Problem: Domain Join Fails with "E: Daemon died."

Knowledge Base Community
, , , ,
1

Problem: Domain Join Fails with “E: Daemon died.” Due to Excessive AAAA Records in DNS Zone

Problem:

  • Windows logon is successful, but network drives cannot be mounted due to failed authentication on the file server.
  • Repeated domain join attempts fail with the following error message:
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2022 Univention GmbH, Germany

E: Daemon died.
ldap_dn="cn=memberserver1,cn=memberserver,cn=computers,dc=customer,dc=net" 

**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- Daemon died.

Root Cause

This issue occurs due to an excessive number of IPv6 AAAA records being added to the DNS forward zone.
It has been identified as a known bug in UCS:
Bug 55531 – Excessive AAAA records can break member server join process

The root cause in this case was automatic IPv6 configuration from a Fritz!Box router, which created redundant AAAA records in UCS.

Investigation

An unusually high number of IPv6 AAAA records were present in the affected DNS forward zone:

udm dns/forward_zone list | grep a: |wc -l

dn: zoneName=univention.net,cn=dns,dc=univention,dc=net
...
aAAARecord: 2003:00d4:dbcc:0000:5054:00ff:fee1:6032
aAAARecord: 2003:00d4:dbcc:4200:5054:00ff:fe2b:9483
aAAARecord: 2003:00d4:dbc6:4e00:5054:00ff:fe2b:9483
...

Solution

Disabling IPv6 assignment on the Fritz!Box prevented further accumulation of AAAA records. The next step was to remove the redundant IPv6 records from the UCS DNS zone.

Manual Removal via UDM

List all DNS forward zones:

udm dns/forward_zone list

Edit the affected zone (replace <zonename> accordingly):

udm dns/forward_zone modify \
  --dn "zoneName=univention.net,cn=dns,dc=univention,dc=net" \
  --remove aAAARecord="2003:00d4:dbcc:0000:5054:00ff:fee1:6032" \
  --remove aAAARecord="2003:00d4:dbcc:4200:5054:00ff:fe2b:9483"

Repeat the --remove option for each unwanted AAAA record.

Automated Cleanup Script

If you need to remove all AAAA records from a specific zone, the following script can be used. Replace ZONE_DN with the distinguished name of your zone:

#!/bin/bash

ZONE_DN="zoneName=univention.net,cn=dns,dc=univention,dc=net"

for record in $(udm dns/forward_zone list --dn "$ZONE_DN" | grep aAAARecord | awk '{print $2}'); do
    echo "Removing $record from $ZONE_DN"
    udm dns/forward_zone modify --dn "$ZONE_DN" --remove aAAARecord="$record"
done

Make the script executable and run it as root:

chmod +x remove_aaaa.sh
./remove_aaaa.sh

Verification

After the cleanup, verify that the AAAA records are removed:

udm dns/forward_zone list --dn "zoneName=univention.net,cn=dns,dc=univention,dc=net"

Re-run the domain join procedure for the member server. It should now succeed.

Additional Notes

  • Disabling or correctly configuring IPv6 in your network environment (e.g., Fritz!Box) can prevent this issue from reoccurring.
  • This issue primarily affects UCS 5.x environments with improperly managed IPv6 assignments.