when we deploy a HDP cluster in Cloudbreak with Kerberos Security enabled using Test KDC everything seems to work fine but when we click on "Test KDC Connection" under Kerberos > Configs it gives an error "Connection failed" but no further details. Is this an issue or can we ignore it?
Usually that happens if due to some reason the connection to the KDC server can not be established.
So please check from your Ambari Server host if you are able to connect to the KDC hostname & Port or not?
This is to isolate the Firewall issue or port access issue from ambari server host to KDC.
# nc -v $KDC_HOSTNAME $KDC_PORT (OR) # telnet $KDC_HOSTNAME $KDC_PORT
Actually the KDC gets deployed by Cloudbreak and it is on the same host as the Ambari server, so there is no Firewall involved.
nc -v localhost 88
KDC is also running and I can also see that principals are created successfully. Also when resizing the cluster with Cloudbreak this works fine. So eveything seems to be fine, just that we get an error when clicking on "Test KDC connection".
Test connection can work only if CB can access that port on the instance. By default kerberos port is not opened to the world so it's normal that this fails.
The above question and the replies below were originally posted in the Community Help track. On Mon May 20 03:50:51 UTC 2019, a member of the HCC moderation staff moved it to the Cloud & Operations track. The Community Help Track is intended for questions about using the HCC site itself.