Enabling AD Kerberos After Uninstalling MIT Kerberos May Fail on BDA V4.7 and Lower with "ERROR: Error validating the provided Active Directory Certificate check" (Doc ID 2226138.1)

Last updated on JANUARY 25, 2017

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 to 4.7.0 [Release 4.2 to 4.6]
Linux x86-64


Trying to enable AD Kerberos with "bdacli enable ad_kerberos: after uninstalling MIT Kerberos with "bdacli disable kerberos" may fail with:

SUCCESS: Successfully copy Active Directory CA to all nodes
ERROR: Error validating the provided Active Directory Certificate check
details in
/opt/oracle/BDAMammoth/bdaconfig/tmp/validateADSecureCertificate.out and
ERROR: Unable to locate file in STEP -1
INFO: Running bdadiagcluster...
INFO: Please get the Big Data Appliance cluster diagnostic bundle at



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms