KVM image UCS 4.4 no join to AD (Samba4)

Hi,
I am using the latest KVM image available. The process goes on, the AD controller is detected but afterwards the join fails with the following error. For my little knowledge, the only interpretation that I can do is that it should be related to TLS/SSL connection. But of course I might be completely wrong.

UCS Version: 4.4-3 errata385 (Blumenthal)

Internal server error during "setup/check/join_info (wizard)".
LOCAL_ERROR: {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Unknown error -1765328377)', 'desc': 'Local error'}
    result = func(*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 244, in sasl_interactive_bind_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 931, in _apply_method_s
    res = self._apply_method_s(SimpleLDAPObject.sasl_interactive_bind_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 962, in sasl_interactive_bind_s
    lo_ad.lo.sasl_interactive_bind_s("", auth)
  File "/usr/lib/python2.7/dist-packages/univention/lib/admember.py", line 293, in check_ad_account
    check_ad_account(ad_domain_info, username, password)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/setup/util.py", line 1142, in check_credentials_ad
    domain = util.check_credentials_ad(nameserver, address, username, password)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/setup/__init__.py", line 794, in check_domain_join_information
    yield function(self, *args)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 289, in _fake_func
    return list(function(self, iterator, *nones))
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 443, in _response
    return function(self, request)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 181, in _response
    result = _multi_response(self, request)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/modules/decorators.py", line 321, in _response
    function.__func__(self, request, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 261, in execute
    six.reraise(etype, exc, etraceback)
  File "/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line 358, in __error_handling
Traceback (most recent call last):

Request: setup/check/join_info (wizard)
Internal server error during "setup/check/join_info (wizard)".

ISO versions (also older ones) give authentication problems (while credentials are correct).
So I am unable to join the AD for the moment. Do you have any best practices for QEMU? I am struggling some time now to get it working, without success. Any help is very much appreciated.
Thanks.
Ilias