Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

No LDAP connection (host unreachable) after DC was shutdown

Annette Ruster
Annette Ruster January 31, 2020

Hi all

We had a Domain Controller.

Jira LDAP connection worked just fine (no SSL).

Then we added a second Domain Controller (isGC=true) and turned off the first domain controller.

The users can still login with their computers in the domain, but not in Jira.

Does Jira somewhere store the URL to the LDAP server or does it build every time a user tries to login?

From the log:

http-nio-8080-exec-12 ERROR anonymous 825x3920x1 1cj5ees 192.168.0.xx /rest/gadget/1.0/login [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'Active Directory server' is not functional du ring authentication of 'user1'. Skipped.

Caused by: org.springframework.ldap.CommunicationException: DOMAIN.local:389; nested exception is javax.naming.CommunicationException: DOMAIN.local:389 [Root exception is java.net.NoRouteToHostException: No route to host

Caused by: java.net.NoRouteToHostException: No route to host (Host unreachable)

Answer
Watch
Like Adrian Stephen likes this
2068 views

4 answers

1 accepted

0 votes
Answer accepted
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 31, 2020

So what did/do you have in the "hostname" field of the user directory configuration? You had to have something there. Does whatever you have in there still respond to LDAP requests.

As Tony mentioned, you HAVE to have a local admin account that is not coming from the Directory. If for no other reason then the fact that you are not allowed you edit the directory settings for the directory you are logged in from. (which is a nice safety feature)

View More Comments
Annette Ruster
Annette Ruster February 3, 2020

hi @Andrew Laden 
We have just "domainname" in the hostname field

I use an LDAP browser on my computer and it can see both servers.

Yes, we do have a local Jira administrator account. How else could we create the User Directory? ;)

So I suppose, I was right: Jira builds internally an LDAP connection string and stores it somewhere permanent in the database. And the only way, in this case, is to remove the User Directory and create it again.

Please correct me, if I'm wrong.

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 3, 2020

Try putting in the hostname of Domain Controller instead of the Domainname. Just to see.

Also try an LDAP browser from the Jira Server, not just your desktop to see if there is something going on at the network level.

On the "User Directory" Admin page, there is a link (near the bottom) "Directory Configuration Summary" That shows you the full information kept in the database.

check what it says for "ldap.url" that what is in the database.

Like
Annette Ruster
Annette Ruster February 5, 2020

well, ldap.url has only the domain name with the port number.

I tried it with hostname, unsuccessful.

But the IP address of the Domain Controller works.

Whereby the ldapsearch on the Jira server behaves in the same way.

But that doesn't explain why it doesn't work with the Domain Name

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 5, 2020

Sounds like your host is having a name resolution problem, nothing to do with Jira.

Check your dns settings, etc. make sure that your old domain controller isn't listed in the /etc/hosts file for example.

Like Annette Ruster likes this
Annette Ruster
Annette Ruster February 5, 2020

Exactly!

/etc/hosts contains the old DC

Thank you.

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 6, 2020

Great. Now you should get your server pointing to your AD DNS infrastructure so you never have to worry about this again. ;)

Glad its back to working for you.

Like
Reply
0 votes
Adrian Stephen
Adrian Stephen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 31, 2020

Hi @Annette Ruster 

Have you imported the SSL certs into Jira's JAVA truststore? You may follow the steps here:

A Jira restart is required after importing the certs. 

Regards,
Adrian Stephen

View More Comments
Annette Ruster
Annette Ruster February 3, 2020

Hi  @Adrian Stephen

As I mentioned: we don't use SSL
Nevertheless, I tried to restart Jira. This didn't help

Like
Reply
0 votes
Tony Rossiter
Tony Rossiter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 31, 2020

If you can’t get back in at all, bring that first DC back up and then go fix the URL

Reply
0 votes
Tony Rossiter
Tony Rossiter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 31, 2020

Your LDAP connection was likely configured with the exact URL for the DC.  I would check the connection, fix the url and retest.  

We have multiple DCs replicated to each other and get around this problem by using an alias in the LDAP connection.  This way they can easily take down one and not lose access. 

I would also recommend setting up an account on the local directory with admin creds just in case something like this happens.   You don’t want to lose the ability to access the system as an admin.  

View More Comments
Annette Ruster
Annette Ruster January 31, 2020

That's the point: both servers have equal Naming Context and the hostname and base DN fields don't mention names of the servers.

Like
Tony Rossiter
Tony Rossiter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 31, 2020

Sorry, missed that detail on first read.  Here's a troubleshooting guide that might help: 

https://confluence.atlassian.com/jirakb/java-net-noroutetohostexception-in-ldap-connection-703398693.html

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security