Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cloudera Director failed to start the cluster due to Kerberos authenication

SOLVED Go to solution

Cloudera Director failed to start the cluster due to Kerberos authenication

Expert Contributor

I am trying to bootstrap a CDH 5.9.1 cluster with MIT KDC in AWS. The same configuration works without kerberos. The application log didn't show any error. The bootrap command failed as follows:

...

* Enabling Kerberos ............................................................................................................................................................ done
* Calling firstRun on cluster m7test ... done
* Waiting for firstRun on cluster m7test .............................................................................................................................................................. done
* Collecting diagnostic data ................................................................................................................ done

* Cloudera Manager 'First Run' command execution failed: Failed to perform First Run of services. ...

 

 

I logged into CM and saw HDFS data nodes all failed to start. DN failed to authenticate with NN.

 

 

 

 

    
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Cloudera Director failed to start the cluster due to Kerberos authenication

Expert Contributor
Missed JCE configuration. All is good.
2 REPLIES 2

Re: Cloudera Director failed to start the cluster due to Kerberos authenication

Expert Contributor

NN indicates the authentication failure is due to the following:

2017-01-26 20:04:09,861 INFO org.apache.hadoop.ipc.Server: Socket Reader #1 for port 8022: readAndProcess from client 10.3.1.23 threw e
xception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechani
sm level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]

Highlighted

Re: Cloudera Director failed to start the cluster due to Kerberos authenication

Expert Contributor
Missed JCE configuration. All is good.