Support Questions

zhuw.bigdata · ‎01-26-2017

I am trying to bootstrap a CDH 5.9.1 cluster with MIT KDC in AWS. The same configuration works without kerberos. The application log didn't show any error. The bootrap command failed as follows:

...

* Enabling Kerberos ............................................................................................................................................................ done
* Calling firstRun on cluster m7test ... done
* Waiting for firstRun on cluster m7test .............................................................................................................................................................. done
* Collecting diagnostic data ................................................................................................................ done

* Cloudera Manager 'First Run' command execution failed: Failed to perform First Run of services. ...

I logged into CM and saw HDFS data nodes all failed to start. DN failed to authenticate with NN.

zhuw.bigdata · ‎01-26-2017

Missed JCE configuration. All is good.

View solution in original post

zhuw.bigdata · ‎01-26-2017

NN indicates the authentication failure is due to the following:

2017-01-26 20:04:09,861 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 8022: readAndProcess from client 10.3.1.23 threw e
xception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechani
sm level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]

zhuw.bigdata · ‎01-26-2017

Missed JCE configuration. All is good.

Cloudera Community

Support Questions

Cloudera Director failed to start the cluster due to Kerberos authenication