Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement

Unable to connect to Hiveserver2 using beeline - javax.security.sasl.SaslException: No common protection layer between client and server

Labels (1)
Labels:
avatar
author-rank KuldeepK author-rank
Master Guru

Created on ‎12-20-2016 02:02 PM

SYMPTOM

Beeline fails with below error:

$ beeline --verbose 
Beeline version 0.14.0.2.2.6.0-2800 by Apache Hive 
beeline> !connect jdbc:hive2://prodnode1.crazyadmins.com:10000/default;principal=hive/prodnode1.crazyadmins.com@CRAZYADMINS.COM 
scan complete in 8ms 
Connecting to jdbc:hive2://prodnode1.crazyadmins.com:10000/default;principal=hive/prodnode1.crazyadmins.com@CRAZYADMINS.COM 
Enter username for jdbc:hive2://prodnode1.crazyadmins.com:10000/default;principal=hive/prodnode1.crazyadmins.com@CRAZYADMINS.COM: kuldeepk 
Enter password for jdbc:hive2://prodnode1.crazyadmins.com:10000/default;principal=hive/prodnode1.crazyadmins.com@CRAZYADMINS.COM: 
SLF4J: Class path contains multiple SLF4J bindings. 
SLF4J: Found binding in [jar:file:/usr/hdp/2.2.6.0-2800/hadoop/lib/slf4j-log4j12-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class] 
SLF4J: Found binding in [jar:file:/usr/hdp/2.2.6.0-2800/hive/lib/hive-jdbc-0.14.0.2.2.6.0-2800-standalone.jar!/org/slf4j/impl/StaticLoggerBinder.class] 
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. 
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory] 
16/02/02 00:35:55 [main]: ERROR transport.TSaslTransport: SASL negotiation failure 
javax.security.sasl.SaslException: No common protection layer between client and server 
at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:252) 
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:187) 
at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:507) 
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:264) 
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37) 
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52) 
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49) 
at java.security.AccessController.doPrivileged(Native Method) 
at javax.security.auth.Subject.doAs(Subject.java:415) 
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628) 
at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49) 
at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:190) 
at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:163) 
at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) 
at java.sql.DriverManager.getConnection(DriverManager.java:571) 
at java.sql.DriverManager.getConnection(DriverManager.java:187) 
at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:138) 
at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:179) 
at org.apache.hive.beeline.Commands.connect(Commands.java:1078) 
at org.apache.hive.beeline.Commands.connect(Commands.java:999) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
at java.lang.reflect.Method.invoke(Method.java:606) 
at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:45) 
at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:936) 
at org.apache.hive.beeline.BeeLine.execute(BeeLine.java:801) 
at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:762) 
at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:476) 
at org.apache.hive.beeline.BeeLine.main(BeeLine.java:459) 
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAc

.

ROOT CAUSE

SSL was enabled on this cluster for Hiveserver2 --> Further customer disabled it however forgot to revert below property

hive.server2.thrift.sasl.qop=auth-conf

.

WORKAROUND

N/A

.

RESOLUTION

Revert value of this property as below via Ambari and restart required services.

hive.server2.thrift.sasl.qop=auth
2,677 Views
Announcements
Community Announcements
Announcing the Launch of Cloudera Community Blogs
Community Announcements
October / November 2025 Community Highlights
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
View More Announcements
Version history
Last update:
‎12-20-2016 02:02 PM
Updated by:
Master Guru Master Guru
Contributors