Upgrade Problem 5.10.7->6.13

Good morning everyone

We ran in to following tricky problem.

Our Confluence version is 5.10.7 and running on the old opensource JTDS Java SQL Driver on Ubuntu TLS 18.04. The DB lays on a shared productive MSSQL Instance which is set to Active Directory authentication only and confluence authenticates over NTLMv2.

As I checked first, the update matrix says we can Update straight to 6.13 with auto installer. When you do this, the installer brakes at some point because we think that the new MSSQL Driver which Confluence now uses doesn't support NTLM.

Cause of this we tryed different methods on a local lab to test the upgrade from 5.10.7 to 6.13.

Following scenario should be the best one we thought after a already failed production upgrade try aswell as a couple tries to implement the newer driver before the upgrade per e.g.

We configured Kerberos on the Linux Machine, aswell the needed SPNs in the AD that the connection can correctly be routed and established to the MSSQL Instance and changed the connection string from the old driver to kerberos mode and this worked. Confluence started and made the DB connection with an AD Account over kerberos authentication. So now that Kerberos is already the authentication method on this 5.10.7 version the auto installer from 6.13 would place the new driver and also eventually changes the connection string in best case. This didn't happen and the log told that the new driver couldn't be implemented.

The most strange thing about all this was, I did exact the same before this try I just described (with kerberos) with an SQL authentication user and over this authentication method. The local MSSQL Server I sat up is in mixed mode, the production is in AD Authentication Mode only.

Has anyone experienced the same problem or could give a hint what we eventually oversee?

Thanks in advance and best regards

Pascal Wunderli

Catalina.out

2019-01-29 16:10:53,076 WARN [localhost-startStop-1] [atlassian.confluence.setup.DefaultBootstrapManager] computeMssqlUrl Ignoring extra parameters found in jTDS url: {domain=WUNDERLI.LOCAL, useKerberos=true}

2019-01-29 16:11:07,737 ERROR [localhost-startStop-1] [atlassian.config.bootstrap.DefaultAtlassianBootstrapManager] getTestDatabaseConnection Could not successfully test your database:

com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host lucs2.wunderli.local, port 1433 has failed. Error: "Connection refused. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall.".

Atlassian-confluence.log

2019-01-29 16:58:48,563 WARN [C3P0PooledConnectionPoolManager[identityToken->1hgf63ia016u1ydh1o03ntu|2b0aa96]-HelperThread-#1] [mchange.v2.resourcepTask@2fb48bd -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more thption:

java.sql.SQLException: I/O Error: GSS Failed: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

        at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:654)

        at net.sourceforge.jtds.jdbc.JtdsConnection.<init>(JtdsConnection.java:371)

        at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:184)

        at com.mchange.v2.c3p0.DriverManagerDataSource.getConnection(DriverManagerDataSource.java:175)

        at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:220)

        at com.mchange.v2.c3p0.WrapperConnectionPoolDataSource.getPooledConnection(WrapperConnectionPoolDataSource.java:206)

        at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool$1PooledConnectionResourcePoolManager.acquireResource(C3P0PooledConnectionPool.java:203)

        at com.mchange.v2.resourcepool.BasicResourcePool.doAcquire(BasicResourcePool.java:1138)

        at com.mchange.v2.resourcepool.BasicResourcePool.doAcquireAndDecrementPendingAcquiresWithinLockOnSuccess(BasicResourcePool.java:1125)

        at com.mchange.v2.resourcepool.BasicResourcePool.access$700(BasicResourcePool.java:44)

        at com.mchange.v2.resourcepool.BasicResourcePool$ScatteredAcquireTask.run(BasicResourcePool.java:1870)

        at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:696)

Caused by: java.io.IOException: GSS Failed: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

        at net.sourceforge.jtds.jdbc.TdsCore.sendMSLoginPkt(TdsCore.java:1976)

        at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:617)

        ... 11 more

2019-01-29 16:58:48,563 WARN [C3P0PooledConnectionPoolManager[identityToken->1hgf63ia016u1ydh1o03ntu|2b0aa96]-HelperThread-#1] [mchange.v2.resourcepol.BasicResourcePool@6ee03860 is interrupting all Threads waiting on a resource to check out. Will try again in response to new client requests.