IPA krb5kdc service not starting - krb5kdc: Server error - while fetching master key

Solution Verified - Updated -

Issue

In IPA, krb5kdc service is not starting and following errors are observed.

[root@ipaserver ~]# systemctl status krb5kdc.service
krb5kdc.service - Kerberos 5 KDC
   Loaded: loaded (/usr/lib/systemd/system/krb5kdc.service; disabled)
   Active: failed (Result: exit-code) since Wed 2015-06-24 17:11:47 BST; 18h ago
  Process: 13002 ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5kdc.pid $KRB5KDC_ARGS (code=exited, status=1/FAILURE)

Jun 24 17:11:47 ipaserver.example.com systemd[1]: Starting Kerberos 5 KDC...
Jun 24 17:11:47 ipaserver.example.com krb5kdc[13002]: krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details
Jun 24 17:11:47 ipaserver.example.com systemd[1]: krb5kdc.service: control process exited, code=exited status=1
Jun 24 17:11:47 ipaserver.example.com systemd[1]: Failed to start Kerberos 5 KDC.
Jun 24 17:11:47 ipaserver.example.com systemd[1]: Unit krb5kdc.service entered failed state.

In /var/log/krb5kdc.log file following error is observed.

krb5kdc: Server error - while fetching master key K/M for realm EXAMPLE.COM
krb5kdc: Server error - while fetching master key K/M for realm EXAMPLE.COM
krb5kdc: Server error - while fetching master key K/M for realm EXAMPLE.COM

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise IdM(IPA) 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content