JIRA Connection reset error when synchronising with Active Directory 2012r2
Problem
When trying to synchronise the Active Directory 2012r2 user directory, the sync fails with Connection Reset error.
The following appears in the atlassian-jira.log
2015-06-14 23:20:47,244 atlassian-scheduler-quartz1.clustered_Worker-3 ERROR ServiceRunner [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory
org.springframework.ldap.CommunicationException: xxx.xxxx.xx.xx:636; nested exception is javax.naming.CommunicationException: xxx.xxxx.xx.xx:636 [Root exception is java.net.SocketException: Connection reset]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
...
ansactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:286)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:282)
at com.atlassian.crowd.directory.RFC4519Directory.findDirectMembersOfGroup(RFC4519Directory.java:959)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findDirectMembersOfGroup(MicrosoftActiveDirectory.java:516)
at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:78)
at com.atlassian.crowd.directory.RFC4519DirectoryMembershipsIterable$2.apply(RFC4519DirectoryMembershipsIterable.java:70)
at com.google.common.collect.Iterators$8.next(Iterators.java:812)
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseMemberships(AbstractCacheRefresher.java:196)
at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:98)
at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:168)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)
at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)
at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136)
at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: javax.naming.CommunicationException: xxx.xxxx.xx.xx:636 [Root exception is java.net.SocketException: Connection reset]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1613)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344)
... 28 more
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203)
... 42 moreDiagnosis
Environment
- User directory is an Active Directory 2012r2 using LDAPS (port 636);
- JIRA is using Java 8
- The steps of User lookup fails with PartialResultException in Jira server has been taken and the problem is still happening;
- Active Directory is using TLSv1.2;
Cause
There are known issues with Java 8 and TLSv1.2 causing connecting reset when attempting to connect. Please see:
Workaround
Add the following Java argument, to force using TLSv1.0, as following Setting Properties and Options on Startup
-Djdk.tls.client.protocols=TLSv1
Alternative solution, see: Connecting JIRA to Active Directory over LDAPS fails with "Connection reset"
Last modified on Mar 10, 2022
Powered by Confluence and Scroll Viewport.