Connection reset errors when using Java 8 and synchronising with Active Directory over port 636
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When trying to synchronize to an Active Directory 2012r2 user directory, the sync fails with a 'Connection reset' error.
The following appears in the atlassian-confluence.log
2015-09-21 08:37:48,999 ERROR [http-nio-443-exec-18] [[Standalone].[localhost].[/].[action]] log Servlet.service() for servlet [action] in context with path [] threw exception
org.springframework.ldap.CommunicationException: <server>; nested exception is javax.naming.CommunicationException: <server> [Root exception is java.net.SocketException: Connection reset]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)
...
Caused by: javax.naming.CommunicationException: <server> [Root exception is java.net.SocketException: Connection reset]
Diagnosis
Environment
- User directory is an Active Directory 2012r2 using LDAPS (port 636)
- Confluence is using Java 8
- The steps of User lookups fail with 'PartialResultExceptions' due to Active Directory 'Follow Referrals' configuration have been performed and the problem is still happening
- Active Directory is using TLSv1.2
Cause
There are known issues with Java 8 and TLSv1.2 causing "Connection Reset" errors when attempting to connect.
Workaround
Add the following Java argument to force connecting using TLSv1.0. For details on setting Java properties and options on startup for Confluence, see Configuring System Properties.
-Djdk.tls.client.protocols=TLSv1 |