JIRA Unable to Synchronize with Active Directory after upgrading to 6.4

Still need help?

The Atlassian Community is here for you.

Ask the community

Problem

After upgrading to 6.4, JIRA is unable to synchronize with Active Directory.

The following appears in the atlassian-jira.log

2015-03-30 15:49:49,635 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] FULL synchronisation for directory [ 10200 ] starting
2015-03-30 15:49:50,260 CrowdUsnChangedCacheRefresher:thread-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1412 ] remote users in [ 625ms ]
2015-03-30 15:49:50,307 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1412 ] users for delete in DB cache in [ 31ms ]
2015-03-30 15:49:50,307 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned for deleted users in [ 31ms ]
2015-03-30 15:49:50,323 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 1412 ] users to add or update
2015-03-30 15:49:50,323 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 1412 ] users for update in DB cache in [ 16ms ]
2015-03-30 15:49:50,323 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 1412 ] users in [ 16ms ]
2015-03-30 15:49:50,651 CrowdUsnChangedCacheRefresher:thread-2 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1133 ] remote groups in [ 1016ms ]
2015-03-30 15:49:50,667 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 1131 ] groups to add or update
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1131 ] groups for update in DB cache in [ 31ms ]
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: RDS Endpoint Servers
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: Exchange Trusted Subsystem
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: RDS Remote Access Servers
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: RDS Management Servers
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: Help Desk
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] added [ 5 ] groups in [ 0ms ]
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 1131 ] groups in [ 31ms ]
2015-03-30 15:49:50,729 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1131 ] groups for delete in DB cache in [ 31ms ]
2015-03-30 15:49:50,745 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] failed synchronisation complete for directory [ 10200 ] in [ 1110ms ]
2015-03-30 15:49:50,792 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR ServiceRunner     [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory
com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: Exchange Trusted Subsystem
    at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAllGroupAttributes(AbstractCacheRefresher.java:129)
    at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:94)
    at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:161)
    at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122)
    at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
    at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)
    at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)
    at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136)
    at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
    at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
    at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)

Diagnosis

  • JIRA version 6.4 or later
  • Microsoft Active Directory 2012R2 (Currently only version of AD that this has been verified)

Cause

This is being investigated as part of  JRA-43495 - Getting issue details... STATUS

Workaround

Use Group Filters to exclude the following 5 groups

  • RDS Endpoint Servers, Exchange Trusted Subsystem, RDS Remote Access Servers, RDS Management Servers, Help Desk
(&(objectClass=group)(!(cn=*RDS Endpoint Servers*))(!(cn=*Exchange Trusted Subsystem*))(!(cn=*RDS Remote Access Servers*))(!(cn=*RDS Management Servers*))(!(cn=*Help Desk*)))

Proceed to synchronize with Active Directory

(info) For more details on this, take a look at how to write LDAP search filters

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.