diff --git a/mistral/actions/openstack/actions.py b/mistral/actions/openstack/actions.py
index 8393c3c6..85ff0d81 100644
--- a/mistral/actions/openstack/actions.py
+++ b/mistral/actions/openstack/actions.py
@@ -388,7 +388,25 @@ class BaremetalIntrospectionAction(base.OpenStackAction):
 
     @classmethod
     def _get_fake_client(cls):
-        return cls._get_client_class()(1)
+        try:
+            # ironic-inspector client tries to get and validate it's own
+            # version when created. This might require checking the keystone
+            # catalog if the ironic-inspector server is not listening on the
+            # localhost IP address. Thus, we get a session for this case.
+            sess = keystone_utils.get_admin_session()
+
+            return cls._get_client_class()(session=sess)
+        except Exception as e:
+            LOG.warning("There was an error trying to create the "
+                        "ironic-inspector client using a session: %s" % str(e))
+            # If it's not possible to establish a keystone session, attempt to
+            # create a client without it. This should fall back to where the
+            # ironic-inspector client tries to get it's own version on the
+            # default IP address.
+            LOG.debug("Attempting to create the ironic-inspector client "
+                      "without a session.")
+
+            return cls._get_client_class()()
 
     def _get_client(self):
         ctx = context.ctx()
diff --git a/mistral/utils/openstack/keystone.py b/mistral/utils/openstack/keystone.py
index 21267739..5f458bcf 100644
--- a/mistral/utils/openstack/keystone.py
+++ b/mistral/utils/openstack/keystone.py
@@ -13,6 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import keystoneauth1.identity.generic as auth_plugins
+from keystoneauth1 import session as ks_session
 from keystoneclient.v3 import client as ks_client
 from keystoneclient.v3.endpoints import Endpoint
 from oslo_config import cfg
@@ -130,3 +132,19 @@ def is_token_trust_scoped(auth_token):
     token_info = keystone_client.tokens.validate(auth_token)
 
     return 'OS-TRUST:trust' in token_info
+
+
+def get_admin_session():
+    """Returns a keystone session from Mistral's service credentials."""
+
+    auth = auth_plugins.Password(
+        CONF.keystone_authtoken.auth_uri,
+        username=CONF.keystone_authtoken.admin_user,
+        password=CONF.keystone_authtoken.admin_password,
+        project_name=CONF.keystone_authtoken.admin_tenant_name,
+        # NOTE(jaosorior): Once mistral supports keystone v3 properly, we can
+        # fetch the following values from the configuration.
+        user_domain_name='Default',
+        project_domain_name='Default')
+
+    return ks_session.Session(auth=auth)
diff --git a/tools/sync_db.py b/tools/sync_db.py
index 7e70d3c8..6590cb95 100644
--- a/tools/sync_db.py
+++ b/tools/sync_db.py
@@ -12,6 +12,7 @@
 #    See the License for the specific language governing permissions and
 #    limitations under the License.
 
+import keystonemiddleware.opts as keystonemw_opts
 from oslo_config import cfg
 from oslo_log import log as logging
 
@@ -25,6 +26,14 @@ CONF = cfg.CONF
 
 
 def main():
+    # NOTE(jaosorior): This is needed in order for db-sync to also register the
+    # keystonemiddleware options. Those options are used by clients that need a
+    # keystone session in order to be able to register their actions.
+    # This can be removed when mistral moves out of using keystonemiddleware in
+    # favor of keystoneauth1.
+    for group, opts in keystonemw_opts.list_auth_token_opts():
+        CONF.register_opts(opts, group=group)
+
     config.parse_args()
 
     if len(CONF.config_file) == 0: