Connection reset errors when using Java 8 and synchronising with Active Directory over port 636
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
When trying to synchronize to an Active Directory 2012r2 user directory, the sync fails with a 'Connection reset' error.
The following appears in the atlassian-confluence.log
2015-09-21 08:37:48,999 ERROR [http-nio-443-exec-18] [[Standalone].[localhost].[/].[action]] log Servlet.service() for servlet [action] in context with path [] threw exception
org.springframework.ldap.CommunicationException: <server>; nested exception is javax.naming.CommunicationException: <server> [Root exception is java.net.SocketException: Connection reset]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:935)
...
Caused by: javax.naming.CommunicationException: <server> [Root exception is java.net.SocketException: Connection reset]
診断
環境
- User directory is an Active Directory 2012r2 using LDAPS (port 636)
- Confluence is using Java 8
- The steps of User lookups fail with 'PartialResultExceptions' due to Active Directory 'Follow Referrals' configuration have been performed and the problem is still happening
- Active Directory is using TLSv1.2
原因
There are known issues with Java 8 and TLSv1.2 causing "Connection Reset" errors when attempting to connect.
回避策
Add the following Java argument to force connecting using TLSv1.0. For details on setting Java properties and options on startup for Confluence, see Configuring System Properties.
-Djdk.tls.client.protocols=TLSv1 |