Self service app points to backup DC

have 2 DCs, master DC it0auth and backup DC it1auth. Went to master portal URL:

https://it0auth.mydomain/univention/portal/

and under application, the “change password” “app” shows as hostname of the backup DC and surely enough clicking there produces the error below.

Webfrontend error: The specified request is unknown.
The path '/self-service/' was not found.

which is expected given that the self service app was installed on master only

I then deleted it, then rebooted both master and backup DC and re-installed the app on master DC only, still same result.

Might be relevant: couple of weeks ago the roles were reversed, e.g. it1auth was master and it0auth was backup. I have then (to get experience with the scenario) deleted the master (they are virtual machines) and promoted the backup to master as per documentation with no issues, then I re-installed the former master as new backup DC.

One thing I had to do after this was to change this registry to point to the new master as detailed here

Also, I checked via ucr (on the master) now and I see

# ucr search --brief it1auth*
ucs/server/saml-idp-server/it1auth.mydomain: it1auth.mydomain
umc/saml/trusted/sp/it1auth.mydomain: it1auth.mydomain

though I am not sure whether it is relevant to this issue. Any advice?
Thanks

Mastodon