diff --git a/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml b/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml
index 4a05924..46d68b9 100644
--- a/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml
+++ b/tripleo_ipa/roles/tripleo_ipa_registration/tasks/main.yml
@@ -30,17 +30,26 @@
     base_server_short_name: "{{ tripleo_ipa_base_server_fqdn.split('.')[0] }}"
     base_server_domain: "{{ tripleo_ipa_base_server_fqdn.split('.', 1)[1] }}"
     enroll_base_server: "{{ tripleo_ipa_enroll_base_server }}"
+    principal: "nova/{{ ansible_fqdn }}"
 
 - name: add main host to IPA with OTP
   when: enroll_base_server|bool
   become: true
   block:
+    - name: destroy the old keytab
+      command: "kdestroy -A"
+
+    - name: get a new keytab
+      command: "kinit -kt /etc/novajoin/krb5.keytab {{ principal }}"
+
     - name: get host raw data and keytab info
       command: "ipa host-show --raw --all {{ base_server_fqdn }}"
       register: host_raw_data
       changed_when: false
       failed_when: false
 
+    - debug: var=host_raw_data
+
     - name: confirm that host is not already registered with current keytab
       when: '"has_keytab: TRUE" not in host_raw_data.stdout'
       block: