Unable to take over AD domain

Hello everyone,

I recently gave UCS another try and installed it as a VM on my Proxmox hypervisor.
After the usual learning curve and VM rebuilds I wanted to let Univention take over my AD domain.

I downgraded it from a 2016 domain to a 2008 domain to be able to do that.
Unfortunately I always get following error and do not know how to fix it:

021-12-14 20:47:31,590 INFO 2021-12-14 20:47:31,590 pid:20753 /usr/lib/python3/dist-packages/samba/join.py #1117: Adding 1 remote DNS records for UCS1.hks.lan
2021-12-14 20:47:31,611 ndr_pull_DNS_RPC_DATA: ndr_pull_error(Bad Switch): Bad switch value 46 at librpc/gen_ndr/ndr_dnsserver.c:703 at librpc/gen_ndr/ndr_dnsserver.c:703
2021-12-14 20:47:31,613 Could not find machine account in secrets database: Failed to fetch machine account password for HKS from both secrets.ldb (Could not find entry to match filter: '(&(flatname=HKS)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
2021-12-14 20:47:31,651 ERROR(runtime): uncaught exception - (3221225485, 'An invalid parameter was passed to a service or function.')
2021-12-14 20:47:31,651   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
2021-12-14 20:47:31,651     return self.run(*args, **kwargs)
2021-12-14 20:47:31,651   File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 668, in run
2021-12-14 20:47:31,651     backend_store_size=backend_store_size)
2021-12-14 20:47:31,651   File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
2021-12-14 20:47:31,651     ctx.do_join()
2021-12-14 20:47:31,651   File "/usr/lib/python3/dist-packages/samba/join.py", line 1456, in do_join
2021-12-14 20:47:31,651     ctx.join_add_dns_records()
2021-12-14 20:47:31,652   File "/usr/lib/python3/dist-packages/samba/join.py", line 1145, in join_add_dns_records
2021-12-14 20:47:31,652     None)

Can someone guide me what to do?


What I have checked so far:
All three AD servers are available and replicated.