Bamboo stops authenticating Active Directory users with highestCommittedUSN error
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Bamboo integrated with Active Directory stops authenticating users and fails to run a full synchronization after a while. The following error can be seen in the logs:
<bamboo-home>/logs/atlassian-bamboo.log
1
2
3
4
5
6
7
8
ERROR [atlassian-scheduler-quartz2.local_Worker-2] [DbCachingRemoteDirectory] Incremental synchronisation for directory [ 42762241 ] was unexpectedly interrupted, falling back to a full synchronisation
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:733)
at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:111)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1023)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.lambda$synchronise$0(DirectorySynchroniserImpl.java:80)
at com.atlassian.crowd.audit.NoOpAuditLogContext.withAuditLogSource(NoOpAuditLogContext.java:17)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:78)Environment
Bamboo versions older than 7.0 connected to LDAP running on cluster mode.
Diagnosis
At times Bamboo stops authenticating with LDAP and is not able to perform a full sync throwing the "Error looking up attributes for highestCommittedUSN" message in the <bamboo-home>/logs/atlassian-bamboo.log.
atlassian-bamboo.log
1
2
3
4
5
6
7
8
ERROR [atlassian-scheduler-quartz2.local_Worker-2] [DbCachingRemoteDirectory] Incremental synchronisation for directory [ 42762241 ] was unexpectedly interrupted, falling back to a full synchronisation
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:733)
at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:111)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1023)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.lambda$synchronise$0(DirectorySynchroniserImpl.java:80)
at com.atlassian.crowd.audit.NoOpAuditLogContext.withAuditLogSource(NoOpAuditLogContext.java:17)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:78)Cause
Bamboo versions older than 7.0 bundle older versions of Embedded Crowd which don't support Active Directory Clustering. See CWD-2783 - Detect Active Directory server to handle usnChanged attribute correctly
Solution
Upgrade Bamboo to a supported version that's above 7.0, where the Embedded Crowd has also been upgraded and supports Active Directory Clustering.
Workaround 1
Edit the directory inside Cog > Overview > Security > User directory > Edit button, change the Active User directory to switch from "Microsoft Active Directory" to "Generic Directory Server" and click on synchronize.
Workaround 2
Disable and remove the existing LDAP directory after adding a new LDAP connection under the User Directories. Click on synchronize and make sure users can log in.
Was this helpful?