Error on K2 Sync Service: "A referral was returned from the server"

This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.

Issue

Using the new Identity SyncEngine, a domain is not syncing with K2.

361643466","2020-03-31 11:39:34","Error","General","0","ErrorMessage","SyncAsync","0 ADProvider Error message: System.DirectoryServices.DirectoryServicesCOMException (0x8007202B): A referral was returned from the server.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at SourceCode.Sync.Providers.AD.K2ActiveDirectorySearch.<FindAll>d__10.MoveNext()
at SourceCode.Sync.Providers.AD.Provider.<SyncAsync>d__22.MoveNext()

Symptoms

The run history for the scheduled workflow will have a Run Status: Failed. When checking the Host Server logs, you will see this error:

Error : A referral was returned from the server.

Troubleshooting Steps

1. Disable the domain using the Provider Instance SmartObject.

2. Check the LDAP path for the domain with the issue for trailing spaces. The LDAP path can be checked by going to K2 Management > Users > K2 > Domains. Remove the trailing space:

LDAP://DC=[YourDomain],DC=K2,DC=LOCAL "

vs

LDAP://DC=[YourDomain],DC=K2,DC=LOCAL"

3. After this change is saved, the provider instance can be enabled. If a Scheduled Sync is already setup, it should run automatically.