Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Unable to register Impalad: Caused by: KrbException: Identifier doesn't match expected value

avatar
author-rank Yasine
Explorer

Created ‎08-20-2023 11:36 AM

Hello,

 

We are facing issues regarding KDC,  on CDP HBase and Impalad wont start and here below the logs:

 

The Keytab file is generating kerberos ticket correctly  (using the command line kinit) and the service Keytabs have been regenerated several times but still the same issue.

 

This issue is blocking: Impala, HBase and Yarn Nodemanagers

 

Caused by: KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:226)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:237)
at sun.security.krb5.internal.CredentialsUtil.serviceCredsSingle(CredentialsUtil.java:477)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:340)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:314)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:169)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:490)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695)
... 36 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)

 

2,118 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank ChethanYM author-rank
Master Collaborator

Created ‎08-30-2023 06:03 AM

Hi,

 

The error message you provided, "Server not found in Kerberos database (7) - LOOKING_UP_SERVER," is indicating an issue with the Kerberos authentication process. This error usually occurs when the Kerberos client is unable to find the server's principal in the Kerberos database.

 

Below is the article to troubleshoot kerberos related issues:

https://community.cloudera.com/t5/Customer/Troubleshooting-Kerberos-Related-Issues-Common-Errors-and...

 

> Please check if Ensure that DNS is correctly configured for both the client and the server. The client should be able to resolve the hostname of the server to the correct IP address.

> Make sure the clocks of the client, server, and KDC are synchronized. Time differences beyond the tolerance set in Kerberos configuration can cause authentication failures.

> Ensure that the Key Distribution Center (KDC) is reachable and operational.

> Verify that the krb5.conf file on the client machine is correctly configured with the appropriate realms, KDCs, and other Kerberos settings.

 

 

Regards,

Chethan YM

 

View solution in original post

2,052 Views
0 Kudos
4 REPLIES 4

avatar
author-rank rki_ author-rank
Super Collaborator

Created ‎08-24-2023 04:57 AM

Did you make any changes at the KDC end prior to seeing this issue? Are there any other services hosted on this node that are working fine?

2,078 Views
0 Kudos

avatar
author-rank ChethanYM author-rank
Master Collaborator

Created ‎08-30-2023 06:03 AM

Hi,

 

The error message you provided, "Server not found in Kerberos database (7) - LOOKING_UP_SERVER," is indicating an issue with the Kerberos authentication process. This error usually occurs when the Kerberos client is unable to find the server's principal in the Kerberos database.

 

Below is the article to troubleshoot kerberos related issues:

https://community.cloudera.com/t5/Customer/Troubleshooting-Kerberos-Related-Issues-Common-Errors-and...

 

> Please check if Ensure that DNS is correctly configured for both the client and the server. The client should be able to resolve the hostname of the server to the correct IP address.

> Make sure the clocks of the client, server, and KDC are synchronized. Time differences beyond the tolerance set in Kerberos configuration can cause authentication failures.

> Ensure that the Key Distribution Center (KDC) is reachable and operational.

> Verify that the krb5.conf file on the client machine is correctly configured with the appropriate realms, KDCs, and other Kerberos settings.

 

 

Regards,

Chethan YM

 

2,053 Views
0 Kudos

avatar
author-rank Yasine
Explorer

Created ‎08-31-2023 09:10 AM

Hi Chethan

Well yes actually the issue was related to the DNS, actually the DNS was correctly configured and it was resolving the hostname but it seems that the reverse resolution was not working and it was blocking point.

When I declared the hostnames in the /etc/hosts it worked normally.

Regards

2,044 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎08-31-2023 09:52 PM

@Yasine,  I'm happy to see you resolved your issue. Please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
2,038 Views
0 Kudos
Announcements
Community Announcements
September 2024 Community Highlights
What's New @ Cloudera
Cloudera Streams Messaging Operator 1.1
What's New @ Cloudera
From Silos to Synergy: Unifying Data Warehousing and AI
What's New @ Cloudera
Cloudera Streaming Analytics 1.13 for Private Cloud Base
What's New @ Cloudera
Get started with Cloudera Data Engineering on AWS Graviton a...
View More Announcements