When creating a user source against Active Directory, ZCM fails to display any user contexts
Using the ZCC log, determine which host LDAP cannot communicate by examining the JAVAX exception that is logged.
Search the log from the following exception.
Note the host name (in this case novell.com). This would be the host that LDAP is attempting to communicate with, but cannot. ALL primary ZCM servers must be able to resolve this host name. The host name must be added to the internal DNS zone so that all primary ZCM servers are able to resolve the name.
Failed referral errors happen when LDAP is scanning Active Directory and finds a record that references another host or a host whose hostname cannot be resolved. Sometimes this record can be the short name or long name of the host that LDAP is connecting to. This is a design limitation of Active Directory and not ZCM. This issue can happen with any LDAP browser.
Here is an example of the referral.
exception is java.net.ConnectException: Connection refused]