JIRA Connection reset error when synchronising with Active Directory 2012r2
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When trying to synchronise the Active Directory 2012r2 user directory, the sync fails with Connection Reset error.
The following appears in the atlassian-jira.log
XXXX-XX-XX YY:YY:YY,YYY atlassian-scheduler-quartz1.clustered_Worker-3 ERROR ServiceRunner [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory
org.springframework.ldap.CommunicationException: xxx.xxxx.xx.xx:636; nested exception is javax.naming.CommunicationException: xxx.xxxx.xx.xx:636 [Root exception is java.net.SocketException: Connection reset]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
...
ansactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:286)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:282)
at com.atlassian.crowd.directory.RFC4519Directory.findDirectMembersOfGroup(RFC4519Directory.java:959)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findDirectMembersOfGroup(MicrosoftActiveDirectory.java:516)
at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:78)
at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:70)
at com.google.common.collect.Iterators$8.next(Iterators.java:812)
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:196)
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:98)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:168)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)
at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)
at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136)
at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: javax.naming.CommunicationException: xxx.xxxx.xx.xx:636 [Root exception is java.net.SocketException: Connection reset]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1613)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344)
... 28 more
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 42 moreDiagnosis
Environment
- User directory is an Active Directory 2012r2 using LDAPS (port 636);
- JIRA is using Java 8
- The steps of User lookup fails with PartialResultException in Jira server has been taken and the problem is still happening;
- Active Directory is using TLSv1.2;
Cause
There are known issues with Java 8 and TLSv1.2 causing connecting reset when attempting to connect. Please see:
Workaround
Add the following Java argument, to force using TLSv1.0, as following Setting Properties and Options on Startup
-Djdk.tls.client.protocols=TLSv1
Alternative solution, see: Connecting JIRA to Active Directory over LDAPS fails with "Connection reset"
Last modified on Nov 25, 2024
Powered by Confluence and Scroll Viewport.