Problem
You want to fully rejoin a School-Slave because the situation requires it.
For example, because the school has been deleted or because you now have the physical server at a different location and therefore want to perform a univention-join. Then it would be possible that you get errors with the join-script 98univention-samba4slavepdc-dns.inst. This is not executed successfully, which means that other join scripts are missing and you will find similar entries in the /var/log/univention/join.log.
Configure 98univention-samba4slavepdc-dns.inst Tue May 7 20:55:56 CEST 2024
2024-05-07 20:55:56.781067454+02:00 (in joinscript_init)
ERROR(runtime): Record already exists; record could not be added. zone[_msdcs.ucs5schoolhejne.intranet] name[_ldap._tcp.HejneSchool2._sites.dc] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[_kerberos._tcp.HejneSchool2._sites] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[_msdcs.ucs5schoolhejne.intranet] name[_kerberos._tcp.HejneSchool2._sites.dc] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[_msdcs.ucs5schoolhejne.intranet] name[_ldap._tcp.pdc] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[_msdcs.ucs5schoolhejne.intranet] name[gc] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[_gc._tcp] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[_msdcs.ucs5schoolhejne.intranet] name[_ldap._tcp.gc] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[_gc._tcp.HejneSchool2._sites] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[_msdcs.ucs5schoolhejne.intranet] name[_ldap._tcp.HejneSchool2._sites.gc] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[DomainDnsZones] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[_ldap._tcp.DomainDnsZones] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[_ldap._tcp.HejneSchool2._sites.DomainDnsZones] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[ForestDnsZones] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[_ldap._tcp.ForestDnsZones] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
ERROR(runtime): Record already exists; record could not be added. zone[ucs5schoolhejne.intranet] name[_ldap._tcp.HejneSchool2._sites.ForestDnsZones] [WERR_DNS_ERROR_RECORD_ALREADY_EXISTS] - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
Failed to get Kerberos credentials, falling back to samba-tool: (3221225485, 'An invalid parameter was passed to a service or function.')
Failed update of 15 entries
**************************************************************************
* Join failed! *
* Contact your system administrator *
**************************************************************************
* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- FAILED: 98univention-samba4slavepdc-dns.inst
**************************************************************************
And if you check the join-status from the system, you get an output like this:
univention-check-join-status
Warning: 'univention-samba4slavepdc-dns' is not configured.
Warning: 'univention-squid-samba4' is not configured.
Warning: 'ucs-school-netlogon-user-logonscripts' is not configured.
Warning: 'ucs-school-netlogon' is not configured.
Warning: 'ucs-school-umc-printermoderation' is not configured.
Error: Not all install files configured: 5 missing
Solution
The error message WERR_DNS_ERROR_RECORD_ALREADY_EXISTS indicates that an attempt is being made during the univention-join to create DNS records that already exist. This is usually the case if the IP from the Primary Node is entered as Nameserver1. We would need this if the DNS records and other objects did not exist, but in our case, it’s correct that the IP of the School-Slave is configured as Nameserver1.
Before
ucr search --brief nameserver
dns/nameserver/registration/forward_zone: no
dns/nameserver/registration/reverse_zone: no
nameserver/external: false
nameserver/option/timeout: 2
nameserver1: 10.200.30.20
nameserver2: 10.200.30.26
After
ucr set nameserver1=10.200.30.26; ucr unset nameserver2
dns/nameserver/registration/forward_zone: no
dns/nameserver/registration/reverse_zone: no
nameserver/external: false
nameserver/option/timeout: 2
nameserver1: 10.200.30.26
nameserver2: <empty>
nameserver3: <empty>
Now it should be able to rejoin the system without the errors for the join-script above.
univention-join
FYI: