ipa-server-install command failed, exception: RuntimeError: CA did not start in 300.0s

Root Cause

• nss packages were on the older version

nss-3.36.0-7.el7_5.x86_64                                  
nss-pem-1.0.3-5.el7.x86_64                                
nss-softokn-3.36.0-5.el7_5.x86_64                   
nss-softokn-freebl-3.36.0-5.el7_5.x86_64       
nss-sysinit-3.36.0-7.el7_5.x86_64                      
nss-tools-3.36.0-7.el7_5.x86_64                         
nss-util-3.36.0-1.el7_5.x86_64                             

• less ipaserver-install.log

  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 250, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 847, in install
    ca.install_step_1(False, None, options, custodia=custodia)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 391, in install_step_1
    ca.start('pki-tomcat')
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 464, in start
    self.service.start(instance_name, capture_output=capture_output, wait=wait)
  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 192, in start
    self.wait_until_running()
  File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 186, in wait_until_running
    raise RuntimeError('CA did not start in %ss' % timeout)

2019-08-11T11:19:52Z DEBUG The ipa-server-install command failed, exception: RuntimeError: CA did not start in 300.0s
2019-08-11T11:19:52Z ERROR CA did not start in 300.0s
2019-08-11T11:19:52Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information