Support Questions

Find answers, ask questions, and share your expertise

Cloudbreak UI "Incorrect email/password or account is disabled."

Cloudera Employee

I am trying to deploy a cluster using Cloudbreak. While, bringing up the CBD and trying to login to the cloudbreak UI, I am getting the error "Incorrect email/password or account is disabled."

The logs from cbd during the time when I tried to login are as below

identity_1     | [2017-05-22 21:57:42.960] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- ChainedAuthenticationManager: Attempting chained authentication of Principal:; Credentials: [PROTECTED]; Authenticated: false; Details: remoteAddress=, clientId=sultans; Not granted any authorities with manager:org.cloudfoundry.identity.uaa.authentication.manager.CheckIdpEnabledAuthenticationManager@31c68309 required:null
identity_1     | [2017-05-22 21:57:42.962] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- AuthzAuthenticationManager: Processing authentication request for
identity_1     | [2017-05-22 21:57:43.105] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- AuthzAuthenticationManager: Password did not match for user
identity_1     | [2017-05-22 21:57:43.106] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] ....  INFO --- Audit: UserAuthenticationFailure (''): principal=b8ac52a4-8c11-4bae-8063-421e9e73d380, origin=[remoteAddress=, clientId=sultans], identityZoneId=[uaa]
identity_1     | [2017-05-22 21:57:43.110] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] ....  INFO --- Audit: PrincipalAuthenticationFailure ('null'):, origin=[], identityZoneId=[uaa]
identity_1     | [2017-05-22 21:57:43.112] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- ChainedAuthenticationManager: Chained authentication exception:Bad credentials at:org.cloudfoundry.identity.uaa.authentication.manager.AuthzAuthenticationManager.authenticate(
identity_1     | [2017-05-22 21:57:43.112] cloudfoundry-identity-server - ???? [http-nio-8080-exec-6] .... DEBUG --- ChainedAuthenticationManager: Chained Authentication status of Principal:; Credentials: [PROTECTED]; Authenticated: false; Details: remoteAddress=, clientId=sultans; Not granted any authorities with manager:org.cloudfoundry.identity.uaa.authentication.manager.ChainedAuthenticationManager$AuthenticationManagerConfiguration@2e5cfbef; Authenticated:false

I observe that in the logs there credential mismatch issue that is being reported. However, the credentials that I am using are verified from the files,

1. Profile
2. /home/cloudbreak/.hdc/config
3. uaa.yml

I used the cloudbreak deployer from Amazon AMI,

AMI ID - cloudbreak-deployer-130-2016-06-15 (ami-019b5c6c)

and updated to Cloudbreak 1.14.4 using the instructions provided here,

Some useful INFO:

1. cbd doctor:

 cbd doctor
===> Deployer doctor: Checks your environment, and reports a diagnose.
uname: Linux ip-10-144-186-250 4.4.8-20.46.amzn1.x86_64 #1 SMP Wed Apr 27 19:28:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
local version:1.14.4
latest release:1.14.4
docker images:
docker command exists: OK
docker client version: 1.12.6
docker client version: 1.12.6
ping on host: OK
ping on host: OK
ping in container: OK
ping in container: OK

2. cbd ps:

                  Name                                       Command                                      State                                       Ports
cbreak_cbdb_1                               /start postgres                             Up                                >5432/tcp
cbreak_cloudbreak_1                         / bash               Up                                >8080/tcp
cbreak_consul_1                             /bin/consul agent -server  ...              Up                                          8300/tcp, 8301/tcp, 8301/udp, 8302/tcp,
                                                                                                                          >8500/tcp, 8600/tcp,
cbreak_haveged_1                            haveged -F                                  Up
cbreak_identity_1                           /tmp/                                 Up                                >8080/tcp
cbreak_logsink_1                            socat -u TCP-LISTEN:3333,r ...              Up                                >3333/tcp
cbreak_logspout_1                           /bin/sh -c sleep 1; ROUTE_ ...              Up                                >80/tcp
cbreak_mail_1                               /bin/sh -c /opt/ ...              Up                                >25/tcp
cbreak_pcdb_1                               /start postgres                             Up                                >5432/tcp
cbreak_periscope_1                          /                     Up                                >8080/tcp
cbreak_registrator_1                        /bin/registrator consul:// ...              Up
cbreak_sultans_1                            /sultans/                    Up                                >3000/tcp, 3001/tcp
cbreak_traefik_1                            /traefik --debug --web --d ...              Up                                >443/tcp,>80/tcp,
cbreak_uaadb_1                              /start postgres                             Up                                >5432/tcp
cbreak_uluwatu_1                            /uluwatu/                    Up                                >3000/tcp

I also tried to sign up using my personal email id with a password of my own. However, I did not see any confirmation being sent ( to my email account ) as cloudbreak mentioned. Is there a possibility to add new users using "sign up" feature in Cloudbreak UI.

Thank you,



Expert Contributor

Hi @kkanchu

Could you please provide some info how did you define the default username and password in your Profile file?

You can also add default user by 'cbd util add-default-user'



Cloudera Employee

Hi @rdoktorics

export PUBLIC_IP=<>

export UAA_DEFAULT_SECRET='<password>'

export UAA_DEFAULT_USER_PW='<password>'

Where '<password>' is something like 'badbad'

So, while entering the credentials, it is like,


password: badbad

I also checked uaa.yml and '/home/cloudbreak/.hdc/config' which has same credentials.


Expert Contributor

If you have data in your database then use:

export UAA_DEFAULT_SECRET=cbsecret2015

in your Profile.

Because the older versions on Cloudbreak used that by default.

The second what you can do is if you dont have any data in your db then drop the database with:

  1. cbd kill
  2. cbd delete
  3. cbd generate
  4. cbd start



Cloudera Employee

@rdoktorics I do have the property UAA_DEFAULT_SECRET mentioned in the Profile. Even after multiple restarts, it did not mitigate the issue. However, since it was a trial cluster that I was playing around with, I tried to follow the second way that you mentioned. Incidentally, that (second method) was mentioned by @fschneider this morning which helped me get pass the issue. Also, it was told that this process can lead to loss of configuration data which has to be followed with caution.


Why do you use the AMI ID - cloudbreak-deployer-130-2016-06-15(ami-019b5c6c) image?

There are images with the new version of cloudbreak-deployer:

Cloudera Employee

@fschneider There was no specific reason. In fact, I searched in for CBD AMI in AWS and I picked the latest date that was mentioned in the image name. Yes, I missed the latest images that were mentioned in the documentation