Critical: KDC service check

Good day!
I am running UCS 4.4-5 errata737 on ProxMox 6.2-11 using a raw img, 2 kvm cpu’s and 4g mem. I have 1 UCS master DNS server, 1 USC backup server, and one UCS slave running apps like owncloud, colabora, CRM… Everything was working fine then randomly things started to break when I ran the diagnostic tools. This is the error I am seeing:
Critical: KDC service check
ph
TEST AGAIN ADD LO TO SAMBA/INTERFACES RESET KERBEROS/KDC TO 127.0.0.1
Problem: SAML certificate verification failed!
Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/init.py”, line 280, in execute
result = execute(umc_module, **kwargs)
File “/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py”, line 77, in run
test_identity_provider_certificate()
File “/usr/lib/python2.7/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py”, line 90, in test_identity_provider_certificate
for host in socket.gethostbyname_ex(sso_fqdn)[2]:
gaierror: [Errno -2] Name or service not known

I have combed the Univention help forums to no avail. This is the second time a stable UCS setup has crashed on me in 7 months with out any direct intervention on my part, meaning tinkering with LDAP, Kerberos, Samba… Ect… I have installed apps such as owncloud, let’s encrypt, self service portal… But nothing was installed or removed directly before this issue started.

Updating to 4.4-6 does not fix the issue.

Thoughts?

Had this problem when i wasn’t paying attention and used external DNS 1.1.1.1

Ended up having to set the domain server back to the OC IP address and put the 1.1.1.1 to the external DNS. After that the SAML and KDC error went away.

Screen Shot 2020-11-22 at 4.14.54 PM

Mastodon