Jenkins upgrade to 2.289.3 failed & can't login with LDAP

I upgraded our jenkins from 2.222.1 to 2.289.3. Used openjdk 1.8. didn’t change java version. after deploying war file to tomcat, jenkins started. But cannot log into jenkins with AD credentials.

Oct 14, 2021 2:00:22 AM jenkins.InitReactorRunner$1 onAttained
INFO: Started initialization
Oct 14, 2021 2:00:22 AM hudson.PluginManager loadDetachedPlugins
INFO: Upgrading Jenkins. The last running version was 2.222.1. This Jenkins is version 2.289.3.
Oct 14, 2021 2:00:22 AM hudson.PluginManager loadDetachedPlugins
INFO: Upgraded Jenkins from version 2.222.1 to version 2.289.3. Loaded detached plugins (and dependencies): [sshd.hpi]
Oct 14, 2021 2:00:22 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin greenballs.jpi is disabled
Oct 14, 2021 2:00:22 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin blueocean-executor-info.jpi is disabled
Oct 14, 2021 2:00:22 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin blueocean-i18n.jpi is disabled
Oct 14, 2021 2:00:23 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin blueocean-bitbucket-pipeline.jpi is disabled
Oct 14, 2021 2:00:23 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin blueocean-jira.jpi is disabled
Oct 14, 2021 2:00:23 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin blueocean-github-pipeline.jpi is disabled
Oct 14, 2021 2:00:23 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin blueocean-display-url.jpi is disabled
Oct 14, 2021 2:00:23 AM hudson.ClassicPluginStrategy createPluginWrapper
INFO: Plugin blueocean-config.jpi is disabled
Oct 14, 2021 2:00:24 AM jenkins.InitReactorRunner$1 onTaskFailed
SEVERE: Failed Inspecting plugin /mnt/jenkins/home/plugins/uploaded1376109032086017854.jpi
java.io.IOException: Failed to expand /mnt/jenkins/home/plugins/uploaded1376109032086017854.jpi
	at hudson.ClassicPluginStrategy.explode(ClassicPluginStrategy.java:488)
	at hudson.ClassicPluginStrategy.createPluginWrapper(ClassicPluginStrategy.java:174)
	at hudson.PluginManager$1$3$1.run(PluginManager.java:437)
	at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:169)
	at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:296)
	at jenkins.model.Jenkins$5.runTask(Jenkins.java:1129)
	at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:214)
	at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: Error while expanding /mnt/jenkins/home/plugins/uploaded1376109032086017854.jpi
java.util.zip.ZipException: archive is not a ZIP archive
	at org.apache.tools.ant.taskdefs.Expand.expandFile(Expand.java:214)
	at org.apache.tools.ant.taskdefs.Expand.execute(Expand.java:157)
	at hudson.ClassicPluginStrategy.unzipExceptClasses(ClassicPluginStrategy.java:561)
	at hudson.ClassicPluginStrategy.explode(ClassicPluginStrategy.java:485)
	... 11 more
Caused by: java.util.zip.ZipException: archive is not a ZIP archive
	at org.apache.tools.zip.ZipFile.positionAtEndOfCentralDirectoryRecord(ZipFile.java:780)
	at org.apache.tools.zip.ZipFile.positionAtCentralDirectory(ZipFile.java:716)
	at org.apache.tools.zip.ZipFile.populateFromCentralDirectory(ZipFile.java:461)
	at org.apache.tools.zip.ZipFile.<init>(ZipFile.java:217)
	at org.apache.tools.ant.taskdefs.Expand.expandFile(Expand.java:190)
	... 14 more

Oct 14, 2021 2:00:33 AM hudson.ExtensionFinder$GuiceFinder$SezpozModule configure
WARNING: Failed to load hudson.security.LDAPSecurityRealm$DescriptorImpl
java.lang.NoClassDefFoundError: org/acegisecurity/ldap/LdapDataAccessException
	at java.lang.Class.getDeclaredConstructors0(Native Method)
	at java.lang.Class.privateGetDeclaredConstructors(Class.java:2671)
	at java.lang.Class.getDeclaredConstructors(Class.java:2020)
	at hudson.ExtensionFinder$GuiceFinder$SezpozModule.resolve(ExtensionFinder.java:493)
	at hudson.ExtensionFinder$GuiceFinder$SezpozModule.resolve(ExtensionFinder.java:480)
	at hudson.ExtensionFinder$GuiceFinder$SezpozModule.configure(ExtensionFinder.java:523)
	at com.google.inject.AbstractModule.configure(AbstractModule.java:62)
	at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340)
	at com.google.inject.spi.Elements.getElements(Elements.java:110)
	at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138)
	at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104)
	at com.google.inject.Guice.createInjector(Guice.java:96)
	at com.google.inject.Guice.createInjector(Guice.java:73)
	at hudson.ExtensionFinder$GuiceFinder.<init>(ExtensionFinder.java:283)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at java.lang.Class.newInstance(Class.java:442)
	at net.java.sezpoz.IndexItem.instance(IndexItem.java:181)
	at hudson.ExtensionFinder$Sezpoz._find(ExtensionFinder.java:701)
	at hudson.ExtensionFinder$Sezpoz.find(ExtensionFinder.java:687)
	at hudson.ClassicPluginStrategy.findComponents(ClassicPluginStrategy.java:348)
	at hudson.ExtensionList.load(ExtensionList.java:380)
	at hudson.ExtensionList.ensureLoaded(ExtensionList.java:316)
	at hudson.ExtensionList.getComponents(ExtensionList.java:182)
	at jenkins.model.Jenkins$6.onInitMilestoneAttained(Jenkins.java:1159)
	at jenkins.InitReactorRunner$1.onAttained(InitReactorRunner.java:88)
	at org.jvnet.hudson.reactor.ReactorListener$Aggregator.lambda$onAttained$3(ReactorListener.java:102)
	at org.jvnet.hudson.reactor.ReactorListener$Aggregator.run(ReactorListener.java:109)
	at org.jvnet.hudson.reactor.ReactorListener$Aggregator.onAttained(ReactorListener.java:102)
	at org.jvnet.hudson.reactor.Reactor$1.run(Reactor.java:177)
	at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:117)
	at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.ClassNotFoundException: org.acegisecurity.ldap.LdapDataAccessException
	at jenkins.util.AntClassLoader.findClassInComponents(AntClassLoader.java:1392)
	at jenkins.util.AntClassLoader.findClass(AntClassLoader.java:1347)
	at jenkins.util.AntClassLoader.loadClass(AntClassLoader.java:1093)
	at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
	... 37 more

Oct 14, 2021 2:00:37 AM jenkins.InitReactorRunner$1 onAttained
INFO: Prepared all plugins
Oct 14, 2021 2:00:38 AM hudson.ExtensionFinder$GuiceFinder$FaultTolerantScope$1 error
WARNING: Failed to instantiate Key[type=jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy$DescriptorImpl, annotation=[none]]; skipping this component
com.google.inject.ProvisionException: Unable to provision, see the following errors:

1) Error injecting constructor, java.lang.NoClassDefFoundError: org/acegisecurity/ldap/LdapEntryMapper
  at jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy$DescriptorImpl.<init>(FromGroupSearchLDAPGroupMembershipStrategy.java:92)

1 error
	at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:52)
	at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:145)

I think you had to upgrade your plugins to latest before going past 2.265 or so.

You can either downgrade and do that or start by manually updating the ldap plugin by dropping the latest version in the plugins directory

Once the upgrade is completed, I cannot log into Jenkins (we use our AD credentials) to upgrade addons. you mean upgrade the addon prior to the jenkins upgrade?

That class was removed from Jenkins core.
If you can upgrade plugins before updating core you should be fine.
Failing that as timja said, download the new LDAP plugin manually and deploy it by hand (copy to dir).
Or upgrade core. Disable security. Upgrade LDAP plugin. Tenable security