https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103876#M29900 <P><A rel="user" href="https://community.cloudera.com/users/1321/venkatagangavarapu.html" nodeid="1321">@Venkata Sridhar Gangavarapu</A> </P><P>Thanks buddy, Glad to know it works.</P> Fri, 27 May 2016 21:54:34 GMT bandarusridhar1 2016-05-27T21:54:34Z https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103873#M29897 <P>Hi,</P><P>I created a hive view instance but when I try to run a query it gives below error</P><P>Caused by: org.apache.thrift.protocol.TProtocolException: Required field 'serverProtocolVersion' is unset! Struct:TOpenSessionResp(status:TStatus(statusCode:ERROR_STATUS, infoMessages:[*org.apache.hive.service.cli.HiveSQLException:Failed to validate proxy privilege of ambari-qa for gv07680:33:32, org.apache.hive.service.auth.HiveAuthFactory:verifyProxyAccess:HiveAuthFactory.java:359, org.apache.hive.service.cli.thrift.ThriftCLIService:getProxyUser:ThriftCLIService.java:731, org.apache.hive.service.cli.thrift.ThriftCLIService:getUserName:ThriftCLIService.java:367, org.apache.hive.service.cli.thrift.ThriftCLIService:getSessionHandle:ThriftCLIService.java:394, org.apache.hive.service.cli.thrift.ThriftCLIService:OpenSession:ThriftCLIService.java:297, org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1253, org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession:getResult:TCLIService.java:1238, org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39, org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39, org.apache.thrift.server.TServlet:doPost:TServlet.java:83, org.apache.hive.service.cli.thrift.ThriftHttpServlet:doPost:ThriftHttpServlet.java:171, javax.servlet.http.HttpServlet:service:HttpServlet.java:727, javax.servlet.http.HttpServlet:service:HttpServlet.java:820, org.eclipse.jetty.servlet.ServletHolder:handle:ServletHolder.java:565, org.eclipse.jetty.servlet.ServletHandler:doHandle:ServletHandler.java:479, org.eclipse.jetty.server.session.SessionHandler:doHandle:SessionHandler.java:225, org.eclipse.jetty.server.handler.ContextHandler:doHandle:ContextHandler.java:1031, org.eclipse.jetty.servlet.ServletHandler:doScope:ServletHandler.java:406, org.eclipse.jetty.server.session.SessionHandler:doScope:SessionHandler.java:186, org.eclipse.jetty.server.handler.ContextHandler:doScope:ContextHandler.java:965, org.eclipse.jetty.server.handler.ScopedHandler:handle:ScopedHandler.java:117, org.eclipse.jetty.server.handler.HandlerWrapper:handle:HandlerWrapper.java:111, org.eclipse.jetty.server.Server:handle:Server.java:349, org.eclipse.jetty.server.AbstractHttpConnection:handleRequest:AbstractHttpConnection.java:449, org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler:content:AbstractHttpConnection.java:925, org.eclipse.jetty.http.HttpParser:parseNext:HttpParser.java:857, org.eclipse.jetty.http.HttpParser:parseAvailable:HttpParser.java:235, org.eclipse.jetty.server.AsyncHttpConnection:handle:AsyncHttpConnection.java:76, org.eclipse.jetty.io.nio.SelectChannelEndPoint:handle:SelectChannelEndPoint.java:609, org.eclipse.jetty.io.nio.SelectChannelEndPoint$1:run:SelectChannelEndPoint.java:45, java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1145, java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:615, java.lang.Thread:run:Thread.java:745, *org.apache.hadoop.security.authorize.AuthorizationException:User: ambari-qa is not allowed to impersonate gv07680:0:-1], sqlState:08S01, errorCode:0, errorMessage:Failed to validate proxy privilege of ambari-qa for gv07680), serverProtocolVersion:null)</P><P>I did kerberos setup for ambari user using ambari-server setup-security with ambari-qa as the ambari user.</P><P>I did set up proxyuser settings in core-site.xml file using below configs</P><P>hadoop.proxyuser.ambari-server.groups: * </P><P>hadoop.proxyuser.ambari-server.hosts: * </P><P>We are using ambari-2.2.2 and HDP-2.3.0.</P><P>Below are the configs for Hiev view instance</P><P>Hive Authentication: auth=KERBEROS;principal=hive/_HOST@HADOOP.COM;hive.server2.proxy.user=gv07680</P><P>WebHDFS Username: gv07680</P><P>WebHDFS Authentication: auth=KERBEROS;proxyuser=ambari-qa@HADOOP.COM</P><P>Scripts HDFS Directory*: /user/gv07680/hive/scripts</P><P>HiveServer2 Thrift port*: 10001</P><P>HiveServer2 Http port*: 10001HiveServer2 Http path*: cliserviceHiveServer2 Transport Mode*: http</P><P>WebHDFS FileSystem URI*: webhdfs://hostname:50070</P><P>There is no HA, so no HA related configs.</P><P>But still I see the Failed to validate proxy privilege of ambari-qa for gv07680 error</P><P>Below is the config for /etc/ambari-server/conf/krb5JAASLogin.conf</P><P>com.sun.security.jgss.krb5.initiate { </P><P> com.sun.security.auth.module.Krb5LoginModule required </P><P> renewTGT=false </P><P> doNotPrompt=true </P><P> useKeyTab=true </P><P> keyTab="/etc/security/keytabs/smokeuser.headless.keytab" </P><P> principal="ambari-qa@BCBSA.COM" storeKey=true useTicketCache=false; </P><P>}; </P><P>Please advise.</P> Fri, 27 May 2016 02:37:49 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103873#M29897 venkata_gangava 2016-05-27T02:37:49Z https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103874#M29898 <P>@<A href="https://community.hortonworks.com/users/1321/venkatagangavarapu.html">Venkata Sridhar Gangavarapu</A></P><P>May I know on which user ambari server installed? root or some other user?</P><P>If root please add below properties: <A href="http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.0/bk_ambari_views_guide/content/_setup_HDFS_proxy_user.html">LINK</A></P><PRE>hadoop.proxyuser.root.groups=* hadoop.proxyuser.root.hosts=*</PRE><P>1. If your cluster is Kerberosed then follow below steps:</P><P>Go to Hive Service --&gt; Configs --&gt; General and change below property to</P><PRE>hive.server2.thrift.sasl.qop = auth-conf </PRE><P>Restart all the affected services to make sure changed are set. Then go to Ambari Views server, Manage Ambari --&gt; Hive View --&gt; Setting</P><PRE>HiveAuthentication= auth=KERBEROS;principal=hive/_HOST@EXAMPLE.COM;hive.server2.proxy.user=${username};saslQop=auth-conf</PRE><P>Let me know if this helps you.</P> Fri, 27 May 2016 09:19:36 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103874#M29898 bandarusridhar1 2016-05-27T09:19:36Z https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103875#M29899 <P>Hi Sri,</P><P>Thanks for the response.</P><P>It did work.</P><P>Thank you so much for your help.</P><P>I accept this answer.</P> Fri, 27 May 2016 21:33:26 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103875#M29899 venkata_gangava 2016-05-27T21:33:26Z https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103876#M29900 <P><A rel="user" href="https://community.cloudera.com/users/1321/venkatagangavarapu.html" nodeid="1321">@Venkata Sridhar Gangavarapu</A> </P><P>Thanks buddy, Glad to know it works.</P> Fri, 27 May 2016 21:54:34 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/hive-view-failing-with-errorMessage-Failed-to-validate-proxy/m-p/103876#M29900 bandarusridhar1 2016-05-27T21:54:34Z