1 files changed, 8 insertions, 8 deletions

diff --git a/jstests/sslSpecial/x509_cluster_auth_rollover.js b/jstests/sslSpecial/x509_cluster_auth_rollover.js
index 06ce3c1653b..3de26be9873 100644
--- a/jstests/sslSpecial/x509_cluster_auth_rollover.js
+++ b/jstests/sslSpecial/x509_cluster_auth_rollover.js
@@ -31,6 +31,14 @@ rst.nodes.forEach((node) => {
     assert(node.getDB("admin").auth("root", "root"));
 });
 
+// Future connections should authenticate immediately on connecting so that replSet actions succeed.
+const originalAwaitConnection = MongoRunner.awaitConnection;
+MongoRunner.awaitConnection = function(args) {
+    const conn = originalAwaitConnection(args);
+    assert(conn.getDB('admin').auth('root', 'root'));
+    return conn;
+};
+
 // All the certificates' DNs share this base
 const dnBase = "C=US, ST=New York, L=New York,";
 // This is the DN of the rollover certificate.
@@ -48,14 +56,6 @@ const rolloverConfig = function(newConfig) {
         rst.nodeOptions[configId] = Object.merge(rst.nodeOptions[configId], newConfig, true);
         const newNode = rst.start(nodeId, {}, true, true);
         rst.awaitSecondaryNodes();
-        // Even though we waited for this node to become SECONDARY, it may go into rollback
-        // thereafter, so this auth command must be tolerant of that disconnection.
-        let authResult;
-        assert.soonNoExcept(function() {
-            authResult = newNode.getDB("admin").auth("root", "root");
-            return true;
-        });
-        assert(authResult);
     };
 
     rst.nodes.forEach(function(node) {