Problem

When trying to re-write the keytab according to this article you are getting errors:

root@ucs:/etc/init.d# kinit --keytab=/var/lib/samba/private/dns.keytab "dns-$(hostname)" && klist; kdestroy
kinit: krb5_get_init_creds: Client (dns-ucs@MULTI.UCS) unknown
kdestroy: krb5_cc_destroy: Did not find a plugin for ccache_ops

Solution

The needed Kerberos account does not exists. Re-create it by re-running the join-script:
root@ucs:~ # univention-run-join-scripts --run-scripts --force 96univention-samba4 98univention-samba4-dns