"Failed to query the user source because of a failed referral"

  • 3186487
  • 20-Sep-2007
  • 27-Apr-2012


Novell ZENworks 10 Configuration Management


ERROR:"Failed to query the user source because of a failed referral"

When creating a user source against Active Directory, ZCM fails to display any user contexts


Examine ZCC.LOG in [ZENworks Home]\logs to see the failed referral, and correct DNS accordingly.

Using the ZCC log, determine which host LDAP cannot communicate by examining the JAVAX exception that is logged.

Search the log from the following exception.
Note the host name (in this case novell.com). This would be the host that LDAP is attempting to communicate with, but cannot. ALL primary ZCM servers must be able to resolve this host name. The host name must be added to the internal DNS zone so that all primary ZCM servers are able to resolve the name.

Additional Information

Failed referral errors happen when LDAP is scanning Active Directory and finds a record that references another host or a host whose hostname cannot be resolved. Sometimes this record can be the short name or long name of the host that LDAP is connecting to. This is a design limitation of Active Directory and not ZCM. This issue can happen with any LDAP browser.

Here is an example of the referral.

Caused by: javax.naming.CommunicationException: novell.com:389 [Root
exception is java.net.ConnectException: Connection refused]
at com.sun.jndi.ldap.LdapReferralContext.(LdapReferralContext.java:74)
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
The issue can occur when the LDAP server providing user source information for AD to ZCM passes a referral to another LDAP server and this server is not resolvable by DNS.