IPA replica install fails with the error "kadmin.local: Included profile directory could not be read while initializing krb5 library"

Issue

Scenario:1
------------------

• IPA install fails when calling kadmin.local

Done configuring certificate server (pki-tomcatd).
Restarting the directory and certificate servers
Configuring Kerberos KDC (krb5kdc). Estimated time: 30 seconds
  [1/8]: adding sasl mappings to the directory
  [2/8]: configuring KDC
  [3/8]: creating a keytab for the directory
  [error] CalledProcessError: Command ''kadmin.local' '-q' 'addprinc -randkey ldap/hostname.x.x.x.x@X.X.X.X' '-x' 'ipa-setup-override-restrictions'' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(Replica): ERROR    Command ''kadmin.local' '-q' 'addprinc -randkey ldap/hostname.x.x.x.x@X.X.X.X' '-x' 'ipa-setup-override-restrictions'' returned non-zero exit status 1

Scenario:2
------------------

• IPA install fails with the error

Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
Kerberos authentication failed: kinit: Included profile directory could not be read while initializing Kerberos 5 library

Installation failed. Rolling back changes.
IPA client is not configured on this system.