I repeat the procedure about 10 times and fail every time on the same mistake! For testing I need a new ucs network. I install a new router ( LAN: 192.168.100.254) and am new master in behind (192.168.100.11). The installation of the master works as usual. In the second I i install another one ucs system and select:
host: kvm02.peka,lan
-> Join an existing ucs-domain
-> member
In the input field with the relevant connection parameter always look good:
tux.peka.lan
Adminstrator
After this I get the error:
[ INFO]: **************************************************************************
[ INFO]: * Join failed! *
[ INFO]: * Contact your system administrator *
[ INFO]: **************************************************************************
[ INFO]: * Message: Establishing a TLS connection with ucs.domain.la failed. Maybe you didn't specify a FQDN.
The clocks of bothe hosts are sync. I remove the host (kvm02.peka.lan) after faild join from the ldap on the master.
I repeat the installation of both systems many times but evertime the same error
what DNS/ Nameservers do you give your second server? During join does it recon the master domaincontroller? Use as external DNS your master server, nothing else. (you should change it after successful join, though).
Second, I remember there might be a bug regarding join during installation. Go ahead, install your host, set the role and apply updates. Do NOT join the domain yet.
Reboot and then perform the join progress independent from installation.
Reason is the new server should only ask your master server for the needed information (like masterserver and so on). If you have configured an additional DNS it might happen it replies with a different (wrong) address and so does not properly recon your domain master.
But you should set it after join to an external nameserver in case your master goes offline then your clients still can resolve through your second server.
Most of the time it works flawlessly but for improved availability it is just “best practice”.
root@saturn:~# univention-join
univention-join: joins a computer to an ucs domain
copyright (c) 2001-2018 Univention GmbH, Germany
Enter DC Master Account : Administrator
Enter DC Master Password:
Search DC Master: done
Check DC Master: done
Search ldap/base done
Search LDAP binddn done
Sync time: done
Join Computer Account: done
Check TLS connection: ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
**************************************************************************
* Join failed! *
* Contact your system administrator *
**************************************************************************
* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- Establishing a TLS connection with tux.peka.lan failed. Maybe you didn't specify a FQDN.
**************************************************************************
or just “join failed”? Again, do not mix there are ways too many reason for a failed join. If your is different, please open a new thread!
@pixel:
Has this host already been registered at some stage in the LDAP? If so you might need to reset the computer account password for “saturn$”. See this article.
If this does not help, the TLS through LDAP appears to be failing. During join the new host copies the certificates from the master. Sounds like this did not succeed properly. Check this article.