First question: Is Keycloak a must-have for running UCS as a replacement for Windows AD?
Second question: Why doesn’t it install?
When I try to install it, whether via the GUI or in the CLI, it get’s up to this line and then just sits there indefinitely:
Running 49univention-keycloak-client.inst skipped (already executed)
Here is the full installation output from the CLI installation attempt:
Administrator@srv007:~$ sudo univention-app install keycloak
[sudo] password for Administrator:
Resolving dependencies for keycloak
Going to install Keycloak (26.2.5-ucs1)
Password for Administrator:
Showing License agreement for 5.0/keycloak=26.2.5-ucs1
Showing README for 5.0/keycloak=26.2.5-ucs1
Falling back to initial value for keycloak/apache2/ssl/certificate
Falling back to initial value for keycloak/apache2/ssl/key
Falling back to initial value for keycloak/apache2/ssl/ca
Falling back to initial value for keycloak/csp/frame-ancestors
Cannot read ucs/self/registration/check_email_verification while 5.0/keycloak=26.2.5-ucs1 is not running
Cannot read keycloak/password/change/endpoint while 5.0/keycloak=26.2.5-ucs1 is not running
Falling back to initial value for keycloak/password/change/endpoint
Cannot read kc/db/url while 5.0/keycloak=26.2.5-ucs1 is not running
Falling back to initial value for kc/db/url
Cannot read kc/db/username while 5.0/keycloak=26.2.5-ucs1 is not running
Falling back to initial value for kc/db/username
Cannot read kc/db/password while 5.0/keycloak=26.2.5-ucs1 is not running
Falling back to initial value for kc/db/password
Cannot read kc/db/driver while 5.0/keycloak=26.2.5-ucs1 is not running
Falling back to initial value for kc/db/driver
Cannot read kc/db/ping/datatype while 5.0/keycloak=26.2.5-ucs1 is not running
Falling back to initial value for kc/db/ping/datatype
Configuring 5.0/keycloak=26.2.5-ucs1
Setting keycloak/server/sso/fqdn to 'ucs-sso-ng.mt.house'
Setting keycloak/server/sso/path to '/'
Setting keycloak/server/sso/virtualhost to 'true'
Setting keycloak/apache/config to 'true'
Setting keycloak/server/sso/autoregistration to 'true'
Unsetting keycloak/apache2/ssl/certificate
Unsetting keycloak/apache2/ssl/key
Unsetting keycloak/apache2/ssl/ca
Unsetting keycloak/csp/frame-ancestors
Setting keycloak/cookies/samesite to 'None'
Setting keycloak/login/messages/en/pwdChangeSuccessMsg to 'The password has been changed successfully.<br>Please log in again.<br/>'
Setting keycloak/login/messages/de/pwdChangeSuccessMsg to 'Das Passwort wurde erfolgreich geändert.<br>Bitte melden Sie sich erneut an.<br/>'
Setting keycloak/login/messages/en/accountNotVerifiedMsg to 'Your account is not verified.<br>You must <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">verify your account</a> before you can login.<br/>'
Setting keycloak/login/messages/de/accountNotVerifiedMsg to 'Konto nicht verifiziert.<br>Sie m\\u00FCssen Ihr <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">Konto verifizieren</a>, bevor Sie sich einloggen k\\u00F6nnen.<br/>'
Setting keycloak/login/messages/en/accessDeniedMsg to 'Access forbidden.<br>You do not have the needed privileges to access this application. Please contact the administrator that you do not have access to the service {0} if you find this to be incorrect.'
Setting keycloak/login/messages/de/accessDeniedMsg to 'Zugriff verboten.<br>Bitte wenden Sie sich an den Administrator, dass Sie keinen Zugriff auf den Service {0} haben, wenn Sie feststellen, dass dies nicht korrekt ist.'
Setting keycloak/log/level to 'INFO'
Setting kc/db/kind to 'postgres'
Setting kc/db/xa to 'false'
Setting keycloak/federation/remote/identifier to 'univentionObjectIdentifier'
Setting keycloak/federation/source/identifier to 'univentionSourceIAM'
Cannot write settings while 5.0/keycloak=26.2.5-ucs1 is not running
Installing univention-keycloak apache template
Installing Keycloak data/settings acl
Installing Keycloak apache template info
Installing Keycloak translation template info
Installing Keycloak transaltion template
File: /var/lib/univention-appcenter/apps/keycloak/conf/UCS/login/messages/messages_de.properties
File: /var/lib/univention-appcenter/apps/keycloak/conf/UCS/login/messages/messages_en.properties
Installing 50-keycloak postgresql 11 template
Installing 50-keycloak postgresql 15 template
Installing 50-keycloak postgresql template info
Installing keycloak ispn configuration template
Creating data directories for keycloak...
Registering UCR for keycloak
Marking 5.0/keycloak=26.2.5-ucs1 as installed
Multifile: /etc/postgresql/15/main/pg_hba.conf
File: /etc/univention/service.info/services/univention-appcenter.cfg
Multifile: /etc/apache2/sites-available/default-ssl.conf
Multifile: /etc/apache2/sites-available/000-default.conf
Adding localhost to LDAP object
Reloading apache2 configuration (via systemctl): apache2.service.
univention-postgresql was already set to manually installed.
Checking if database keycloak exists (postgresql implementation)
Database keycloak already exists
5.0/keycloak=26.2.5-ucs1 already has its database
Registering the container host keycl-04140353 for keycloak
Downloading app images
Running command: docker-compose -p keycloak pull
Pulling keycloak ...
Pulling keycloak ... pulling from keycloak-keycloak
Pulling keycloak ... digest: sha256:4704029b92c03a3d20...
Pulling keycloak ... status: image is up to date for d...
Pulling keycloak ... done
Initializing app image
Running command: docker-compose -p keycloak up -d --no-build --no-recreate
Creating network "keycloak_appcenter_net" with the default driver
Creating keycloak ...
Creating keycloak ... done
Preconfiguring container d4f7e9f10359207b52d6ea7bb58e2b1c027b77eb95f69a33e6e10f1ede69747d
Starting keycloak ...
Starting keycloak ... done
Running command: docker cp /etc/postgresql-keycloak.secret d4f7e9f10359207b52d6ea7bb58e2b1c027b77eb95f69a33e6e10f1ede69747d:/etc/postgresql-keycloak.secret
Configuring 5.0/keycloak=26.2.5-ucs1
Setting keycloak/server/sso/fqdn to 'ucs-sso-ng.mt.house'
Setting keycloak/server/sso/virtualhost to 'true'
Setting keycloak/apache/config to 'true'
Setting keycloak/server/sso/autoregistration to 'true'
Unsetting keycloak/apache2/ssl/certificate
Unsetting keycloak/apache2/ssl/key
Unsetting keycloak/apache2/ssl/ca
Unsetting keycloak/csp/frame-ancestors
Setting keycloak/cookies/samesite to 'None'
Setting keycloak/log/level to 'INFO'
Setting keycloak/server/sso/path to '/'
Setting keycloak/login/messages/en/pwdChangeSuccessMsg to 'The password has been changed successfully.<br>Please log in again.<br/>'
Setting keycloak/login/messages/de/pwdChangeSuccessMsg to 'Das Passwort wurde erfolgreich geändert.<br>Bitte melden Sie sich erneut an.<br/>'
Setting ucs/self/registration/check_email_verification to 'false'
Setting keycloak/login/messages/en/accountNotVerifiedMsg to 'Your account is not verified.<br>You must <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">verify your account</a> before you can login.<br/>'
Setting keycloak/login/messages/de/accountNotVerifiedMsg to 'Konto nicht verifiziert.<br>Sie m\\u00FCssen Ihr <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">Konto verifizieren</a>, bevor Sie sich einloggen k\\u00F6nnen.<br/>'
Setting keycloak/login/messages/en/accessDeniedMsg to 'Access forbidden.<br>You do not have the needed privileges to access this application. Please contact the administrator that you do not have access to the service {0} if you find this to be incorrect.'
Setting keycloak/login/messages/de/accessDeniedMsg to 'Zugriff verboten.<br>Bitte wenden Sie sich an den Administrator, dass Sie keinen Zugriff auf den Service {0} haben, wenn Sie feststellen, dass dies nicht korrekt ist.'
Setting keycloak/password/change/endpoint to 'srv007.mt.house'
Unsetting kc/db/url
Setting kc/db/username to 'keycloak'
Setting kc/db/kind to 'postgres'
Setting kc/db/xa to 'false'
Unsetting kc/db/driver
Unsetting kc/db/ping/datatype
Setting keycloak/federation/remote/identifier to 'univentionObjectIdentifier'
Setting keycloak/federation/source/identifier to 'univentionSourceIAM'
ucr cannot be found, falling back to changing the database file directly
Executing interface restore_data_before_setup for keycloak
No interface defined
Executing interface restore_data_after_setup for keycloak
No interface defined
Falling back to initial value for keycloak/apache2/ssl/certificate
Falling back to initial value for keycloak/apache2/ssl/key
Falling back to initial value for keycloak/apache2/ssl/ca
Falling back to initial value for keycloak/csp/frame-ancestors
Falling back to initial value for kc/db/url
Falling back to initial value for kc/db/password
Falling back to initial value for kc/db/driver
Falling back to initial value for kc/db/ping/datatype
Configuring 5.0/keycloak=26.2.5-ucs1
Setting keycloak/server/sso/fqdn to 'ucs-sso-ng.mt.house'
Setting keycloak/server/sso/path to '/'
Setting keycloak/server/sso/virtualhost to 'true'
Setting keycloak/apache/config to 'true'
Setting keycloak/server/sso/autoregistration to 'true'
Unsetting keycloak/apache2/ssl/certificate
Unsetting keycloak/apache2/ssl/key
Unsetting keycloak/apache2/ssl/ca
Unsetting keycloak/csp/frame-ancestors
Setting keycloak/cookies/samesite to 'None'
Setting keycloak/login/messages/en/pwdChangeSuccessMsg to 'The password has been changed successfully.<br>Please log in again.<br/>'
Setting keycloak/login/messages/de/pwdChangeSuccessMsg to 'Das Passwort wurde erfolgreich geändert.<br>Bitte melden Sie sich erneut an.<br/>'
Setting ucs/self/registration/check_email_verification to 'false'
Setting keycloak/login/messages/en/accountNotVerifiedMsg to 'Your account is not verified.<br>You must <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">verify your account</a> before you can login.<br/>'
Setting keycloak/login/messages/de/accountNotVerifiedMsg to 'Konto nicht verifiziert.<br>Sie m\\u00FCssen Ihr <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">Konto verifizieren</a>, bevor Sie sich einloggen k\\u00F6nnen.<br/>'
Setting keycloak/login/messages/en/accessDeniedMsg to 'Access forbidden.<br>You do not have the needed privileges to access this application. Please contact the administrator that you do not have access to the service {0} if you find this to be incorrect.'
Setting keycloak/login/messages/de/accessDeniedMsg to 'Zugriff verboten.<br>Bitte wenden Sie sich an den Administrator, dass Sie keinen Zugriff auf den Service {0} haben, wenn Sie feststellen, dass dies nicht korrekt ist.'
Setting keycloak/log/level to 'INFO'
Setting keycloak/password/change/endpoint to 'srv007.mt.house'
Unsetting kc/db/url
Setting kc/db/username to 'keycloak'
Setting kc/db/kind to 'postgres'
Setting kc/db/xa to 'false'
Unsetting kc/db/driver
Unsetting kc/db/ping/datatype
Setting keycloak/federation/remote/identifier to 'univentionObjectIdentifier'
Setting keycloak/federation/source/identifier to 'univentionSourceIAM'
ucr cannot be found, falling back to changing the database file directly
File: /etc/apache2/sites-available/univention-keycloak.conf
W: ucs/server/sso/uri is overridden by scope "ldap"
ucr cannot be found, falling back to changing the database file directly
Saving data from old container (5.0/keycloak=26.2.5-ucs1)
Starting keycloak ...
Starting keycloak ... done
Running command: docker cp d4f7e9f10359207b52d6ea7bb58e2b1c027b77eb95f69a33e6e10f1ede69747d:/etc/machine.secret /var/lib/univention-appcenter/apps/keycloak/machine.secret
Starting keycloak ...
Starting keycloak ... done
Stopping keycloak ...
Stopping keycloak ... done
Removing old container
Removing keycloak ...
Removing keycloak ... done
Removing network keycloak_appcenter_net
Setting up new container (5.0/keycloak=26.2.5-ucs1)
Creating data directories for keycloak...
Registering UCR for keycloak
Marking 5.0/keycloak=26.2.5-ucs1 as installed
Adding localhost to LDAP object
Reloading apache2 configuration (via systemctl): apache2.service.
univention-postgresql was already set to manually installed.
Checking if database keycloak exists (postgresql implementation)
Database keycloak already exists
5.0/keycloak=26.2.5-ucs1 already has its database
Initializing app image
Running command: docker-compose -p keycloak up -d --no-build --no-recreate
Creating network "keycloak_appcenter_net" with the default driver
Creating keycloak ...
Creating keycloak ... done
Preconfiguring container 65b0d264a26e3e4ffa6e9ee9500d29e19e0e99661f1ad5fcac7baa9efea397f2
Starting keycloak ...
Starting keycloak ... done
Running command: docker cp /etc/postgresql-keycloak.secret 65b0d264a26e3e4ffa6e9ee9500d29e19e0e99661f1ad5fcac7baa9efea397f2:/etc/postgresql-keycloak.secret
Configuring 5.0/keycloak=26.2.5-ucs1
Setting keycloak/server/sso/fqdn to 'ucs-sso-ng.mt.house'
Setting keycloak/server/sso/virtualhost to 'true'
Setting keycloak/apache/config to 'true'
Setting keycloak/server/sso/autoregistration to 'true'
Unsetting keycloak/apache2/ssl/certificate
Unsetting keycloak/apache2/ssl/key
Unsetting keycloak/apache2/ssl/ca
Unsetting keycloak/csp/frame-ancestors
Setting keycloak/cookies/samesite to 'None'
Setting keycloak/log/level to 'INFO'
Setting keycloak/server/sso/path to '/'
Setting keycloak/login/messages/en/pwdChangeSuccessMsg to 'The password has been changed successfully.<br>Please log in again.<br/>'
Setting keycloak/login/messages/de/pwdChangeSuccessMsg to 'Das Passwort wurde erfolgreich geändert.<br>Bitte melden Sie sich erneut an.<br/>'
Setting ucs/self/registration/check_email_verification to 'false'
Setting keycloak/login/messages/en/accountNotVerifiedMsg to 'Your account is not verified.<br>You must <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">verify your account</a> before you can login.<br/>'
Setting keycloak/login/messages/de/accountNotVerifiedMsg to 'Konto nicht verifiziert.<br>Sie m\\u00FCssen Ihr <a id="loginSelfServiceLink" href="https://srv007.mt.house/univention/selfservice/#/selfservice/verifyaccount" target="_blank">Konto verifizieren</a>, bevor Sie sich einloggen k\\u00F6nnen.<br/>'
Setting keycloak/login/messages/en/accessDeniedMsg to 'Access forbidden.<br>You do not have the needed privileges to access this application. Please contact the administrator that you do not have access to the service {0} if you find this to be incorrect.'
Setting keycloak/login/messages/de/accessDeniedMsg to 'Zugriff verboten.<br>Bitte wenden Sie sich an den Administrator, dass Sie keinen Zugriff auf den Service {0} haben, wenn Sie feststellen, dass dies nicht korrekt ist.'
Setting keycloak/password/change/endpoint to 'srv007.mt.house'
Setting kc/db/url to 'jdbc:postgresql://srv007.mt.house:5432/keycloak?sslmode=require'
Setting kc/db/username to 'keycloak'
Setting kc/db/kind to 'postgres'
Setting kc/db/xa to 'false'
Setting kc/db/driver to 'org.postgresql.Driver'
Setting kc/db/ping/datatype to 'BYTEA'
Setting keycloak/federation/remote/identifier to 'univentionObjectIdentifier'
Setting keycloak/federation/source/identifier to 'univentionSourceIAM'
ucr cannot be found, falling back to changing the database file directly
Executing interface restore_data_before_setup for keycloak
No interface defined
Executing interface restore_data_after_setup for keycloak
No interface defined
updating certificates for 5.0/keycloak=26.2.5-ucs1
Registering UCR for keycloak
Marking 5.0/keycloak=26.2.5-ucs1 as installed
Adding localhost to LDAP object
Reloading apache2 configuration (via systemctl): apache2.service.
Certificate was added to keystore
Executing interface configure for keycloak
No interface defined
updating certificates for 5.0/keycloak=26.2.5-ucs1
Installing join script /var/cache/univention-appcenter/appcenter.software-univention.de/5.0/keycloak_20250508142809.inst
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2025 Univention GmbH, Germany
Running pre-joinscripts hook(s): done
Running 01univention-ldap-server-init.inst skipped (already executed)
Running 02univention-directory-notifier.inst skipped (already executed)
Running 03univention-directory-listener.inst skipped (already executed)
Running 04univention-ldap-client.inst skipped (already executed)
Running 05univention-bind.inst skipped (already executed)
Running 08univention-apache.inst skipped (already executed)
Running 10univention-ldap-server.inst skipped (already executed)
Running 11univention-heimdal-init.inst skipped (already executed)
Running 11univention-pam.inst skipped (already executed)
Running 15univention-directory-notifier-post.inst skipped (already executed)
Running 15univention-heimdal-kdc.inst skipped (already executed)
Running 18python-univention-directory-manager.inst skipped (already executed)
Running 20univention-directory-policy.inst skipped (already executed)
Running 20univention-join.inst skipped (already executed)
Running 20univention-ldap-config-master.inst skipped (already executed)
Running 22univention-directory-manager-rest.inst skipped (already executed)
Running 26univention-nagios-common.inst skipped (already executed)
Running 30univention-appcenter.inst skipped (already executed)
Running 30univention-monitoring-client.inst skipped (already executed)
Running 30univention-nagios-client.inst skipped (already executed)
Running 31univention-monitoring-s4-connector.inst skipped (already executed)
Running 31univention-monitoring-samba.inst skipped (already executed)
Running 31univention-nagios-s4-connector.inst skipped (already executed)
Running 31univention-nagios-samba.inst skipped (already executed)
Running 33univention-portal.inst skipped (already executed)
Running 35univention-appcenter-docker.inst skipped (already executed)
Running 35univention-management-console-module-appcenter.inst skipped (already executed)
Running 35univention-management-console-module-diagnostic.inst skipped (already executed)
Running 35univention-management-console-module-ipchange.inst skipped (already executed)
Running 35univention-management-console-module-join.inst skipped (already executed)
Running 35univention-management-console-module-lib.inst skipped (already executed)
Running 35univention-management-console-module-quota.inst skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.inst skipped (already executed)
Running 35univention-management-console-module-setup.inst skipped (already executed)
Running 35univention-management-console-module-sysinfo.inst skipped (already executed)
Running 35univention-management-console-module-top.inst skipped (already executed)
Running 35univention-management-console-module-ucr.inst skipped (already executed)
Running 35univention-management-console-module-udm.inst skipped (already executed)
Running 35univention-management-console-module-updater.inst skipped (already executed)
Running 35univention-management-console-module-welcome.inst skipped (already executed)
Running 35univention-server-overview.inst skipped (already executed)
Running 36univention-management-console-module-apps.inst skipped (already executed)
Running 49univention-keycloak-client.inst skipped (already executed)
If I then do CTRL+C, this is the output:
^CAborting...
Running 50keycloak.inst
Resolving dependencies for keycloak
Going to remove Keycloak (26.2.5-ucs1)
Showing README for 5.0/keycloak=26.2.5-ucs1
Configuring 5.0/keycloak=26.2.5-ucs1
Configuring 5.0/keycloak=26.2.5-ucs1
Executing interface configure for keycloak
No interface defined
Stopping keycloak ...
Stopping keycloak ... done
Removing keycloak ...
Removing keycloak ... done
Removing network keycloak_appcenter_net
Removing localhost from LDAP object
Multifile: /etc/postgresql/15/main/pg_hba.conf
File: /etc/univention/service.info/services/univention-appcenter.cfg
Multifile: /etc/apache2/sites-available/default-ssl.conf
Multifile: /etc/apache2/sites-available/000-default.conf
Reloading apache2 configuration (via systemctl): apache2.service.
Uninstalling /usr/lib/univention-install/50keycloak.inst
Installing join script /var/cache/univention-appcenter/appcenter.software-univention.de/5.0/keycloak_20250508142809.uinst
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2025 Univention GmbH, Germany
Running pre-joinscripts hook(s): done
Running 01univention-ldap-server-init.inst skipped (already executed)
Running 02univention-directory-notifier.inst skipped (already executed)
Running 03univention-directory-listener.inst skipped (already executed)
Running 04univention-ldap-client.inst skipped (already executed)
Running 05univention-bind.inst skipped (already executed)
Running 08univention-apache.inst skipped (already executed)
Running 10univention-ldap-server.inst skipped (already executed)
Running 11univention-heimdal-init.inst skipped (already executed)
Running 11univention-pam.inst skipped (already executed)
Running 15univention-directory-notifier-post.inst skipped (already executed)
Running 15univention-heimdal-kdc.inst skipped (already executed)
Running 18python-univention-directory-manager.inst skipped (already executed)
Running 20univention-directory-policy.inst skipped (already executed)
Running 20univention-join.inst skipped (already executed)
Running 20univention-ldap-config-master.inst skipped (already executed)
Running 22univention-directory-manager-rest.inst skipped (already executed)
Running 26univention-nagios-common.inst skipped (already executed)
Running 30univention-appcenter.inst skipped (already executed)
Running 30univention-monitoring-client.inst skipped (already executed)
Running 30univention-nagios-client.inst skipped (already executed)
Running 31univention-monitoring-s4-connector.inst skipped (already executed)
Running 31univention-monitoring-samba.inst skipped (already executed)
Running 31univention-nagios-s4-connector.inst skipped (already executed)
Running 31univention-nagios-samba.inst skipped (already executed)
Running 33univention-portal.inst skipped (already executed)
Running 35univention-appcenter-docker.inst skipped (already executed)
Running 35univention-management-console-module-appcenter.inst skipped (already executed)
Running 35univention-management-console-module-diagnostic.inst skipped (already executed)
Running 35univention-management-console-module-ipchange.inst skipped (already executed)
Running 35univention-management-console-module-join.inst skipped (already executed)
Running 35univention-management-console-module-lib.inst skipped (already executed)
Running 35univention-management-console-module-quota.inst skipped (already executed)
Running 35univention-management-console-module-reboot.inst skipped (already executed)
Running 35univention-management-console-module-services.inst skipped (already executed)
Running 35univention-management-console-module-setup.inst skipped (already executed)
Running 35univention-management-console-module-sysinfo.inst skipped (already executed)
Running 35univention-management-console-module-top.inst skipped (already executed)
Running 35univention-management-console-module-ucr.inst skipped (already executed)
Running 35univention-management-console-module-udm.inst skipped (already executed)
Running 35univention-management-console-module-updater.inst skipped (already executed)
Running 35univention-management-console-module-welcome.inst skipped (already executed)
Running 35univention-server-overview.inst skipped (already executed)
Running 36univention-management-console-module-apps.inst skipped (already executed)
Running 49univention-keycloak-client.inst skipped (already executed)
Running 80univention-radius.inst skipped (already executed)
Running 81univention-nfs-server.inst skipped (already executed)
Running 90univention-bind-post.inst skipped (already executed)
Running 92univention-management-console-web-server.inst skipped (already executed)
Running 96univention-samba4.inst skipped (already executed)
Running 97univention-s4-connector.inst skipped (already executed)
Running 98univention-pkgdb-tools.inst skipped (already executed)
Running 98univention-samba4-dns.inst skipped (already executed)
Running 51keycloak-uninstall.uinst done
Running post-joinscripts hook(s): done
Potential script hook folder is unused: /var/lib/univention-appcenter/apps/keycloak/local/hooks/post-remove.d
File: /etc/apt/apt.conf.d/55user_agent
File: /usr/share/univention-management-console/modules/apps.xml
File: /usr/share/univention-management-console/i18n/de/apps.mo
Administrator@srv007:~$
do this and it might just help
