/
Understanding "Client ID: UNKNOWN, IP disconnected ungracefully" in HiveMQ

Understanding "Client ID: UNKNOWN, IP disconnected ungracefully" in HiveMQ

Owned by Daria Samkova, created
May 05, 2025

🔍 What Does This Log Mean?

You might see logs like:

Client ID: UNKNOWN, IP: x.x.x.x disconnected ungracefully from TCP Listener with TLS on port: 8883

This means:

  • A TCP connection was accepted by HiveMQ.

  • No MQTT CONNECT packet was ever received.

  • The connection was closed—likely by the client or intermediary.

  • Therefore, HiveMQ doesn't know the client ID (UNKNOWN) and flags it as ungraceful disconnect.

💡 Common Causes

1. TCP Load Balancer Health Checks

In AKS or other cloud setups, these logs are often caused by:

  • Load balancers performing TCP-level health checks that open and immediately close connections.

  • These do not complete an MQTT handshake.

2. Network Interruptions or Timeouts

Especially relevant in Kubernetes clusters:

  • Pods restarting.

  • Network plugin issues.

  • Intermittent node-to-node communication dropouts.

3. TLS Termination or Misconfiguration

  • If TLS is terminated at a proxy/load balancer and not forwarded correctly, HiveMQ may see incomplete handshakes.

🔧 How to Diagnose

  • Check your load balancer settings. For Azure:

    • Use HTTP(S) probes instead of TCP, if possible.

    • Exclude MQTT listener ports from health checks.

  • Verify no security groups/firewalls are dropping packets.

  • Enable DEBUG logs temporarily for the event_log or network layers to confirm patterns.

🧼 Should You Worry?

No—these logs are informational and can be safely ignored if caused by expected probes.

 Related articles