My Oracle Support Banner

Enabling AD Kerberos After Uninstalling MIT Kerberos Fails on BDA V4.7 and Lower with "ERROR: Error validating the provided Active Directory Certificate check" (Doc ID 2226138.1)

Last updated on FEBRUARY 03, 2020

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 to 4.7.0 [Release 4.2 to 4.7]
Linux x86-64


NOTE: In the examples that follow, user details, cluster names, hostnames, directory paths, filenames, etc. represent a fictitious sample (and are used to provide an illustrative example only). Any similarity to actual persons, or entities, living or dead, is purely coincidental and not intended in any manner. 

Trying to enable AD Kerberos with "bdacli enable ad_kerberos" after uninstalling MIT Kerberos with "bdacli disable kerberos" fails with:

SUCCESS: Successfully copy Active Directory CA to all nodes
ERROR: Error validating the provided Active Directory Certificate check
details in
/opt/oracle/BDAMammoth/bdaconfig/tmp/validateADSecureCertificate.out and
ERROR: Unable to locate file in STEP -1
INFO: Running bdadiagcluster...
INFO: Please get the Big Data Appliance cluster diagnostic bundle at



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.