# org.apache.kafka.common.errors.NetworkException: The server disconnected before a response was received. Reauthentication required - **ID:** `kafka/network-exception-reauthentication` - **Domain:** kafka - **Category:** network_error - **Verification:** ai_generated - **Fix Rate:** 82% ## Root Cause SASL/SSL session expired or broker forced reauthentication due to configured reauthentication interval, but client failed to reauthenticate in time. ## Workarounds 1. **Enable automatic reauthentication in client by setting 'sasl.client.callback.handler.class' to a handler that refreshes credentials. For Java clients, implement 'org.apache.kafka.common.security.auth.AuthenticationContext' or use 'org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginCallbackHandler'.** (85% success) ``` Enable automatic reauthentication in client by setting 'sasl.client.callback.handler.class' to a handler that refreshes credentials. For Java clients, implement 'org.apache.kafka.common.security.auth.AuthenticationContext' or use 'org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginCallbackHandler'. ``` 2. **Increase 'sasl.login.refresh.window.factor' and 'sasl.login.refresh.window.jitter' in client config to allow more time for credential refresh before expiry.** (75% success) ``` Increase 'sasl.login.refresh.window.factor' and 'sasl.login.refresh.window.jitter' in client config to allow more time for credential refresh before expiry. ``` 3. **Set 'connections.max.reauth.ms' on the broker to a larger value (e.g., 3600000 for 1 hour) if reauthentication is too frequent, while still maintaining security.** (80% success) ``` Set 'connections.max.reauth.ms' on the broker to a larger value (e.g., 3600000 for 1 hour) if reauthentication is too frequent, while still maintaining security. ``` ## Dead Ends - **** — This weakens security posture and may violate compliance; also, the broker may still force reauth if session tokens expire. (30% fail) - **** — Reauthentication is per-connection; restarting brokers does not prevent future reauth events and causes downtime. (80% fail) - **** — This removes authentication, creating a severe security vulnerability and is not acceptable in production. (90% fail)