[Freeipa-users] healthcheck - Invalid PKI instance: pki-tomcat

Hi guys. adding second master failed a number of times so I did go without '--setup-ca', now on that master I get lots of: Invalid PKI instance: pki-tomcat:   {     "source": "pki.server.healthcheck.certs.expiration",     "check": "CASystemCertExpiryCheck",     "result": "CRITICAL",     "uuid": "7b920e6a-4f47-4541-80fa-e9d87dadff20",     "when": "20220118102040Z",     "duration": "0.000175",     "kw": {       "msg": "Invalid PKI instance: pki-tomcat"     }   }, ...   {     "source": "ipahealthcheck.ipa.certs",     "check": "IPACertfileExpirationCheck",     "result": "ERROR",     "uuid": "fb01a7bd-3457-4007-8c3d-66662e23b6df",     "when": "20220118102040Z",     "duration": "0.006617",     "kw": {       "key": "20210709164208",       "dbdir": "/etc/pki/pki-tomcat/alias",       "nickname": "auditSigningCert cert-pki-kra",       "error": "NSSDB '/etc/pki/pki-tomcat/alias' not initialized.",       "msg": "Request id {key}: Unable to retrieve cert '{nickname}' from '{dbdir}': {error}"     }   }, .. first master's healthcheck does not mention these problems. Is it that IPA - falsely - believe that this second master is CA/KRA? If so, then how to resolve this - this second master, according to '--uinstall' was removed successfully(each time '--setup-ca' failed) many thanks, L.