JIRA Connection reset error when synchronising with Active Directory 2012r2

Still need help?

The Atlassian Community is here for you.

Ask the community

 

Problem

When trying to synchronise the Active Directory 2012r2 user directory, the sync fails with Connection Reset error.

The following appears in the atlassian-jira.log

2015-06-14 23:20:47,244 atlassian-scheduler-quartz1.clustered_Worker-3 ERROR ServiceRunner     [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory
org.springframework.ldap.CommunicationException: xxx.xxxx.xx.xx:636; nested exception is javax.naming.CommunicationException: xxx.xxxx.xx.xx:636 [Root exception is java.net.SocketException: Connection reset]
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
...
ansactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)
	at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
	at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:286)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87)
	at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:282)
	at com.atlassian.crowd.directory.RFC4519Directory.findDirectMembersOfGroup(RFC4519Directory.java:959)
	at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findDirectMembersOfGroup(MicrosoftActiveDirectory.java:516)
	at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:78)
	at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:70)
	at com.google.common.collect.Iterators$8.next(Iterators.java:812)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:196)
	at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:98)
	at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:168)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122)
	at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
	at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)
	at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)
	at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136)
	at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
	at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
	at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: javax.naming.CommunicationException: xxx.xxxx.xx.xx:636 [Root exception is java.net.SocketException: Connection reset]
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
	at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
	at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1613)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
	at javax.naming.InitialContext.init(InitialContext.java:244)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
	at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344)
	... 28 more
Caused by: java.net.SocketException: Connection reset
	at java.net.SocketInputStream.read(SocketInputStream.java:209)
	at java.net.SocketInputStream.read(SocketInputStream.java:141)
	at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
	at sun.security.ssl.InputRecord.read(InputRecord.java:503)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
	at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376)
	at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
	... 42 more

Diagnosis

Environment

Cause

There are known issues with Java 8 and TLSv1.2 causing connecting reset when attempting to connect. Please see:

Workaround

Add the following Java argument, to force using TLSv1.0, as following Setting Properties and Options on Startup

-Djdk.tls.client.protocols=TLSv1

Last modified on Aug 31, 2017

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.