0.0, but not 127.0.0.1 port
for example, for my local mongodb, it has this config:
[vodolaz095#steel ~]$ cat /etc/mongod.conf
##
### Basic Defaults
##
# Comma separated list of ip addresses to listen on (all local ips by default)
bind_ip = 127.0.0.1
# Specify port number (27017 by default)
#port = 27017
for mongodb server to listen for remote connections, you can change
# Comma separated list of ip addresses to listen on (all local ips by default)
bind_ip = 0.0.0.0

With mongoDB server version 3.6.4, Ubuntu 16.4.4 I solved this by setting the net section in /etc/mongod.conf like this:
net:
port: 27017
bindIpAll: true
# bindIp: 127.0.0.1

The issue was bindIp didn't change. There was some issue in restarting mongo from my side.
The habit should be to verify if the bindIp actually changed or not. (using sudo netstat -tulpn | grep 27017)

I have tried a different way to solve this issue. I have changed the config file from
bind_ip = 127.0.0.1
#port = 27017
to
bind_ip = 0.0.0.0
#port = 27017
Hope it helps. Happy coding ;)

Make sure you have a daemon running on your machine1 which listen to port 27017. We were getting the same error and found that daemon was not running.