Failure to query the user source because of a failed referral.

ERROR: "Failure to query the user source because of a failed referral."




Error occurs after successfully authenticating to the Active Directory LDAP source, but before being able to browse containers in the Active Directory tree when attempting to add Active Directory containers as User Sources in the ZENworks Control Center.

At a command prompt on the ZENworks server(s) run nslookup for the AD domain name to make sure the IP addresses that are returned are accurate. Clean up the DNS configuration and flush DNS ( ipconfig /flushdns ) on the ZENworks 10 server. The Active Directory tree containers can now be browsed.

Even though other LDAP tools are able to browse the Active Directory tree properly, nslookup of the Active Directory Domain name from the ZENworks 10 servers returned additional servers that could not respond in behalf of the domain. In this instance, one of the servers responding to nslookup was the DNS server itself, but it is not a member of the AD domain. A packet trace of the LDAP traffic (non SSL) shows that the DNS server sends a reset to the device running the ZENworks Control Center, because it cannot respond in behalf of the domain.