Community Articles

Find and share helpful community-sourced technical articles.
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

SYMPTOM: All the services in the cluster are down and restarting the services fails with the following error:

2016-11-17 21:42:18,235 ERROR namenode.NameNode ( - Failed to start namenode. Login failure for nn/ from keytab /etc/security/keytabs/nn.service.keytab: Client not found in Kerberos database (6) 
Caused by: KrbException: Client not found in Kerberos database (6) 
Caused by: KrbException: Identifier doesn't match expected value (906)

Regeneration of Keytabs using Ambari too failed as follows:

17 Nov 2016 23:58:59,136 WARN [Server Action Executor Worker 12702] CreatePrincipalsServerAction:233 - Principal, HTTP/, does not exist, creating new principal 
17 Nov 2016 23:58:59,151 ERROR [Server Action Executor Worker 12702] CreatePrincipalsServerAction:284 - Failed to create or update principal, HTTP/ - Can not create principal : HTTP/
org.apache.ambari.server.serveraction.kerberos.KerberosOperationException: Can not create principal : HTTP/
Caused by: javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00002071: UpdErr: DSID-0305038D, problem 6005 (ENTRY_EXISTS), data 0 
]; remaining name '"cn=HTTP/,OU=Hadoop,OU=EXAMPLE_Users,DC=examplet,DC=ad,DC=ex,DC=com"'

ROOT CAUSE: Wrong entries in all service accounts(VPN) in AD. Character '/' was replaced with '_' by a wrong script.

RESOLUTION: Fix the issue in the AD service accounts. In the above case, all '_' was replaced with '/' in the service accounts in AD.

0 Kudos
Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.
Version history
Last update:
‎09-16-2022 01:37 AM
Updated by:
Top Kudoed Authors