Crowd authentication error:Connection to authentication server failed.

Kiodex September 14, 2018

Hi Team,

 

I migrated crowd from one server to another server but, now while login to Crowd console, I am getting below error:

 

Connection to authentication server failed. Please review the logs for more information. 

 

Find below logs for your information:

 2018-09-14 09:16:21,062 localhost-startStop-1 INFO [plugin.osgi.factory.ModuleDescriptorServiceTrackerCustomizer] Dynamically registered new module descriptor: com.atlassian.applinks.applinks-plugin:applinksRest-filter
2018-09-14 09:16:21,066 localhost-startStop-1 INFO [plugin.osgi.factory.ModuleDescriptorServiceTrackerCustomizer] Dynamically registered new module descriptor: com.atlassian.applinks.applinks-plugin:applinksRestV2-filter
2018-09-14 09:16:21,298 localhost-startStop-1 INFO [plugin.osgi.factory.ModuleDescriptorServiceTrackerCustomizer] Dynamically registered new module descriptor: com.atlassian.crowd.crowd-sync-feedback:crowd-sync-feedback-filter
2018-09-14 09:16:21,395 localhost-startStop-1 INFO [plugin.osgi.factory.ModuleDescriptorServiceTrackerCustomizer] Dynamically registered new module descriptor: crowd-rest-application-management:crowd-rest-application-management-filter
2018-09-14 09:16:21,404 localhost-startStop-1 INFO [plugin.osgi.factory.ModuleDescriptorServiceTrackerCustomizer] Dynamically registered new module descriptor: crowd-rest-plugin:crowd-rest-application-service-filter
2018-09-14 09:16:21,599 localhost-startStop-1 INFO [atlassian.plugin.manager.DefaultPluginManager] Plugin system started in 0:00:02.653
2018-09-14 09:16:21,601 localhost-startStop-1 INFO [sal.core.upgrade.DefaultPluginUpgradeManager] Running plugin upgrade tasks...
2018-09-14 09:16:21,606 localhost-startStop-1 INFO [crowd.manager.backup.QuartzBackupScheduler] Registering automated backup Quartz job with trigger schedule 0 0 2 * * ?
2018-09-14 09:16:21,613 localhost-startStop-1 INFO [com.atlassian.crowd.startup] Starting Crowd Server, Version: 2.7.0 (Build:#624 - 2013-09-23)
2018-09-14 09:16:21,635 localhost-startStop-1 INFO [ContainerBase.[Catalina].[localhost].[/crowd]] org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)
2018-09-14 09:18:13,447 http-bio-8095-exec-7 INFO [service.soap.client.SecurityServerClientImpl] Existing application token is null, authenticating ...
2018-09-14 09:18:13,656 http-bio-8095-exec-9 INFO [ContainerBase.[Catalina].[localhost].[/crowd]] Initializing Spring FrameworkServlet 'xfire'
2018-09-14 09:18:13,687 http-bio-8095-exec-9 WARN [beans.factory.config.CustomEditorConfigurer] Passing PropertyEditor instances into CustomEditorConfigurer is deprecated: use PropertyEditorRegistrars or PropertyEditor class names instead. Offending key [org.codehaus.xfire.service.ServiceFactory; offending editor instance: org.codehaus.xfire.spring.editors.ServiceFactoryEditor@2a1e433
2018-09-14 09:18:14,257 http-bio-8095-exec-7 INFO [service.soap.client.SecurityServerClientImpl] Created new application token: pUI1NpDQ06Caep40pfYwQw00
2018-09-14 09:18:14,340 http-bio-8095-exec-11 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'SunGard Internal' is not functional during authentication of 'ankushborse'. Skipped.
2018-09-14 09:18:14,403 http-bio-8095-exec-11 ERROR [crowd.manager.application.ApplicationServiceGeneric] org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: 168.162.128.165:3268; nested exception is javax.naming.CommunicationException: 168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: 168.162.128.165:3268; nested exception is javax.naming.CommunicationException: 168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:396)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:435)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:418)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:641)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserWithAttributesByName(SpringLDAPConnector.java:590)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:577)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:105)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.findUserByName(DirectoryManagerGeneric.java:298)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy36.findUserByName(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at com.sun.proxy.$Proxy37.findUserByName(Unknown Source)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.fastFailingFindUser(ApplicationServiceGeneric.java:329)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.isUserAuthorised(ApplicationServiceGeneric.java:194)

 

Regards,

Ankush

1 answer

0 votes
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 15, 2018

Hi @Kiodex

168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

This is a network issue. Your new Crowd server cannot reach the global catalog port (3268) port of your AD domain controller whose IP address is 168.162.128.165. Maybe that IP address is wrong or there is a firewall in between which prevents your Crowd server to connect.

Kiodex September 17, 2018

Hi Vincent,

 

Is the global catalog port (3268) port of our AD domain controller whose IP address is 168.162.128.165 need to be open for local admin user also??

As I am trying to login via local admin user "ankushborse"  So, do you mean I need to open above mention port for AD domain controller IP, then and then my local admin login will work??

My understanding is I can login via local admin users into crowd console.

local Admin user account names: Admin or ankushborse

 

Regards,

Ankush

Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 17, 2018

If those accounts are actually Crowd internal directory users, yes you should be able to login. The stacktrace you attached indicates a network issue when trying to connect to AD though. There must be some other error in your logs that refers to users authentication on Crowd internal directory.

Kiodex September 17, 2018

Hi Vincent,

 

Below are the logs when I am trying to login via local admin user "Admin":

 

2018-09-17 06:16:02,394 http-bio-8095-exec-25 ERROR [crowd.manager.application.ApplicationServiceGeneric] Directory 'SunGard Internal' is not functional during authentication of 'Admin'. Skipped.
2018-09-17 06:16:02,432 http-bio-8095-exec-25 ERROR [crowd.manager.application.ApplicationServiceGeneric] org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: 168.162.128.165:3268; nested exception is javax.naming.CommunicationException: 168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: 168.162.128.165:3268; nested exception is javax.naming.CommunicationException: 168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:396)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:435)

 

Caused by: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: 168.162.128.165:3268; nested exception is javax.naming.CommunicationException: 168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

 

Caused by: org.springframework.ldap.CommunicationException: 168.162.128.165:3268; nested exception is javax.naming.CommunicationException: 168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

 

Regards,

Ankush 

Kiodex September 17, 2018

More logs:


Caused by: javax.naming.CommunicationException: 168.162.128.165:3268 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:238)

Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)

 

Regards,

Ankush

Kiodex September 17, 2018

Hi Team,

 

Can someone please provide solution on above issue.

 

Regards,

Ankush

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events