Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

HDP 2.3.4, Ambari 2.1.2, Keberos in place

Centrify integration is in place.

I have seen this https://community.hortonworks.com/questions/2580/accessing-hdp-web-ui-from-windows-pc-causes-gsshea....

We are using Open JDK Java 1.8.0_65.

Exact error:

Error while accessing webhcat

http://xxxxx:50111/templeton/v1/status

HTTP ERROR: 403

Problem accessing /templeton/v1/status. Reason:

GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

Powered by Jetty://

7 REPLIES 7
Highlighted

Re: Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

Rising Star

Can you see right token? Is DNS reverse DNS working?

Re: Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

Expert Contributor

Looks like a conflict in http protocol between Centrify and Kerberos. Check to see if /etc/centrifydc/centrifydc.conf config file has this property adclient.krb5.service.principals and that the value don't have http and nfs. If http is there, SPNEGO won't work. The latter, nfs, will cause issues with DNs and won't start properly but this is a different issue. Check to see as well if the encryption algorithms in KDC matches what is being allowed in AD/Centrify.

Re: Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

New Contributor

HTTP Status 403 - GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) I got this error when I enabled HA For Oozie, with haproxy.

Re: Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

Expert Contributor

I am facing the same issue on HDP 2.4. (not with Centrify) . What is the proposed solution for this?

Re: Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

HTTP Status 403 - GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)


type Status report

message GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

description Access to the specified resource has been forbidden.

Re: Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

New Contributor

Our cluster running HDP 2.4.2 and Ambari 2.2.2

I followed link and opened Oozie Web UI in IE-11 it worked fine. However facing "GSSHeader did not find the right tag" on Chrome.

any idea?

Re: Hitting GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

New Contributor

@Neeraj Sabharwal ..i am also getting same error.. can you please tell what was resolution?

P.S:

java version "1.7.0_121" OpenJDK Runtime Environment (rhel-2.6.8.1.el6_8-x86_64 u121-b00) OpenJDK 64-Bit Server VM (build 24.121-b00, mixed mode)

Don't have an account?
Coming from Hortonworks? Activate your account here