Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

KDC test failing

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-29-2016 07:13 PM

I am in the Kerberos install menu and I choose the options "existing MIT KDC" but on the next screen (see attached picture) the KDC test fails .

this is my first time installing Ranger so I am not even sure if I should be choosing this option so please guide me on how to install/fix the Kerberos issue on HDP2.5.

capture.jpg

6,035 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
Former Member

Created ‎11-29-2016 07:23 PM

@Sami Ahmad

When you will click on the "Connection Failed" (link) present in the screenshot then it will show you the cause of failure.

If it shows "UNREACHABLE" then you will need to check if that host is reachable or not.

Also while doing "Test Connection" next it will be best to put the "ambari-server.log" in tail mode to see what error you get.

You should see something like following entry: (Here i intentionally made the hostname wrong for testing. 

29 Nov 2016 19:25:51,929 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:51,952 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:51,954  WARN [ambari-client-thread-88819] KdcServerConnectionVerification:242 - An unexpected exception occurred while attempting to communicate with the KDC server at kjss1.example.com1:88 over TCP
29 Nov 2016 19:25:51,975 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:52,002 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:52,003  WARN [ambari-client-thread-88819] KdcServerConnectionVerification:242 - An unexpected exception occurred while attempting to communicate with the KDC server at kjss1.example.com1:88 over UDP
29 Nov 2016 19:25:52,003 ERROR [ambari-client-thread-88819] KdcServerConnectionVerification:115 - Failed to connect to the KDC at kjss1.example.com1:88 using either TCP or UDP

.

View solution in original post

4,928 Views
8 REPLIES 8

avatar
Former Member

Created ‎11-29-2016 07:23 PM

@Sami Ahmad

When you will click on the "Connection Failed" (link) present in the screenshot then it will show you the cause of failure.

If it shows "UNREACHABLE" then you will need to check if that host is reachable or not.

Also while doing "Test Connection" next it will be best to put the "ambari-server.log" in tail mode to see what error you get.

You should see something like following entry: (Here i intentionally made the hostname wrong for testing. 

29 Nov 2016 19:25:51,929 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:51,952 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:51,954  WARN [ambari-client-thread-88819] KdcServerConnectionVerification:242 - An unexpected exception occurred while attempting to communicate with the KDC server at kjss1.example.com1:88 over TCP
29 Nov 2016 19:25:51,975 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:52,002 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 19:25:52,003  WARN [ambari-client-thread-88819] KdcServerConnectionVerification:242 - An unexpected exception occurred while attempting to communicate with the KDC server at kjss1.example.com1:88 over UDP
29 Nov 2016 19:25:52,003 ERROR [ambari-client-thread-88819] KdcServerConnectionVerification:115 - Failed to connect to the KDC at kjss1.example.com1:88 using either TCP or UDP

.

4,929 Views

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-29-2016 07:55 PM

the node is up. The Ambari logs are reporting the following:

how can I see if the KDC server is up and listening on port 88 ?

I installed Kerberos as follows :

yum install krb5-server krb5-libs krb5-workstation

29 Nov 2016 14:52:17,878 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 14:52:17,890 ERROR [ambari-kdc-verify] KdcConnection:380 - Authentication failed
29 Nov 2016 14:52:17,891  WARN [ambari-client-thread-84] KdcServerConnectionVerification:242 - An unexpected exception occurred while attempting to communicate with the KDC server at hadoop1:88 over TCP
29 Nov 2016 14:52:27,892  WARN [ambari-client-thread-84] KdcServerConnectionVerification:252 - Timeout occurred while attempting to to communicate with KDC server at hadoop1:88 over UDP
29 Nov 2016 14:52:27,892 ERROR [ambari-client-thread-84] KdcServerConnectionVerification:115 - Failed to connect to the KDC at hadoop1:88 using either TCP or UDP
4,928 Views
0 Kudos

avatar
author-rank aliyesami
Super Collaborator

Created ‎11-29-2016 08:55 PM

the connection was failing because the KDC server was not up and running . I followed this link to install and bring the KDC server and then I could pass the connection test .

https://gist.github.com/ashrithr/4767927948eca70845db

4,928 Views
0 Kudos

avatar
author-rank shehbazks98
Rising Star

Created ‎05-10-2017 08:57 AM

Hiii

i m facing the same issue will you plz help me to get into this out unreachable.png

( this action will check accessibility of KDC host and port from Ambari Server host)

on os level kerberos is working fine....

4,928 Views
0 Kudos

avatar
author-rank rlevas
Guru

Created ‎05-10-2017 09:07 AM

@PATHAN SHEBAZ RUSTUM

Take a look at the Ambari server log (/var/log/ambari-server/ambari-server.log) and see if are any interesting messages in there related to this. I assume the KDC is an MIT KDC

4,928 Views
0 Kudos

avatar
author-rank shehbazks98
Rising Star

Created ‎05-10-2017 12:28 PM

@Rober its MIT

[ambari-client-thread-637] KdcServerConnectionVerification:242 - An unexpected exception occurred while attempting to communicate with the KDC server at maxiqtesting1.lti.com:88 over UDP 10 May 2017 17:54:42,799 ERROR [ambari-client-thread-637] KdcServerConnectionVerification:115 - Failed to connect to the KDC at maxiqtesting1.lti.com:88 using either TCP or UDP

4,928 Views
0 Kudos

avatar
author-rank rlevas
Guru

Created ‎05-10-2017 01:26 PM

My only guess is that maxiqtesting1.lti.com or port 88 (UDP or TCP) is not reachable for some reason. Make sure there are no firewalls in the way and that the Ambari server host can resolve that DNS name.

If you enable debug logging, you might be able to get more information since the cause will be reported as well. To turn on the debug log for this, add the following to /etc/ambari-server/conf/log4j.properties:

log4j.logger.org.apache.ambari.server.KdcServerConnectionVerification
4,928 Views
0 Kudos

avatar
author-rank meetparthu14
New Contributor

Created ‎04-20-2018 05:59 PM

I installed HDP 2.6 and faced same problem while setting up kerberos. it's jar problem. Download policy jars for java:

http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html extract and place them in all the servers under /usr/java/jdk1.8.0_112/jre/lib/security/ . Then restart ambari server and restart krb5kds and kadmin services..now check your kdc connection will be pass

4,928 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements