I will substantially rewrite this question in the hope of getting some help.
Also, I have reinstalled many times so some of the original post is no longer relevant.
I have a slave server installed on Amazon ec2 using the 4.3 Amazon univention image.
It is connected to the office domain by VPN.
I installed it without join or update as it was necessary to get the DNS sorted out before join and update could work. Now the univention DC Master is the primary DNS and the Amazon DNS is secondary.
I can run successful run every join script except 92univention-management-console-web-server.inst.
I also can not upgrade as the apt-sources entries are missing.
root@essn:~# curl http://ucs-sso.enviro.intranet/simplesamlphp/saml2/idp/metadata.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /simplesamlphp/saml2/idp/metadata.php was not found on this server.</p>
<hr>
<address>Apache/2.4.25 (Univention) Server at ucs-sso.enviro.intranet Port 80</address>
</body></html>
Both good and bad servers give the same output for the DNS query ‘dig ucs-sso.enviro.intranet’
The System Diagnostics show a bad SSL certificate error
Found invalid certificate '/tmp/tmp6lktDH':
error /tmp/tmp6lktDH: verification failed
However I can not find the tmp6lktDH file on the system.
The Diagnostics reccomended replaceing all the certificates so I did this: Renewing the SSL certificates
The server is the current Amazon 4.3 image and the DC master is 4.3-1 errata157
The output of various commands on the problem server.
root@essn:~# dig ucs-sso.enviro.intranet
; <<>> DiG 9.10.3-P4-Univention <<>> ucs-sso.enviro.intranet
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2530
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 8, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ucs-sso.enviro.intranet. IN A
;; ANSWER SECTION:
ucs-sso.enviro.intranet. 900 IN A 192.168.20.3
ucs-sso.enviro.intranet. 900 IN A 192.168.20.4
ucs-sso.enviro.intranet. 900 IN A 192.168.40.3
;; AUTHORITY SECTION:
enviro.intranet. 900 IN NS essn.enviro.intranet.
enviro.intranet. 900 IN NS ESS2.enviro.intranet.
enviro.intranet. 900 IN NS ESS5.enviro.intranet.
enviro.intranet. 900 IN NS Deimos.enviro.intranet.
enviro.intranet. 900 IN NS ESS8.enviro.intranet.
enviro.intranet. 900 IN NS phobos.enviro.intranet.
enviro.intranet. 900 IN NS ESS3.enviro.intranet.
enviro.intranet. 900 IN NS ESS4.enviro.intranet.
;; ADDITIONAL SECTION:
phobos.enviro.intranet. 900 IN A 192.168.20.3
Deimos.enviro.intranet. 900 IN A 192.168.20.4
ESS2.enviro.intranet. 900 IN A 192.168.30.3
ESS3.enviro.intranet. 900 IN A 192.168.30.4
ESS4.enviro.intranet. 900 IN A 192.168.40.3
ESS5.enviro.intranet. 900 IN A 192.168.40.5
ESS8.enviro.intranet. 900 IN A 192.168.50.3
essn.enviro.intranet. 900 IN A 10.1.1.5
;; Query time: 24 msec
;; SERVER: 192.168.20.3#53(192.168.20.3)
;; WHEN: Fri Aug 03 11:40:32 AEST 2018
;; MSG SIZE rcvd: 384
root@essn:~# cat /etc/resolv.conf
# Warning: This file is auto-generated and might be overwritten by
# univention-config-registry.
# Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
# univention-config-registry ueberschrieben werden.
# Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
#
# /etc/univention/templates/files/etc/resolv.conf
#
domain enviro.intranet
nameserver 192.168.20.3 #THIS IS THE DC MASTER
nameserver 10.1.1.5
options timeout:2