Confluence stops authenticating Active Directory users with highestCommittedUSN error

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

    

Summary

Confluence integrated with Active Directory stops authenticating users after a few hours.

Similar to what is seen on Jira server stops authenticating Active Directory users with highestCommittedUSN error.

Environment

Server and Data Center.

Active Directory

Diagnosis

The following appears in the  atlassian-confluence.log :

2020-11-02 17:37:35,650 ERROR [Caesium-1-2] [atlassian.crowd.directory.DbCachingRemoteDirectory] synchroniseCache Incremental synchronisation for directory [ 455321 ] was unexpectedly interrupted, falling back to a full synchronisation
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:703)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(


Caused by: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: statcan.ca:389; nested exception is javax.naming.CommunicationException: ldap.example:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
    at org.springframework.transaction.compensating.support.AbstractCompensatingTransactionManagerDelegate.doBegin(AbstractCompensatingTransactionManagerDelegate.java:90)
    at org.springframework.ldap.transaction.compensating.manager.ContextSourceTransactionManager.doBegin(ContextSourceTransactionManager.java:123)


There no details on how the problem starts, Confluence seems to synchronise the users properly when it is started(full synchronisation) but the incremental synchronisation fails and the users are unable to login until the full synchronization is executed again.

Cause

Active Directory Clustering not is supported by Crowd or Embedded Crowd. See  CWD-2783 - Getting issue details... STATUS .

Solution

Change the LDAP server to point to one server. If there are multiple LDAP domains, point the connection to a single Domain Controller and not to the domain name.


Last modified on Nov 16, 2020

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.