Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search
Announcements
Alert: Please see the Cloudera blog for information on the Cloudera Response to CVE-2021-4428

Yarn RM is not getting started

Labels:
mdh_raghavendra
Explorer

Created ‎10-19-2017 05:39 PM

Hi,

I am using hdp 2.6 cluster with kerberos enabled. Yarn RM is not getting started and failing with the below error. I have kerberos enabled. Can any one please help me

ERROR client.ZooKeeperSaslClient (ZooKeeperSaslClient.java:createSaslToken(388)) - An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state. 2017-10-19 13:13:05,594 ERROR zookeeper.ClientCnxn (ClientCnxn.java:run(1059)) - SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. Zookeeper Client will go to AUTH_FAILED state. 2017-10-19 13:13:12,394 INFO recovery.ZKRMStateStore (ZKRMStateStore.java:runWithRetries(1227)) - Exception while executing a ZK operation. org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /rmstore

Reply
525 Views
0 Kudos
2 REPLIES 2

balavignesh_nag
Guru

Created ‎10-23-2017 09:58 AM

@rmr1989


"Mechanism level: Server not found in Kerberos database" --> This is were the issue lies.

Please perform a forward and reverse DNS lookup of the server hostname. Your server has incorrect DNS entries. They are absolutely crucial for Kerberos. The proper place is your DNS server, in your case: domain controller. Figure out the IP address of your DNS server. Hope it Helps!

Reply
387 Views
0 Kudos

mdh_raghavendra
Explorer

Created ‎10-24-2017 05:52 AM

Hi @Bala Vignesh N V

My DNS entries are looking good. The issue arises when I use custom service accounts for all the hadoop services. When I go with the default service accounts provided by Ambari, I am not facing this issue any more. I checked the keytabs, user principals for all the services including zookeeper. Everything looks good.

Reply
387 Views
0 Kudos
Don't have an account?
Register
Announcements
What's New @ Cloudera
CDP Operational Database provides HDFS as a storage option
What's New @ Cloudera
CDP Operational Database supports ephemeral storage on AWS
What's New @ Cloudera
CDP Operational Database supports copying tables between two COD environments
What's New @ Cloudera
Cloudera supports upgrading to a runtime version with downtime
What's New @ Cloudera
CDP Operational Database supports disengaging autoadmin database function
View More Announcements