Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Cloudera Director failed to start the cluster due to Kerberos authenication

avatar
Expert Contributor

I am trying to bootstrap a CDH 5.9.1 cluster with MIT KDC in AWS. The same configuration works without kerberos. The application log didn't show any error. The bootrap command failed as follows:

...

* Enabling Kerberos ............................................................................................................................................................ done
* Calling firstRun on cluster m7test ... done
* Waiting for firstRun on cluster m7test .............................................................................................................................................................. done
* Collecting diagnostic data ................................................................................................................ done

* Cloudera Manager 'First Run' command execution failed: Failed to perform First Run of services. ...

 

 

I logged into CM and saw HDFS data nodes all failed to start. DN failed to authenticate with NN.

 

 

 

 

    
1 ACCEPTED SOLUTION

avatar
Expert Contributor
Missed JCE configuration. All is good.

View solution in original post

2 REPLIES 2

avatar
Expert Contributor

NN indicates the authentication failure is due to the following:

2017-01-26 20:04:09,861 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 8022: readAndProcess from client 10.3.1.23 threw e
xception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechani
sm level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]

avatar
Expert Contributor
Missed JCE configuration. All is good.