Happens on our own EC2 instance: [02/Dec/2015:09:52:43] Authentication on UMC at ucs-master.mydomain.intranet failed: 'The Univention Management Console service could not be reached.' [02/Dec/2015:09:52:52] Socket error while accessing UMC at ucs-master.mydomain.intranet: [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol There are a lot of search hits about projects having problems with Python requests, proxies and TLS. As a temporary workaround I changed HTTPSConnection to HTTPConnection in wsgi/lib.py in our VM. Not a problem, as it always connects to localhost anyway.
Happened again with the demo EC2 instance for the Univention Summit Demopoint.
A hackish (but not insecure) workaround for missing SSL options in Python < 2.7.9 is in r67025 (yaml 67026).
How can this be reproduced? The solution doesn't work if apache2/force_https is set.
The problem exists when our squid proxy is between the communication: root@ucs-master:~# ucr get proxy/http http://ucs-master.mydomain.intranet:3128
The problem is the wrong UCS configuration, the Images from presales are broken: root@ucs-master:~# ucr get squid/transparentproxy true This caused that all HTTPS traffic was send to the non-HTTPS-Squid-Proxy. REOPEN: Please revert all changes.
See also Bug #35131 - which causes univention-squid to be broken.
Changes reverted in commits 67204 and 67205.
OK: revert
That means the password reset can't be used if our squid package is installed and we should fix Bug #35131?
(In reply to Stefan Gohmann from comment #9) > That means the password reset can't be used if our squid package is > installed and we should fix Bug #35131? Plus one must manually set squid/transparentproxy=true to break it. This was the case in some images which were used by professional services. If the UCR variable is unset (which is the default) everything is fine.