https://community.cloudera.com/t5/Support-Questions/Failing-to-connect-to-KDC-during-enable-kerberos-CA/m-p/237339#M199152 <P>Hi there good folks </P><P>We are trying to enable HDP kerberos integration, but we are getting stuck in the Wizard during "test kerberos client".</P><PRE>Failed to connect to KDC - Failed to communicate with the Active Directory at ldaps://ad-serverxxxx:636: simple bind failed: ad-serverxxxx:636 Make sure the server's SSL certificate or CA certificates have been imported into Ambari's truststore.</PRE><P>Verified both JAVA and AMBARI CA certs in Trust Stores. </P><P> $JAVA_HOME/bin/keytool -list -v -keystore $JAVA_HOME/lib/security/cacerts &gt; /tmp/05122018_java_truststore_cert</P><P>--Did the same writing out the Ambari trust store cert. </P><P>The certs are there and confirmed not yet expired.</P><P>Next try to test the service account used and ensure the accounts works fine:</P><P>ldapsearch -x -LLL -h ad-serverxxxxx -D 'CN=S_LDAP_HortonWrks_DEV,OU=Admin,OU=xxx,DC=xxxxxxx,DC=xxx,DC=xxx' -b "OU=HDP,DC=xxx,DC=xxx,DC=xxx" -W</P><P>Queries for password , authenticates and returned successfully so the account seems fine. </P><P>The irony is that we did this just a few weeks before and didn't have issues but had to tear down and rebuild due to another un-related issue.</P><P>Last time we got stuck at the same place but then import the DC's cert into the JAVA cacerts trust store resolved the issue.</P><P> Now for some reason it's not. The master is a clean new server, the slaves are the old machines that have been cleared up using this blog. </P><P><A href="https://community.hortonworks.com/articles/97489/completely-uninstall-hdp-and-ambari.html" target="_blank">https://community.hortonworks.com/articles/97489/completely-uninstall-hdp-and-ambari.html</A></P><P>Any help would be highly appreciated. Drawing a bit of a blank after all the troubleshooting done so far.</P><P>Kind Regards</P> Wed, 05 Dec 2018 23:18:33 GMT nico_jordaan 2018-12-05T23:18:33Z