Univention Bugzilla – Bug 45699
Join as AD member not possible during system setup
Last modified: 2020-07-03 20:54:03 CEST
I have received several user feedbacks that complain about not working AD joins during first UCS system during the system setup. See the following Ticket#2017101921000607.
NEEDMOREINFO: why did the join fail /var/log/univention/setup.log would be helpful
(In reply to Nico Gulden from comment #0) > I have received several user feedbacks that complain about not working AD Where are the others? > joins during first UCS system during the system setup. Where did you get the information that it was the first UCS system? The ticket contains "AD join war im initialen Setup nicht möglich.". This is not necessarily the first UCS system. > > See the following Ticket#2017101921000607.
Unfortunately, the tickets don't have more information and details. * Ticket#2017102421000348 * Ticket#2017102621000282
Hi there, I have given the origin feedback at the installation process of UCS. As I am running a VSphere server I have downloaded the VM image. Two things I have tried: 1) AD join direct at the setup process 2) Created a separate "UCS domain" (sorry - can't remember the correct name of it) and tried to join AD afterwards. Both things were not successful. To be honest: I have deleted the VM from my host so I am no longer able to provide any log files. I usually have Linux -> Windows Server 2012R2 problems with Samba as I have disabled SMB2 on my Windows Server. Therefore I need to enable SMB2 on my Linux VMs. If needed I can download the UCS VM image again and try to do the join again and provide all requested *.log files. Kind regards, Mathias Mühlbacher
(In reply to mathias.muehlbacher from comment #4) Hi Matthias Mühlbacher, thank you for reporting back here. We are currently facing two different problems: 1. The univention-ad-connector debian packages cannot be installed during the setup. This would be Bug #42020 with the error message "univention-ad-connector: Failed to install". 2. After joining a UCS (DC Master) into an Active Directory on the Active Directory side a DNS service (SRV) record _domaincontroller_master._tcp.$domainname which points to the UCS System is created. If this entry exists but that UCS System is not online anymore joining a seconds UCS system will fail. This is Bug #43745 and a fix will be released soon. The error message would contain something like "The connection to the server could not be done" / "ping to ... failed". Can you remember if it were one of these two errors?
Hello Florian Best, I have downloaded UCS core from your website: UCS-VMware-ESX-Demo-Image.ova I left the settings untouched and put the UCS virtual machine in the same VLAN as my Active Directory server. As this is also my main DNS server + DHCP I do not need to specify anything special and can click on next (eq. Weiter as I us the German language version) until Domain settings (Domäneneinstellungen). I have selected joing existing MS AD domain. Entered my credentials + password (cross checked if the keyboard layout is okay for characters to suite the German keyboard layout). Error message: "Verbindungsaufbau abgelehnt. Bitte überprüfen Sie das Passwort". So it was none of the mentioned bugs/errors. Kind regards, Mathias
Remark from Ticket#2017102621000282: "Ich hatte vor, den UCS Server während der Installation bereits in die Active Directory Domain zu integrieren, das funktionierte allerdings nicht, da der Installer versuchte, per ssh auf den Windows Domain Controller zuzugreifen, was natürlich nicht funktionieren konnte. Das könnte besser dokumentiert sein."
Okay if the join uses SSH then it won't work. But how about the join after you have created a separate UCS within the setup process? The error message was also "Verbindungsaufbau abgelehnt. Bitte überprüfen Sie das Passwort." when I have created a separate UCS domain and wanted to join my AD domain.
(In reply to Nico Gulden from comment #7) > Remark from Ticket#2017102621000282: > > "Ich hatte vor, den UCS Server während der Installation bereits in die > Active Directory Domain zu integrieren, das funktionierte allerdings nicht, > da der Installer > versuchte, per ssh auf den Windows Domain Controller zuzugreifen, was > natürlich nicht funktionieren konnte. Das könnte besser dokumentiert sein." (In reply to mathias.muehlbacher from comment #8) > Okay if the join uses SSH then it won't work. > But how about the join after you have created a separate UCS within the > setup process? > > The error message was also "Verbindungsaufbau abgelehnt. Bitte überprüfen > Sie das Passwort." when I have created a separate UCS domain and wanted to > join my AD domain. During Bug #42910 I fixed an error that the wrong IP address was used for an SSH connection. I think these problems are caused by this. We should wait for the new UCS 4.2-3 Images which contain these fixes. They will be released this week.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.