JIRA Unable to Synchronize with Active Directory after upgrading to 6.4

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

After upgrading to 6.4, JIRA is unable to synchronize with Active Directory.

The following appears in the atlassian-jira.log

2015-03-30 15:49:49,635 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] FULL synchronisation for directory [ 10200 ] starting
2015-03-30 15:49:50,260 CrowdUsnChangedCacheRefresher:thread-1 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1412 ] remote users in [ 625ms ]
2015-03-30 15:49:50,307 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1412 ] users for delete in DB cache in [ 31ms ]
2015-03-30 15:49:50,307 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned for deleted users in [ 31ms ]
2015-03-30 15:49:50,323 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanning [ 1412 ] users to add or update
2015-03-30 15:49:50,323 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanned and compared [ 1412 ] users for update in DB cache in [ 16ms ]
2015-03-30 15:49:50,323 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronised [ 1412 ] users in [ 16ms ]
2015-03-30 15:49:50,651 CrowdUsnChangedCacheRefresher:thread-2 INFO ServiceRunner     [directory.ldap.cache.UsnChangedCacheRefresher] found [ 1133 ] remote groups in [ 1016ms ]
2015-03-30 15:49:50,667 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] scanning [ 1131 ] groups to add or update
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1131 ] groups for update in DB cache in [ 31ms ]
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: RDS Endpoint Servers
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: Exchange Trusted Subsystem
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: RDS Remote Access Servers
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: RDS Management Servers
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 WARN ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] Could not add the following entity to the directory [ Crowd Internal Directory ]: Help Desk
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] added [ 5 ] groups in [ 0ms ]
2015-03-30 15:49:50,698 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DirectoryCacheImplUsingChangeOperations] synchronized [ 1131 ] groups in [ 31ms ]
2015-03-30 15:49:50,729 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteChangeOperations] scanned and compared [ 1131 ] groups for delete in DB cache in [ 31ms ]
2015-03-30 15:49:50,745 atlassian-scheduler-quartz1.clustered_Worker-2 INFO ServiceRunner     [atlassian.crowd.directory.DbCachingRemoteDirectory] failed synchronisation complete for directory [ 10200 ] in [ 1110ms ]
2015-03-30 15:49:50,792 atlassian-scheduler-quartz1.clustered_Worker-2 ERROR ServiceRunner     [com.atlassian.scheduler.JobRunnerResponse] Unable to synchronise directory
com.atlassian.crowd.exception.OperationFailedException: Failed to synchronize directory group attributes for missing group: Exchange Trusted Subsystem
    at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAllGroupAttributes(AbstractCacheRefresher.java:129)
    at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:94)
    at com.atlassian.crowd.directory.ldap.cache.UsnChangedCacheRefresher.synchroniseAll(UsnChangedCacheRefresher.java:161)
    at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1122)
    at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:76)
    at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)
    at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)
    at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:136)
    at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
    at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
    at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)

Diagnosis

JIRA version 6.4 or later
Microsoft Active Directory 2012R2 (Currently only version of AD that this has been verified)

Cause

This is being investigated as part of JRASERVER-43495

Solution

Workaround

Use Group Filters to exclude the following 5 groups

RDS Endpoint Servers, Exchange Trusted Subsystem, RDS Remote Access Servers, RDS Management Servers, Help Desk

(&(objectClass=group)(!(cn=*RDS Endpoint Servers*))(!(cn=*Exchange Trusted Subsystem*))(!(cn=*RDS Remote Access Servers*))(!(cn=*RDS Management Servers*))(!(cn=*Help Desk*)))

Proceed to synchronize with Active Directory

ℹ️ For more details on this, take a look at How to write LDAP search filters

Updated on April 2, 2025

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Atlassian Support