Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Kerberos KDC not reachable

avatar

kdc-unreachable.jpgI am trying to kereeberise my HDP cluster. I have installed a KDC on the ambari host itself and i want to use that. so i selected option 1 (existing KDC) in ambari. But when i try to test the KDC connection it fails and i get the following error.

23 Mar 2016 13:16:29,457 WARN [qtp-ambari-client-18131] KdcServerConnectionVerification:187 - An unexpected exception occurred while attempting to communicate with the KDC server at hostname:88 over TCP 23 Mar 2016 13:16:29,459 WARN [qtp-ambari-client-18131] KdcServerConnectionVerification:187 - An unexpected exception occurred while attempting to communicate with the KDC server at hostname:88 over UDP 23 Mar 2016 13:16:29,460 ERROR [qtp-ambari-client-18131] KdcServerConnectionVerification:113 - Failed to connect to the KDC at hostname:88 using either TCP or UDP

But when i try to do kinit or invoke any kerberos command from the ambari/KDC host it is working fine. It is pretty strange and i dont see any network related issues. this error is seen only when a wrong kdc information is provided. But in my case even after providing the correct details it fails. From the logs i couldnt trace anything.

Is there any way to debug or trace it.

i used ping, telenet to do the basic checks and everything is fine.

P.s i have just replaced my KDC host names with the string "hostname"in the above error message.

1 ACCEPTED SOLUTION

avatar
New Contributor

I have the same problem...

Ambari Version: 2.2.2.0

HDP Version: 2.4.2.0-258

I can ping KDC from Ambari Server and telnet port 88/749 as well as running kadmin command without error:

/usr/bin/kadmin -s KDC_SERVER:749 -p admin -w ****** -r EXAMPLE.COM -q "get_principal admin"

I've also checked the src code but no luck:

https://github.com/apache/ambari/blob/trunk/ambari-server/src/main/java/org/apache/ambari/server/Kdc...

After retarting Ambari Server in DEBUG mode, found the problem:

Caused by: java.lang.IllegalArgumentException: Algorithm AES256 not enabled

Still testing how to enable it...

modify the krb.conf, but doesn't work.

It looks like the JCE installation issue (confirm the JCE policy jars were in the right place...)

View solution in original post

11 REPLIES 11

avatar
Expert Contributor

It doesnt work for me even though i faced same problem and i did same steps mentioned..

avatar
New Contributor

Hi, 

You must deploy the jce policy on every cluster nodes if you are using built-in openjdk.

Please follow the steps.

[root@hostname]# locate local_policy.jar

[root@hostname]# wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip"

[root@hostname]# unzip -o -j -q jce_policy-8.zip -d /usr/jdk64/jdk1.8.0_112/jre/lib/security/

[root@hostname]# ambari-server rstart

 

Now test the connection. Hopes it will resolves the issue.