Problem
During the attempt to join a node to the domain using univention-join, the join script
92univention-management-console-web-server.inst fails.
The error message can be found in /var/log/univention/join.log:
Configure 92univention-management-console-web-server.inst Tue Apr 14 17:08:08 CEST 2026
2026-04-14 17:08:08.359357642+02:00 (in joinscript_init)
W: The config registry variable 'ucs/web/overview/entries/admin/umc/icon' does not exist
W: The config registry variable 'ucs/web/overview/entries/admin/umc/link' does not exist
W: The config registry variable 'ucs/web/overview/entries/admin/umc/link/de' does not exist
W: The config registry variable 'ucs/web/overview/entries/admin/umc/priority' does not exist
W: The config registry variable 'ucs/web/overview/entries/admin/umc/label' does not exist
W: The config registry variable 'ucs/web/overview/entries/admin/umc/label/de' does not exist
W: The config registry variable 'ucs/web/overview/entries/admin/umc/description' does not exist
W: The config registry variable 'ucs/web/overview/entries/admin/umc/description/de' does not exist
https://ucs-sso-ng.intern.univention.de
CREATING KEYCLOAK SAML CLIENT.....
Traceback (most recent call last):
File "/usr/sbin/univention-keycloak", line 3522, in <module>
sys.exit(main())
^^^^^^
File "/usr/sbin/univention-keycloak", line 3518, in main
return opt.func(opt) or 0
^^^^^^^^^^^^^
File "/usr/sbin/univention-keycloak", line 1143, in create_SAML_client
kc_admin = KeycloakAdmin(server_url=opt.keycloak_url, username=opt.binduser, password=opt.bindpwd, realm_name=opt.realm, user_realm_name=DEFAULT_REALM, verify=opt.no_ssl_verify)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/keycloak/keycloak_admin.py", line 139, in __init__
self.connection = connection or KeycloakOpenIDConnection(
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/keycloak/openid_connection.py", line 117, in __init__
self.get_token()
File "/usr/lib/python3/dist-packages/keycloak/openid_connection.py", line 306, in get_token
self.token = self.keycloak_openid.token(
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/keycloak/keycloak_openid.py", line 314, in token
return raise_error_from_response(data_raw, KeycloakPostError)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/keycloak/exceptions.py", line 192, in raise_error_from_response
raise error(
keycloak.exceptions.KeycloakPostError: 500: b'{"error":"unknown_error","error_description":"For more on this error consult the server log."}'
92univention-management-console-web-server.inst: Could not create SAML service provider
**************************************************************************
* Join failed! *
* Contact your system administrator *
**************************************************************************
Root Cause
The decisive part in the output from the join.log is:
keycloak.exceptions.KeycloakPostError: 500
A 500 Server internal error occurs, which can be traced back to the Keycloak container being unable to establish a connection to the database.
From univention-app logs keycloak:
2026-04-16 11:08:02,230 ERROR [org.jgroups.protocols.JDBC_PING] (jgroups-11707,696a363471e6-31341) JGRP000115: Could not open connection to database: org.postgresql.util.PSQLException: The connection attempt failed.
Caused by: java.net.UnknownHostException: ucs-primary.intern.univention.de
Investigation
Keycloak Saml Clients
At this point, it may be confusing that the join script attempts to create the Keycloak SAML client, although these are already present on the Primary Node:
root@ucs-primary:~# univention-keycloak saml/sp get --json
[
"https://ucs-replica.intern.univention.de/univention/saml/metadata",
"https://ucs-primary.intern.univention.de/univention/saml/metadata",
"https://ucs-backup.intern.univention.de/univention/saml/metadata"
]
IDP-Server Settings
It is important at this point to check how the respective UCR variables are set on the Primary Node and the other nodes (Backup, Replica, and Managed).
The configuration for the IdP server is not correct and still points to the old SimpleSAMLphp configuration. This must be properly migrated and adjusted as described in the following article:
root@ucs-primary:/usr/share/ucs-school-import/scripts# ucr get umc/saml/idp-server
umc/saml/idp-server: https://ucs-sso.intern.univention.de/simplesamlphp/saml2/idp/metadata.php
Keycloak settings
The configuration for Keycloak on the Primary Node (or the node where Keycloak is installed) is correct:
root@ucs-primary:/usr/share/ucs-school-import/scripts# ucr get keycloak/server/sso/fqdn
ucs-sso-ng.intern.univention.de
If necessary, the following variables may need to be set on the node where Keycloak is installed:
ucr set keycloak/server/sso/fqdn="ucs-sso-ng.$(hostname -d)" keycloak/server/sso/path="/"
Curl
This ensures that name resolution works correctly and that the Keycloak host can be reached properly. Apache returns the following response:
root@ucs5primary:~# curl -v https://ucs-sso-ng.$(hostname -d)
* Trying 10.200.30.10...
* TCP_NODELAY set
* Connected to ucs-sso-ng.merde.intranet (10.200.30.10) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=US; L=US; O=merde; OU=Univention Corporate Server; CN=ucs-sso-ng.merde.intranet; emailAddress=ssl@merde.intranet
* start date: Mar 13 15:24:41 2024 GMT
* expire date: Mar 12 15:24:41 2029 GMT
* subjectAltName: host "ucs-sso-ng.merde.intranet" matched cert's "ucs-sso-ng.merde.intranet"
* issuer: C=US; ST=US; L=US; O=merde; OU=Univention Corporate Server; CN=Univention Corporate Server Root CA (ID=nMTEhS7c); emailAddress=ssl@merde.intranet
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: ucs-sso-ng.merde.intranet
> User-Agent: curl/7.64.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 302 Found
< Date: Thu, 16 Apr 2026 13:15:29 GMT
< Server: Apache/2.4.59 (Univention)
< Location: https://ucs-sso-ng.merde.intranet/admin/
< Referrer-Policy: no-referrer
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< content-length: 0
< Via: 1.1 ucs-sso-ng.merde.intranet
<
* Connection #0 to host ucs-sso-ng.merde.intranet left intact
Check Container
Since this is a 500 Server internal error, the status of the Keycloak container should be checked:
root@ucs5primary:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4255915aae60 docker.software-univention.de/keycloak-keycloak:26.2.5-ucs1 "/opt/keycloak/bin/k…" 9 months ago Up 3 months (healthy) 0.0.0.0:7600->7600/tcp, :::7600->7600/tcp, 8080/tcp, 0.0.0.0:8180->8180/tcp, :::8180->8180/tcp, 8443/tcp keycloak
Additionally, it is recommended to check the logs inside the container:
univention-app logs keycloak (equivalent to docker logs keycloak)
Here, the root cause becomes visible:
2026-04-16 11:08:02,230 ERROR [org.jgroups.protocols.JDBC_PING] (jgroups-11707,696a363471e6-31341) JGRP000115: Could not open connection to database: org.postgresql.util.PSQLException: The connection attempt failed.
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:385)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:57)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:277)
at org.postgresql.Driver.makeConnection(Driver.java:448)
at org.postgresql.Driver.connect(Driver.java:298)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:681)
at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:229)
at org.jgroups.protocols.JDBC_PING.getConnection(JDBC_PING.java:334)
at org.jgroups.protocols.JDBC_PING.writeToDB(JDBC_PING.java:168)
at org.jgroups.protocols.JDBC_PING.write(JDBC_PING.java:155)
at org.jgroups.protocols.FILE_PING.findMembers(FILE_PING.java:150)
at org.jgroups.protocols.Discovery.callFindMembersInAllDiscoveryProtocols(Discovery.java:400)
at org.jgroups.protocols.Discovery.findMembers(Discovery.java:240)
at org.jgroups.protocols.Discovery.down(Discovery.java:441)
at org.jgroups.protocols.FILE_PING.down(FILE_PING.java:141)
at org.jgroups.protocols.MERGE3$InfoSender.run(MERGE3.java:424)
at org.jgroups.util.TimeScheduler3$Task.run(TimeScheduler3.java:332)
at org.jgroups.util.TimeScheduler3$RecurringTask.run(TimeScheduler3.java:366)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.net.UnknownHostException: ucs-primary.intern.univention.de
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:572)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
at java.base/java.net.Socket.connect(Socket.java:633)
at org.postgresql.core.PGStream.createSocket(PGStream.java:261)
at org.postgresql.core.PGStream.<init>(PGStream.java:122)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:146)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:289)
... 20 more
2026-04-16 11:08:02,230 ERROR [org.jgroups.protocols.JDBC_PING] (jgroups-11707,696a363471e6-31341) JGRP000220: Failed to store PingData in database
To verify whether the container can resolve the host:
root@ucs5primary:~# docker exec -it keycloak bash
keycloak@4255915aae60:/$ getent hosts ucs5primary.merde.intranet
10.200.30.10 ucs5primary.merde.intranet
Check Database
Verify that the database (default PostgreSQL) is online. In this case, it is a UCS 5.2 system with PostgreSQL version 15 (UCS 5.0-x uses PostgreSQL 11):
pg_lsclusters -h
15 main 5432 online postgres /var/lib/postgresql/15/main /var/log/postgresql/postgresql-15-main.log
Check the database service:
systemctl status postgresql
Verify that the database exists:
root@ucs5primary:~# su - postgres -c psql
psql (15.14 (Univention 15.14-0+deb12u1~bpo10+1A~5.0.0.202510071301))
Type "help" for help.
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | ICU Locale | Locale Provider | Access privileges
-------------------------+-------------------------+----------+-------------+-------------+------------+-----------------+-----------------------
guardian-management-api | guardian-management-api | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
importhttpapi | importhttpapi | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
keycloak | keycloak | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
selfservice | selfservice | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc | =c/postgres +
| | | | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc | =c/postgres +
| | | | | | | postgres=CTc/postgres
(7 rows)
Connect to the keycloak database and verify the tables:
postgres=# \c keycloak
You are now connected to database "keycloak" as user "postgres".
keycloak=# \dt
List of relations
Schema | Name | Type | Owner
--------+-------------------------------+-------+----------
public | admin_event_entity | table | keycloak
public | associated_policy | table | keycloak
public | authentication_execution | table | keycloak
public | authentication_flow | table | keycloak
public | authenticator_config | table | keycloak
public | authenticator_config_entry | table | keycloak
public | broker_link | table | keycloak
public | client | table | keycloak
public | client_attributes | table | keycloak
public | client_auth_flow_bindings | table | keycloak
public | client_initial_access | table | keycloak
public | client_node_registrations | table | keycloak
public | client_scope | table | keycloak
public | client_scope_attributes | table | keycloak
public | client_scope_client | table | keycloak
public | client_scope_role_mapping | table | keycloak
public | component | table | keycloak
public | component_config | table | keycloak
public | composite_role | table | keycloak
public | credential | table | keycloak
public | databasechangelog | table | keycloak
public | databasechangeloglock | table | keycloak
public | default_client_scope | table | keycloak
public | event_entity | table | keycloak
public | fed_user_attribute | table | keycloak
public | fed_user_consent | table | keycloak
public | fed_user_consent_cl_scope | table | keycloak
public | fed_user_credential | table | keycloak
public | fed_user_group_membership | table | keycloak
public | fed_user_required_action | table | keycloak
public | fed_user_role_mapping | table | keycloak
public | federated_identity | table | keycloak
public | federated_user | table | keycloak
public | group_attribute | table | keycloak
public | group_role_mapping | table | keycloak
public | identity_provider | table | keycloak
public | identity_provider_config | table | keycloak
public | identity_provider_mapper | table | keycloak
public | idp_mapper_config | table | keycloak
public | jgroups_ping | table | keycloak
public | jgroupsping | table | keycloak
<skip>
Solution
After restarting the Keycloak container, the issue was resolved and the container was able to successfully establish a connection to the database:
univention-app restart keycloak
root@ucs-primary:~/univention-support# docker logs --tail 50 keycloak
2026-04-16 11:47:17,830 INFO [org.keycloak.spi.infinispan.impl.embedded.JGroupsConfigurator] (main) JGroups Encryption enabled (mTLS).
2026-04-16 11:47:17,833 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for sessions to 10000 entries.
2026-04-16 11:47:17,834 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for clientSessions to 10000 entries.
2026-04-16 11:47:17,834 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for offlineSessions to 10000 entries.
2026-04-16 11:47:17,834 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for offlineClientSessions to 10000 entries.
2026-04-16 11:47:18,048 INFO [org.keycloak.jgroups.certificates.CertificateReloadManager] (main) Starting JGroups certificate reload manager
2026-04-16 11:47:18,187 INFO [org.infinispan.CONTAINER] (main) ISPN000556: Starting user marshaller 'org.infinispan.commons.marshall.ImmutableProtoStreamMarshaller'
2026-04-16 11:47:18,403 INFO [org.infinispan.CLUSTER] (main) ISPN000078: Starting JGroups channel `ISPN` with stack `jdbc-ping-tcp`
2026-04-16 11:47:18,405 INFO [org.jgroups.JChannel] (main) local_addr: 9c5a7409-2233-4c77-9fe5-641055a10b8f, name: 696a363471e6-23723
2026-04-16 11:47:18,414 INFO [org.jgroups.protocols.FD_SOCK2] (main) server listening on *:57600
2026-04-16 11:47:20,461 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 0
2026-04-16 11:47:22,494 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 1
2026-04-16 11:47:24,534 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 2
2026-04-16 11:47:26,573 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 3
2026-04-16 11:47:28,608 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 4
2026-04-16 11:47:30,640 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 5
2026-04-16 11:47:32,696 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 6
2026-04-16 11:47:34,739 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 7
2026-04-16 11:47:36,779 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 8
2026-04-16 11:47:38,819 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: JOIN(696a363471e6-23723) sent to 696a363471e6-31341 timed out (after 2000 ms), on try 9
2026-04-16 11:47:38,819 WARN [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-23723: too many JOIN attempts (10): becoming singleton
2026-04-16 11:47:39,032 INFO [org.infinispan.CLUSTER] (main) ISPN000094: Received new cluster view for channel ISPN: [696a363471e6-23723|0] (1) [696a363471e6-23723]
2026-04-16 11:47:39,034 INFO [org.keycloak.jgroups.certificates.CertificateReloadManager] (main) Reloading JGroups Certificate
2026-04-16 11:47:39,094 INFO [org.infinispan.CLUSTER] (main) ISPN000079: Channel `ISPN` local address is `696a363471e6-23723`, physical addresses are `[10.10.50.1:7600]`
2026-04-16 11:47:39,663 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 696a363471e6-23723, Site name: null
2026-04-16 11:47:40,708 INFO [io.quarkus] (main) Keycloak 26.3.5 on JVM (powered by Quarkus 3.20.3) started in 27.937s. Listening on: http://0.0.0.0:8180. Management interface listening on http://0.0.0.0:9000.
2026-04-16 11:47:40,708 INFO [io.quarkus] (main) Profile prod activated.
2026-04-16 11:47:40,709 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-postgresql, keycloak, micrometer, narayana-jta, opentelemetry, reactive-routes, rest, rest-jackson, smallrye-context-propagation, smallrye-health, vertx]
2026-04-16 11:54:03,346 INFO [org.infinispan.CLUSTER] (main) ISPN000080: Disconnecting JGroups channel `ISPN`
2026-04-16 11:54:03,387 INFO [org.keycloak.jgroups.certificates.CertificateReloadManager] (main) Stopping JGroups certificate reload manager
2026-04-16 11:54:03,401 INFO [com.arjuna.ats.jbossatx] (main) ARJUNA032014: Stopping transaction recovery manager
2026-04-16 11:54:03,426 INFO [io.quarkus] (main) Keycloak stopped in 0.134s
2026-04-16 11:54:10,919 INFO [org.keycloak.spi.infinispan.impl.embedded.JGroupsConfigurator] (main) JGroups Encryption enabled (mTLS).
2026-04-16 11:54:10,922 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for sessions to 10000 entries.
2026-04-16 11:54:10,923 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for clientSessions to 10000 entries.
2026-04-16 11:54:10,923 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for offlineSessions to 10000 entries.
2026-04-16 11:54:10,923 INFO [org.keycloak.spi.infinispan.impl.embedded.CacheConfigurator] (main) Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for offlineClientSessions to 10000 entries.
2026-04-16 11:54:11,150 INFO [org.keycloak.jgroups.certificates.CertificateReloadManager] (main) Starting JGroups certificate reload manager
2026-04-16 11:54:11,291 INFO [org.infinispan.CONTAINER] (main) ISPN000556: Starting user marshaller 'org.infinispan.commons.marshall.ImmutableProtoStreamMarshaller'
2026-04-16 11:54:11,526 INFO [org.infinispan.CLUSTER] (main) ISPN000078: Starting JGroups channel `ISPN` with stack `jdbc-ping-tcp`
2026-04-16 11:54:11,528 INFO [org.jgroups.JChannel] (main) local_addr: f597042c-eaf0-444d-8340-b0e7362e94da, name: 696a363471e6-45339
2026-04-16 11:54:11,538 INFO [org.jgroups.protocols.FD_SOCK2] (main) server listening on *:57600
2026-04-16 11:54:11,610 INFO [org.jgroups.protocols.pbcast.GMS] (main) 696a363471e6-45339: no members discovered after 69 ms: creating cluster as coordinator
2026-04-16 11:54:11,695 INFO [org.infinispan.CLUSTER] (main) ISPN000094: Received new cluster view for channel ISPN: [696a363471e6-45339|0] (1) [696a363471e6-45339]
2026-04-16 11:54:11,698 INFO [org.keycloak.jgroups.certificates.CertificateReloadManager] (main) Reloading JGroups Certificate
2026-04-16 11:54:11,763 INFO [org.infinispan.CLUSTER] (main) ISPN000079: Channel `ISPN` local address is `696a363471e6-45339`, physical addresses are `[10.10.50.1:7600]`
2026-04-16 11:54:12,305 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 696a363471e6-45339, Site name: null
2026-04-16 11:54:13,465 INFO [io.quarkus] (main) Keycloak 26.3.5 on JVM (powered by Quarkus 3.20.3) started in 7.987s. Listening on: http://0.0.0.0:8180. Management interface listening on http://0.0.0.0:9000.
2026-04-16 11:54:13,465 INFO [io.quarkus] (main) Profile prod activated.
2026-04-16 11:54:13,465 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-postgresql, keycloak, micrometer, narayana-jta, opentelemetry, reactive-routes, rest, rest-jackson, smallrye-context-propagation, smallrye-health, vertx]
The join script was then executed successfully:
univention-run-join-scripts --run-scripts 92univention-management-console-web-server.inst --force
root@ucs5backup:~# univention-run-join-scripts --run-scripts 92univention-management-console-web-server.inst --force
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2024 Univention GmbH, Germany
Enter Primary Directory Node Account : Administrator
Enter Primary Directory Node Password:
Search LDAP binddn: done
Running pre-joinscripts hook(s): done
Running 92univention-management-console-web-server.inst done
Running post-joinscripts hook(s): done