I will substantially rewrite this question in the hope of getting some help.
Also, I have reinstalled many times so some of the original post is no longer relevant.
I have a slave server installed on Amazon ec2 using the 4.3 Amazon univention image.
It is connected to the office domain by VPN.
I installed it without join or update as it was necessary to get the DNS sorted out before join and update could work. Now the univention DC Master is the primary DNS and the Amazon DNS is secondary.
I can run successful run every join script except 92univention-management-console-web-server.inst.
I also can not upgrade as the apt-sources entries are missing.
The error from the log is:
Could not download IDP metadata for https://ucs-sso.enviro.intranet/simplesamlphp/saml2/idp/metadata.php
‘NoneType’ object has no attribute ‘find’
The results of curl seem to be a good clue:
On a GOOD machine I get.
> root@ESS8:/home/talcom# curl http://ucs-sso.enviro.intranet/simplesamlphp/saml2/idp/metadata.php > <?xml version="1.0"?> > <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://ucs-sso.enviro.intranet/simplesamlphp/saml2/idp/metadata.php"> > <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> > <md:KeyDescriptor use="signing"> > <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> > <ds:X509Data> > <ds:X509Certificate>XIIFcD.... etc.
Whereas on the broken server:
root@essn:~# curl http://ucs-sso.enviro.intranet/simplesamlphp/saml2/idp/metadata.php <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /simplesamlphp/saml2/idp/metadata.php was not found on this server.</p> <hr> <address>Apache/2.4.25 (Univention) Server at ucs-sso.enviro.intranet Port 80</address> </body></html>
Both good and bad servers give the same output for the DNS query ‘dig ucs-sso.enviro.intranet’
The System Diagnostics show a bad SSL certificate error
Found invalid certificate '/tmp/tmp6lktDH': error /tmp/tmp6lktDH: verification failed
However I can not find the tmp6lktDH file on the system.
The Diagnostics reccomended replaceing all the certificates so I did this:
Renewing the SSL certificates
The server is the current Amazon 4.3 image and the DC master is 4.3-1 errata157