Environment
Novell
ZENworks 10 Configuration Management
Situation
ERROR:"Failed to query the user source
because of a failed referral"
When creating a user source against Active Directory, ZCM fails to display any user contexts
Resolution
Examine ZCC.LOG in [ZENworks
Home]\logs to see the failed referral, and correct DNS
accordingly.
Using the ZCC log, determine which host LDAP cannot communicate by examining the JAVAX exception that is logged.
Search the log from the following exception.
javax.naming.CommunicationException: novell.com:389
Note the host name (in this case novell.com). This would be the host that LDAP is attempting to communicate with, but cannot. ALL primary ZCM servers must be able to resolve this host name. The host name must be added to the internal DNS zone so that all primary ZCM servers are able to resolve the name.
Using the ZCC log, determine which host LDAP cannot communicate by examining the JAVAX exception that is logged.
Search the log from the following exception.
javax.naming.CommunicationException: novell.com:389
Note the host name (in this case novell.com). This would be the host that LDAP is attempting to communicate with, but cannot. ALL primary ZCM servers must be able to resolve this host name. The host name must be added to the internal DNS zone so that all primary ZCM servers are able to resolve the name.
Additional Information
Failed referral errors happen when LDAP is scanning Active Directory and finds a record that references another host or a host whose hostname cannot be resolved. Sometimes this record can be the short name or long name of the host that LDAP is connecting to. This is a design limitation of Active Directory and not ZCM. This issue can happen with any LDAP browser.
Here is an example of the referral.
Caused
by: javax.naming.CommunicationException: novell.com:389 [Root
exception is java.net.ConnectException: Connection refused]
at com.sun.jndi.ldap.LdapReferralContext.(LdapReferralContext.java:74)
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
exception is java.net.ConnectException: Connection refused]
at com.sun.jndi.ldap.LdapReferralContext.
at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:339)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:208)
The issue
can occur when the LDAP server providing user source information
for AD to ZCM passes a referral to another LDAP server and
this server is not resolvable by DNS.