User lookup fails with PartialResultException in Jira server

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


Accessing LDAP, such as searching for users in JIRA applications, Confluence or Crowd (with AD integrated) fails with the exception below:

Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: 
[Root exception is Connection refused: connect]]

Other root exceptions can be:

  • javax.naming.PartialResultException


Active Directory servers are integrated with DNS, and modify entries in the DNS server. They refer to themselves in the root of their LDAP tree. If the JIRA application (or Crowd, or Confluence) server is pointed to the root of the LDAP tree, and "follow referrals" is turned on (which is the default), then:

  1. The application will search for users.
  2. AD server will respond with users and the referral that's in the root of the LDAP tree, because there could be more users over there.
  3. The application  will follow the referral. This will result in:.
    1. A DNS lookup of the base DN ( dc=example,dc=com means a lookup for
    2. A connection to port 389 or 636 at, which is back to the same server.
  4. The JIRA application will continue and read the rest of the objects in the domain as normal.


To check if this is the case,

  1. Turn off 'Follow Referrals' in the 'Advanced Settings' section of your User Directory configuration.
  2. Connect to the root DN of your LDAP server.
  3. If no errors show in the logs, then it's a DNS error.


JIRA applications, Crowd or Confluence can't perform a DNS lookup on the referral in the AD server root. Problems like this are most commonly caused by the server that the JIRA application is running on not having the same DNS server as the Active Directory server.


Fixing a DNS Configuration Issue

  1. Configure the server that the JIRA application is running on to use the DNS server that the Active Directory server is integrated with.
  2. Double check if the DNS server address has been changed recently. Since DNS server record the JIRA applications information, please delete the JIRA application address information from the DNS server to resolve the issue.
  3. If this is not possible, disable 'Follow Referrals'.
tip/resting Created with Sketch.

What are the implications of disabling 'Follow Referrals'?

  • If you only have one domain, there should be no adverse effects.
  • If you have multiple domains joined in a Forest, then any cross-domain memberships will not be resolved.
  • If you must have cross-domain memberships and you can't fix the DNS issues, then you can point JIRA at your Global Catalog. This is read-only, but it does contain all users, groups, and memberships from across your Forest. Talk to your AD admin for Global Catalog connection details.
Last modified on Feb 21, 2023

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.