Bamboo stops authenticating Active Directory users with highestCommittedUSN error
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Bamboo integrated with Active Directory stops authenticating users and fails to run a full synchronization after a while. The following error can be seen in the logs:
ERROR [atlassian-scheduler-quartz2.local_Worker-2] [DbCachingRemoteDirectory] Incremental synchronisation for directory [ 42762241 ] was unexpectedly interrupted, falling back to a full synchronisation
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:733)
at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:111)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1023)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.lambda$synchronise$0(DirectorySynchroniserImpl.java:80)
at com.atlassian.crowd.audit.NoOpAuditLogContext.withAuditLogSource(NoOpAuditLogContext.java:17)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:78)Environment
Bamboo versions older than 7.0 connected to LDAP running on cluster mode.
Diagnosis
At times Bamboo stops authenticating with LDAP and is not able to perform a full sync throwing the "Error looking up attributes for highestCommittedUSN" message in the <bamboo-home>/logs/atlassian-bamboo.log.
ERROR [atlassian-scheduler-quartz2.local_Worker-2] [DbCachingRemoteDirectory] Incremental synchronisation for directory [ 42762241 ] was unexpectedly interrupted, falling back to a full synchronisation
com.atlassian.crowd.exception.OperationFailedException: Error looking up attributes for highestCommittedUSN
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.fetchHighestCommittedUSN(MicrosoftActiveDirectory.java:733)
at com.atlassian.crowd.directory.synchronisation.cache.UsnChangedCacheRefresher.synchroniseChanges(UsnChangedCacheRefresher.java:111)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1023)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.lambda$synchronise$0(DirectorySynchroniserImpl.java:80)
at com.atlassian.crowd.audit.NoOpAuditLogContext.withAuditLogSource(NoOpAuditLogContext.java:17)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:78)Cause
Bamboo versions older than 7.0 bundle older versions of Embedded Crowd which don't support Active Directory Clustering. See CWD-2783 - Detect Active Directory server to handle usnChanged attribute correctly
Solution
Upgrade Bamboo to a supported version that's above 7.0, where the Embedded Crowd has also been upgraded and supports Active Directory Clustering.
Workaround 1
Edit the directory inside Cog > Overview > Security > User directory > Edit button, change the Active User directory to switch from "Microsoft Active Directory" to "Generic Directory Server" and click on synchronize.
Workaround 2
Disable and remove the existing LDAP directory after adding a new LDAP connection under the User Directories. Click on synchronize and make sure users can log in.