In a test environment, even with krb5-1.11.3, I noticed a database reload (full resync) may still fail and result in the ulog being updated with the new serial number, resulting in an inconsistent environment.


I have another patch available which seems to fix the condition. Specifically, I have seen the condition occur with an accompanying log message:

…/kdb5_util returned a bad exit status (2)