Learn why MongoDB Atlas throws SCRAM-SHA-256 authentication is disabled and how to handle it with real commands, configs, and zero guesswork. Our Live Support Team is always here to help you.
MongoDB Atlas SCRAM SHA 256 Error: What It Really Means and What To Do About It
You’ve set up your application, plugged in your MongoDB Atlas connection string, and everything looks good, until logs start showing errors like:
BadValue: SCRAM-SHA-256 authentication is disabled.
It shows up randomly, and it throws off your access logs. Here’s what’s really going on and what you can do about it, without missing a step. If you’re looking for straight answers, like how to count nested arrays in MongoDB aggregation, and complete commands, this is the post.
An Overview
- Why Does MongoDB Atlas Say SCRAM-SHA-256 Is Disabled?
- Here’s What You Need To Do
- Reminder: Atlas Only Supports SCRAM-SHA-1
- Enabling SCRAM-SHA-1 on Older MongoDB (2.x and Below)
- Using SCRAM-SHA-1 on MongoDB 3.x? Nothing to Enable
- Want to Revert to MongoDB-CR Instead of SCRAM?
- Still Using an Old MongoDB Version? Here’s How to Upgrade
Why Does MongoDB Atlas Say SCRAM-SHA-256 Is Disabled?
MongoDB Atlas supports only SCRAM-SHA-1, not SCRAM-SHA-256. That’s the reason you’re seeing this message.
Here’s the key detail:
The mms-automation user, used by Atlas internally for tasks like monitoring, tries SCRAM-SHA-256 first. Atlas rejects it with the error, but it immediately falls back to SCRAM-SHA-1. This fallback is automatic, safe, and does not break any actual functionality.
That said, the message stays in your logs. It’s informational, not critical.
But if you’re seeing this error from users other than mms-automation, then one of your applications is attempting SCRAM-SHA-256, and you need to fix that.
Here’s What You Need To Do
If another application is triggering this, collect this information to troubleshoot further:
- Which driver is connecting to Atlas?
- What version of the driver?
- What’s your Atlas cluster’s MongoDB version?
- Share your connection string (redact passwords, obviously).
Reminder: Atlas Only Supports SCRAM-SHA-1
Let’s clarify a few related things:
- MongoDB 3.0+ uses SCRAM-SHA-1 by default.
- Atlas doesn’t use SHA-1 as a raw hash function—it uses HMAC-SHA-1 inside SASL. That’s secure.
- SHA-1 deprecation warnings don’t apply to HMAC use like this.
So yes, SCRAM-SHA-1 is safe and supported for Atlas.
Enabling SCRAM-SHA-1 on Older MongoDB (2.x and Below)
You can’t. MongoDB 2.x doesn’t support it. Upgrade to 3.0+.
Using SCRAM-SHA-1 on MongoDB 3.x? Nothing to Enable
It’s already active by default. Just make sure authentication is turned on.
Want to Revert to MongoDB-CR Instead of SCRAM?
Maybe for legacy reasons, you want to switch MongoDB 3.0+ from SCRAM-SHA-1 to MONGODB-CR. Here’s how:
1. Start MongoDB without auth:
./mongod --dbpath $HOME/webapps/mongo/data --port 1400
2. Log in to the admin database:
./mongo localhost:1400/admin
3. Run this:
var schema = db.system.version.findOne({"_id" : "authSchema"})
schema.currentVersion = 3
db.system.version.save(schema)
exit
4. Now restart MongoDB with auth and preferred mechanism:
./mongod --dbpath $HOME/webapps/mongo/data --setParameter authenticationMechanisms=MONGODB-CR --auth --port 1400
Optional for startup:
@reboot nohub nice <FULL PATH>/mongod --dbpath $HOME/webapps/mongo/data --setParameter authenticationMechanisms=MONGODB-CR --auth --port 1400
Still Using an Old MongoDB Version? Here’s How to Upgrade
For Ubuntu and Debian:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list
sudo apt-get update
sudo apt-get install -y mongodb-org
For Amazon Linux, RHEL, CentOS, Fedora:
Create repo file /etc/yum.repos.d/mongodb-org-3.4.repo:
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
Then:
sudo yum install -y mongodb-org
# or for Fedora >22
sudo dnf install -y mongodb-org
Upgrading Manually?
curl -O https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.1.tgz
tar -zxvf mongodb-linux-x86_64-3.4.1.tgz
mkdir -p mongodb
cp -R -n mongodb-linux-x86_64-3.4.1/ mongodb
# Add MongoDB to PATH
echo 'export PATH=<mongodb-install-directory>/bin:$PATH' >> ~/.bashrc
# replace <mongodb-install-directory> accordingly
# Reload MongoDB
sudo service mongodb reload
[If needed, Our team is available 24/7 for additional assistance.]
Conclusion
The mongodb atlas scram sha 256 log message doesn’t break anything, but understanding why it happens, and how to clean up its causes, matters. Stick with SCRAM-SHA-1 when working with Atlas. If you’re seeing the message outside of the automation user, it’s time to inspect your app’s authentication method or driver version.
Don’t waste hours trying to “enable” SCRAM-SHA-256 on Atlas, it’s not supported. Instead, align your tools with what Atlas does support.
0 Comments