question GSS exception error seen in a scenario even after having valid kerberos ticket in Support Questions https://community.cloudera.com/t5/Support-Questions/GSS-exception-error-seen-in-a-scenario-even-after-having/m-p/231196#M193040 <P>We have a application which ingest files from LOCAL file system to HDFS in AD kerberos enabled environment . This basically moves files from Local directory to HDFS path. Once the ingestion process start , after 20 hours, we see the below error given randomly and after sometime, we see the error continuously . And finally, no files are moved. </P><P>Error :</P><P>java.io.IOException: java.io.IOException: java.io.IOException: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "example1.com/xxxxx"; destination host is: "example2.com":8020; </P><P>We have the application running in two environment i.e, Env-1 and Env-2 . </P><P>The same ingestion process is working fine without any error in Env-1 , and in Env-2 we see the GSS exception error .</P><P>There is difference of load and incoming files in Env-1 and Env-2 . </P><P>Env-1 - Per day , 5 files are moved to HDFS and without any error .And the same process goes on everyday.</P><P>Env-2 - Per 5 minute , 6000 files are moved to HDFS and the GSS exception error is seen after 20 hours. 6000 files are moved into HDFS from 42 different directories simultaneously and total number of threads used are 150 . At a time, 150 files can be moved simultaneously , once the threads are released, it will pick the next files. Hence, the process goes on.</P><P>Can anyone comment on the below concern and issue seen :</P><P>1. Is there something to do with load in KDC server.</P><P>2. Are there any parameters in AD server which restrict the number of count of TGT to be generated from KDC at a time.</P><P>3. Is there something to do with Kerberos tolerance time. In AD server, Maximum tolerance time is set to 5 min.</P><P>4. Please suggest If any parameters need to be added in krb5.conf to handle load and handle huge number of requests incoming to AD at a time. </P><P>We had checked the below in AD server and Env-2 :</P><P>1. AD server and Env-2 time are in sync.</P><P>2. Kerberos ticket is not expired. We have set a cron job to renew kerberos ticket every 4 hours. </P><P>3. Lifetime of ticket is set in krb5.conf accordingly : </P><P>renew_lifetime = 7d</P><P>ticket_lifetime = 24h</P><P>Can anyone suggest what might be the issue.</P><P>Thank you.</P> Fri, 16 Sep 2022 12:40:31 GMT vishakhaa9 2022-09-16T12:40:31Z