The Crowd application crashes while updating the password for a configured AD directory
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
The Crowd application crashes and can't be started up again. This occurs while updating the password for the LDAP directories (Connector).
Environment
Tested with Crowd 5.1.3, but it this issue is not related to the Crowd version.
Diagnosis
The Crowd process crashed while updating the password for a configured LDAP directory.
The Application side logs (crowd.log, catalina.out) don't give any evidence/logging of the process getting abruptly terminated.
Only the Crowd startup logs are printed, but again, nothing at the time of termination.
1
2
3
4
5
6
7
8
2024-03-19 07:20:51,395 localhost-startStop-1 INFO [com.atlassian.crowd.startup] Starting Crowd Server, Version: 5.1.3 (Build:#1892 - 2023-05-22)
2024-03-19 07:21:04,029 http-nio-8095-exec-5 DEBUG [directory.ldap.monitoring.TimedSupplier] Execute operation search using searchexecutor baseDN: cn=AdministrativeLdap,cn=Windchill,o=ptc, filter: (&(objectclass=inetOrgPerson)(uid=bamboo_admin))
2024-03-19 07:21:04,031 http-nio-8095-exec-2 DEBUG [directory.ldap.monitoring.TimedSupplier] Execute operation search using searchexecutor baseDN: cn=AdministrativeLdap,cn=Windchill,o=ptc, filter: (&(objectclass=inetOrgPerson)(uid=bamboo_admin))
2024-03-19 07:21:04,070 http-nio-8095-exec-2 DEBUG [directory.ldap.monitoring.TimedSupplier] Timed call for search using searchexecutor baseDN: cn=AdministrativeLdap,cn=Windchill,o=ptc, filter: (&(objectclass=inetOrgPerson)(uid=bamboo_admin)) took 38ms
2024-03-19 07:21:04,070 http-nio-8095-exec-2 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'grutlink (983042)' is not functional during authentication of 'bamboo_admin'. Skipped.
2024-03-19 07:21:04,071 http-nio-8095-exec-5 DEBUG [directory.ldap.monitoring.TimedSupplier] Timed call for search using searchexecutor baseDN: cn=AdministrativeLdap,cn=Windchill,o=ptc, filter: (&(objectclass=inetOrgPerson)(uid=bamboo_admin)) took 42ms
2024-03-19 07:21:04,071 http-nio-8095-exec-5 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'grutlink (983042)' is not functional during authentication of 'bamboo_admin'. Skipped.Crowd Restart Event
1
2
3
4
Startup History (recent 7) : 2024-03-19 07:24 : 5.1.3 (1892) - atlassian-crowd.log
: 2024-03-19 07:20 : 5.1.3 (1892)
: 2024-03-18 17:35 : 5.1.3 (1892)
: 2024-03-18 17:33 : 5.1.3 (1892)When verifying /var/log/messages for any atypical server-level triggers, the following entry is observed. The Crowd process is killed by some other process using the "SIGKILL" signal.
1
2
3
4
Mar 19 07:22:36 sapp00522 systemd[1]: crowd.service: Main process exited, code=killed, status=9/KILL
Mar 19 07:22:36 sapp00522 systemd[1]: crowd.service: Failed with result 'signal'.
Signal 9 means: SIGKILL : Kill signalCause
There are a processes such as the Cortex XDR security tool running on the user's Server. In this case, Cortex interprets the password change as a security threat and immediately kills the process in execution.
Cortex XDR is the world's first detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioural analytics and reveals the root cause to speed up investigations.
Solution
Suggest the user to completely remove/disable the "Cortex" process for quicker resolution or work with the respective security team to add the exception into cortex level configuration.
Was this helpful?