Bamboo fails to start after replacing the Crowd instance with a new one

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Bamboo fails to start after replacing the Atlassian Crowd instance being used for the external user directory with a new Crowd instance. This happens when a modification is made to a particular database table followed by a Bamboo startup or restart.

Environment

The solution has been tested on Bamboo 8 and 9 but should work on all supported versions of Bamboo.

Diagnosis

Bamboo is failing to start after changing the Crowd instance. The below error message is seen on the <bamboo-home>/logs/atlassian-bamboo.log file.

2023-11-17 13:26:58,433 INFO [main] [SecretEncryptionServiceImpl] Can't decrypt data. It's possible data was encrypted by different cipher. Run Bamboo with system property -Dbamboo.security.decryption.ignore.errors=true to ignore this error
2023-11-17 13:26:58,448 FATAL [main] [BambooContainer] Cannot start Bamboo
java.lang.IllegalStateException: Could not transition server from 'SETUP' to 'STARTING'
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalArgumentException: Unknown encrypted data format: [new_application_password]
        at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2055) ~[guava-31.0.1-jre.jar:?]
        at com.google.common.cache.LocalCache.get(LocalCache.java:3966) ~[guava-31.0.1-jre.jar:?]
        at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4863) ~[guava-31.0.1-jre.jar:?]
        at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.getValue(LazyAttributesEvaluationDirectory.java:53) ~[crowd-persistence-5.0.2.jar:?]
        at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.lambda$getAttributes$0(LazyAttributesEvaluationDirectory.java:66) ~[crowd-persistence-5.0.2.jar:?]

Cause

CWD_DIRECTORY_ATTRIBUTE table in Bamboo contains the required attributes required to connect with Crowd. Any incorrect property here will fail the connection between Bamboo and Crowd.

In this particular example application.password's value in the CWD_DIRECTORY_ATTRIBUTE table was modified with an unencrypted value.

Solution

The application.password's value should be encrypted before modifying the CWD_DIRECTORY_ATTRIBUTE's table.

This should be done using Bamboo Specs encryption. Steps are listed below

From the top navigation bar, select Specs > Sensitive data encryption.
Paste the content you want to encrypt in the text box.
Click Encrypt.

Note: Ensure that a backup of the database is taken before proceeding with the steps below:

Update the CWD_DIRECTORY_ATTRIBUTE table with the encrypted value as shown below;

# UPDATE CWD_DIRECTORY_ATTRIBUTE SET ATTRIBUTE_VALUE = 'new_application_password' WHERE ATTRIBUTE_VALUE = 'BAMSCRT@0@0@+5pSXYxi51kRcokvYa4+AWrA7OG7CxQdYeEJSloICWU=';

View the CWD_DIRECTORY_ATTRIBUTE to see the modification of the application.password's value.

#SELECT * from CWD_DIRECTORY_ATTRIBUTE;
 directory_id |                         attribute_name                         |              attribute_value
--------------+----------------------------------------------------------------+--------------------------------------------
        65537 | user_encryption_method                                         | atlassian-security
      1015809 | crowd.sync.incremental.enabled                                 | true
      1015809 | crowd.server.url                                               | <CROWD_URL>
      1015809 | crowd.server.http.timeout                                      | 5000
      1015809 | crowd.server.http.max.connections                              | 20
      1015809 | crowd.sync.group.membership.after.successful.user.auth.enabled | true
      1015809 | directory.cache.synchronise.interval                           | 3600
      1015809 | useNestedGroups                                                | false
      1015809 | application.name                                               | <crowd_application_name>
      1015809 | application.password                                           | BAMSCRT@0@0@+5pSXYxi51kRcokvYa4+AWrA7OG7CxQdYeEJSloICWU=
(10 rows)

Now the application starts successfully.

Updated on March 3, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support