com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN

Atlassian JIRA | Hossein Toussi [Atlassian] | 2 years ago
  1. 0

    h4. Steps to Reproduce # Upgrade a CROWD instance to 2.8 where it has an AD directory configured. # After the upgrade, try "Synchronise" CROWD with AD # Most of the times Sync times out and fail with the following error: {code} 2014-12-29 11:18:50,295 scheduler_Worker-4 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 32770 ]. com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:807) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:115) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1095) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ... Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:129000ms.; remaining name '/' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:820) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:803) at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:832) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:179) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:176) at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:783) ... 24 more Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:129000ms.; remaining name '/' at com.sun.jndi.ldap.Connection.readReply(Connection.java:483) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1934) at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1028) at com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.java:544) at com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompositeContext.java:177) at javax.naming.InitialContext.lookup(InitialContext.java:415) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:90) at com.sun.proxy.$Proxy383.lookup(Unknown Source) at org.springframework.ldap.core.LdapTemplate$9.executeWithContext(LdapTemplate.java:834) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:817) ... 31 more {code} (i) Sync works fine on older versions of CROWD. h4. Possible Workaround: Setting "Read timeout" in "Connector" tab to 0. This will disable the timeout, but it might result in Sync taking longer to finish.

    Atlassian JIRA | 2 years ago | Hossein Toussi [Atlassian]
    com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
  2. 0

    h4. Steps to Reproduce # Upgrade a CROWD instance to 2.8 where it has an AD directory configured. # After the upgrade, try "Synchronise" CROWD with AD # Most of the times Sync times out and fail with the following error: {code} 2014-12-29 11:18:50,295 scheduler_Worker-4 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 32770 ]. com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:807) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:115) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1095) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ... Caused by: org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:129000ms.; remaining name '/' at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:820) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:803) at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:832) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$3.timedCall(SpringLdapTemplateWrapper.java:179) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:124) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:87) at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.lookup(SpringLdapTemplateWrapper.java:176) at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:783) ... 24 more Caused by: javax.naming.NamingException: LDAP response read timed out, timeout used:129000ms.; remaining name '/' at com.sun.jndi.ldap.Connection.readReply(Connection.java:483) at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:639) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:562) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985) at com.sun.jndi.ldap.LdapCtx.doSearchOnce(LdapCtx.java:1934) at com.sun.jndi.ldap.LdapCtx.c_lookup(LdapCtx.java:1028) at com.sun.jndi.toolkit.ctx.ComponentContext.p_lookup(ComponentContext.java:544) at com.sun.jndi.toolkit.ctx.PartialCompositeContext.lookup(PartialCompositeContext.java:177) at javax.naming.InitialContext.lookup(InitialContext.java:415) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareDirContextInvocationHandler.invoke(TransactionAwareDirContextInvocationHandler.java:90) at com.sun.proxy.$Proxy383.lookup(Unknown Source) at org.springframework.ldap.core.LdapTemplate$9.executeWithContext(LdapTemplate.java:834) at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:817) ... 31 more {code} (i) Sync works fine on older versions of CROWD. h4. Possible Workaround: Setting "Read timeout" in "Connector" tab to 0. This will disable the timeout, but it might result in Sync taking longer to finish.

    Atlassian JIRA | 2 years ago | Hossein Toussi [Atlassian]
    com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
  3. 0

    *Expected Behavior* JIRA syncronization completes successfully. *Actual Behavior* JIRA fails to syncronize due to missing group attributes, and throws the following error: {noformat} 2015-05-21 10:57:04,939 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: RDS Remote Access Servers at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAllGroupAttributes(AbstractCacheRefresher.java:129) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:94) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:168) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96) at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) {noformat} *Steps to Reproduce* - Set up an Active Directory Server - Create an AD Group that has more than 255 characters in the description - Create a LDAP connector with minimal settings (no filters or anything like that) - Observe synchronization failure *Environment*: JIRA 6.4.3 Windows Server 2012 R2 with AD at 2012R2 Functional level Directory Configuration used: {noformat} Directory ID: 10000 Name: Active Directory server Active: true Type: CONNECTOR Created date: Thu May 21 09:39:13 CDT 2015 Updated date: Thu May 21 11:54:32 CDT 2015 Allowed operations: [UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes: "autoAddGroups": "" "com.atlassian.crowd.directory.sync.currentstartsynctime": "null" "com.atlassian.crowd.directory.sync.issynchronising": "false" "com.atlassian.crowd.directory.sync.lastdurationms": "2960905" "com.atlassian.crowd.directory.sync.laststartsynctime": "1432224311907" "crowd.sync.incremental.enabled": "true" "directory.cache.synchronise.interval": "3600" "ldap.basedn": "dc=lab,dc=local" "ldap.connection.timeout": "10000" "ldap.external.id": "objectGUID" "ldap.group.description": "description" "ldap.group.dn": "" "ldap.group.filter": "(objectCategory=Group)" "ldap.group.name": "cn" "ldap.group.objectclass": "group" "ldap.group.usernames": "member" "ldap.local.groups": "false" "ldap.nestedgroups.disabled": "true" "ldap.pagedresults": "true" "ldap.pagedresults.size": "1000" "ldap.password": ******** "ldap.pool.initsize": "null" "ldap.pool.maxsize": "null" "ldap.pool.prefsize": "null" "ldap.pool.timeout": "0" "ldap.propogate.changes": "false" "ldap.read.timeout": "120000" "ldap.referral": "true" "ldap.relaxed.dn.standardisation": "true" "ldap.roles.disabled": "true" "ldap.search.timelimit": "60000" "ldap.secure": "false" "ldap.url": "ldap://127.0.0.1:3268" "ldap.user.displayname": "displayName" "ldap.user.dn": "" "ldap.user.email": "mail" "ldap.user.encryption": "sha" "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))" "ldap.user.firstname": "givenName" "ldap.user.group": "memberOf" "ldap.user.lastname": "sn" "ldap.user.objectclass": "user" "ldap.user.password": "unicodePwd" "ldap.user.username": "sAMAccountName" "ldap.user.username.rdn": "cn" "ldap.userdn": "ldap" "ldap.usermembership.use": "false" "ldap.usermembership.use.for.groups": "false" "localUserStatusEnabled": "false" {noformat} *Workaround* * Exclude the following groups from directory synchronization through a [Group Object Filter|https://confluence.atlassian.com/display/DOC/Connecting+to+an+LDAP+Directory#ConnectingtoanLDAPDirectory-GroupSchemaSettings]. {quote}*RDS Endpoint Servers, Exchange Trusted Subsystem, RDS Remote Access Servers, RDS Management Servers, Help Desk*{quote} You can use the following filter for this. {noformat}(&(objectClass=group)(!(cn=*RDS Endpoint Servers*))(!(cn=*Exchange Trusted Subsystem*))(!(cn=*RDS Remote Access Servers*))(!(cn=*RDS Management Servers*))(!(cn=*Help Desk*))){noformat} * Also, it depends on which missing groups are showing in the logs. You can refer the steps below to check the missing groups: *# Search for this *"Failed to synchronize directory group attributes for missing group"* exception in the logs (atlassian-jira.log) *# You will see something like this:{code}Failed to synchronize directory group attributes for missing group: FC Financial Practitioners Observations{code} (i) *FC Financial Practitioners Observations* is the missing group. *# Re-amend the group object filter like: {code}(&(objectClass=group)(!(cn=*FC Financial Practitioners Observations*))){code} *Debugger Output* !2015-05-21_11-51-26.png|thumbnail!

    Atlassian JIRA | 2 years ago | David Blasio [Atlassian]
    com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: RDS Remote Access Servers
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    *Expected Behavior* JIRA syncronization completes successfully. *Actual Behavior* JIRA fails to syncronize due to missing group attributes, and throws the following error: {noformat} 2015-05-21 10:57:04,939 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: RDS Remote Access Servers at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAllGroupAttributes(AbstractCacheRefresher.java:129) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:94) at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:168) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76) at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96) at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60) at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136) at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101) at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80) at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32) at org.quartz.core.JobRunShell.run(JobRunShell.java:223) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) {noformat} *Steps to Reproduce* - Set up an Active Directory Server - Create an AD Group that has more than 255 characters in the description - Create a LDAP connector with minimal settings (no filters or anything like that) - Observe synchronization failure *Environment*: JIRA 6.4.3 Windows Server 2012 R2 with AD at 2012R2 Functional level Directory Configuration used: {noformat} Directory ID: 10000 Name: Active Directory server Active: true Type: CONNECTOR Created date: Thu May 21 09:39:13 CDT 2015 Updated date: Thu May 21 11:54:32 CDT 2015 Allowed operations: [UPDATE_GROUP_ATTRIBUTE, UPDATE_USER_ATTRIBUTE] Implementation class: com.atlassian.crowd.directory.MicrosoftActiveDirectory Encryption type: sha Attributes: "autoAddGroups": "" "com.atlassian.crowd.directory.sync.currentstartsynctime": "null" "com.atlassian.crowd.directory.sync.issynchronising": "false" "com.atlassian.crowd.directory.sync.lastdurationms": "2960905" "com.atlassian.crowd.directory.sync.laststartsynctime": "1432224311907" "crowd.sync.incremental.enabled": "true" "directory.cache.synchronise.interval": "3600" "ldap.basedn": "dc=lab,dc=local" "ldap.connection.timeout": "10000" "ldap.external.id": "objectGUID" "ldap.group.description": "description" "ldap.group.dn": "" "ldap.group.filter": "(objectCategory=Group)" "ldap.group.name": "cn" "ldap.group.objectclass": "group" "ldap.group.usernames": "member" "ldap.local.groups": "false" "ldap.nestedgroups.disabled": "true" "ldap.pagedresults": "true" "ldap.pagedresults.size": "1000" "ldap.password": ******** "ldap.pool.initsize": "null" "ldap.pool.maxsize": "null" "ldap.pool.prefsize": "null" "ldap.pool.timeout": "0" "ldap.propogate.changes": "false" "ldap.read.timeout": "120000" "ldap.referral": "true" "ldap.relaxed.dn.standardisation": "true" "ldap.roles.disabled": "true" "ldap.search.timelimit": "60000" "ldap.secure": "false" "ldap.url": "ldap://127.0.0.1:3268" "ldap.user.displayname": "displayName" "ldap.user.dn": "" "ldap.user.email": "mail" "ldap.user.encryption": "sha" "ldap.user.filter": "(&(objectCategory=Person)(sAMAccountName=*))" "ldap.user.firstname": "givenName" "ldap.user.group": "memberOf" "ldap.user.lastname": "sn" "ldap.user.objectclass": "user" "ldap.user.password": "unicodePwd" "ldap.user.username": "sAMAccountName" "ldap.user.username.rdn": "cn" "ldap.userdn": "ldap" "ldap.usermembership.use": "false" "ldap.usermembership.use.for.groups": "false" "localUserStatusEnabled": "false" {noformat} *Workaround* * Exclude the following groups from directory synchronization through a [Group Object Filter|https://confluence.atlassian.com/display/DOC/Connecting+to+an+LDAP+Directory#ConnectingtoanLDAPDirectory-GroupSchemaSettings]. {quote}*RDS Endpoint Servers, Exchange Trusted Subsystem, RDS Remote Access Servers, RDS Management Servers, Help Desk*{quote} You can use the following filter for this. {noformat}(&(objectClass=group)(!(cn=*RDS Endpoint Servers*))(!(cn=*Exchange Trusted Subsystem*))(!(cn=*RDS Remote Access Servers*))(!(cn=*RDS Management Servers*))(!(cn=*Help Desk*))){noformat} * Also, it depends on which missing groups are showing in the logs. You can refer the steps below to check the missing groups: *# Search for this *"Failed to synchronize directory group attributes for missing group"* exception in the logs (atlassian-jira.log) *# You will see something like this:{code}Failed to synchronize directory group attributes for missing group: FC Financial Practitioners Observations{code} (i) *FC Financial Practitioners Observations* is the missing group. *# Re-amend the group object filter like: {code}(&(objectClass=group)(!(cn=*FC Financial Practitioners Observations*))){code} *Debugger Output* !2015-05-21_11-51-26.png|thumbnail!

    Atlassian JIRA | 2 years ago | David Blasio [Atlassian]
    com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: RDS Remote Access Servers
  6. 0

    Users can't login to Stash - LDAP response read timed out - Atlassian Documentation

    atlassian.com | 7 months ago
    com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. com.atlassian.crowd.exception.OperationFailedException

      Error looking up attributes for highestCommittedUSN

      at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN()
    2. com.atlassian.crowd
      DirectorySynchroniserImpl.synchronise
      1. com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:807)
      2. com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:115)
      3. com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1095)
      4. com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
      4 frames
    3. Java RT
      DelegatingMethodAccessorImpl.invoke
      1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      2. sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      3. sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      3 frames