How to:

If you need to create a new key file for the Veyon clients so that they can be configured and used for the computer room functions, you can do this by forcing the 37ucs-school-veyon-windows.inst join script.

Hint:
If the key.pem has been accidentally deleted, this article will help you to create a new one.
If ` a key.pem exists under /etc/ucsschool-veyon/, this article will not create a new one until the old one has been deleted or removed.
The key.pem can then be deleted as follows:
rm /etc/ucsschool-veyon/key.pem

Step 1: Create a new key.pem

To create a new key.pem file under /etc/ucsschool-veyon/ you have to force the script.

univention-run-join-scripts --run-scripts --force 37ucs-school-veyon-windows.inst

Step 2: Restart the service for Veyon Proxy.

To end all active connections with the older key file, restart the container.

univention-app restart ucsschool-veyon-proxy

Step 3: Restart the service for Samba

For an direct update to the sysvol and netlogon shares, you should restart the samba service.

service samba-ad-dc restart

Step 4: Configure the Veyon Client

In the Veyon Configurator only the public key must be visible, because this is the only one you need.
Link to our documentation:

Finally, the public key must be imported so that the school server can access the installed Veyon backend. The import can be carried out with Authentication key ‣ Import key. The Veyon key of the school server must be entered there.

Then for each of your Windows machines, you’ll need to copy the new cert over, possibly reconfigure veyon, and restart the computer. The samba cert you need is located at:

"/var/lib/samba/sysvol/$(ucr get domainname)/scripts/veyon-cert_$(hostname).pem"