Connection reset errors when using Java 8 and synchronising with Active Directory over port 636

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

When trying to synchronize to an Active Directory 2012r2 user directory, the sync fails with a 'Connection reset' error.

The following appears in the atlassian-confluence.log

2015-09-21 08:37:48,999 ERROR [http-nio-443-exec-18] [[Standalone].[localhost].[/].[action]] log Servlet.service() for servlet [action] in context with path [] threw exception
org.springframework.ldap.CommunicationException: <server>; nested exception is javax.naming.CommunicationException: <server> [Root exception is java.net.SocketException: Connection reset]
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
	at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)
	at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175)
	at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88)
	at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
	at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)

...
Caused by: javax.naming.CommunicationException: <server> [Root exception is java.net.SocketException: Connection reset]

Diagnosis

Environment

- User directory is an Active Directory 2012r2 using LDAPS (port 636)
- Confluence is using Java 8
- The steps of User lookups fail with 'PartialResultExceptions' due to Active Directory 'Follow Referrals' configuration have been performed and the problem is still happening
- Active Directory is using TLSv1.2

Cause

There are known issues with Java 8 and TLSv1.2 causing "Connection Reset" errors when attempting to connect.

Solution

Workaround

Add the following Java argument to force connecting using TLSv1.0. For details on setting Java properties and options on startup for Confluence, seeConfiguring System Properties.

-Djdk.tls.client.protocols=TLSv1

Updated on April 2, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support