kdc-unreachable.jpgI am trying to kereeberise my HDP cluster. I have installed a KDC on the ambari host itself and i want to use that. so i selected option 1 (existing KDC) in ambari. But when i try to test the KDC connection it fails and i get the following error.
23 Mar 2016 13:16:29,457 WARN [qtp-ambari-client-18131] KdcServerConnectionVerification:187 - An unexpected exception occurred while attempting to communicate with the KDC server at hostname:88 over TCP 23 Mar 2016 13:16:29,459 WARN [qtp-ambari-client-18131] KdcServerConnectionVerification:187 - An unexpected exception occurred while attempting to communicate with the KDC server at hostname:88 over UDP 23 Mar 2016 13:16:29,460 ERROR [qtp-ambari-client-18131] KdcServerConnectionVerification:113 - Failed to connect to the KDC at hostname:88 using either TCP or UDP
But when i try to do kinit or invoke any kerberos command from the ambari/KDC host it is working fine. It is pretty strange and i dont see any network related issues. this error is seen only when a wrong kdc information is provided. But in my case even after providing the correct details it fails. From the logs i couldnt trace anything.
Is there any way to debug or trace it.
i used ping, telenet to do the basic checks and everything is fine.
P.s i have just replaced my KDC host names with the string "hostname"in the above error message.
I have the same problem...
Ambari Version: 188.8.131.52
HDP Version: 184.108.40.206-258
I can ping KDC from Ambari Server and telnet port 88/749 as well as running kadmin command without error:
/usr/bin/kadmin -s KDC_SERVER:749 -p admin -w ****** -r EXAMPLE.COM -q "get_principal admin"
I've also checked the src code but no luck:
After retarting Ambari Server in DEBUG mode, found the problem:
Caused by: java.lang.IllegalArgumentException: Algorithm AES256 not enabled
Still testing how to enable it...
modify the krb.conf, but doesn't work.
It looks like the JCE installation issue (confirm the JCE policy jars were in the right place...)
You must deploy the jce policy on every cluster nodes if you are using built-in openjdk.
Please follow the steps.
[root@hostname]# locate local_policy.jar
[root@hostname]# wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip"
[root@hostname]# unzip -o -j -q jce_policy-8.zip -d /usr/jdk64/jdk1.8.0_112/jre/lib/security/
[root@hostname]# ambari-server rstart
Now test the connection. Hopes it will resolves the issue.