I am able to sucessfully put a file in a non-encrypted zone. 

when i try to put a file to an encrypted zone i see this error. The file however is copied to the encrypted zone. 

desind@xxxx:~#> hdfs dfs -put users.txt /ccnd/test

18/02/01 06:54:19 WARN kms.LoadBalancingKMSClientProvider: KMS provider at [https://xxxx.com:16000/kms/v1/] threw an IOException [Key retrieval failed.]!!

Caused by: java.lang.NullPointerException: No KeyVersion exists for key 'testTLS1'
at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:231)
at org.apache.hadoop.crypto.key.KeyProviderCryptoExtension$DefaultCryptoExtension.generateEncryptedKey(KeyProviderCryptoExtension.java:294)
at org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.generateEncryptedKey(KeyProviderCryptoExtension.java:511)
at org.apache.hadoop.crypto.key.kms.server.EagerKeyGeneratorKeyProviderCryptoExtension$CryptoExtension$EncryptedQueueRefiller.fillQueueForKey(EagerKeyGen
eratorKeyProviderCryptoExtension.java:76)
at org.apache.hadoop.crypto.key.kms.ValueQueue$1.load(ValueQueue.java:246)
at org.apache.hadoop.crypto.key.kms.ValueQueue$1.load(ValueQueue.java:240)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
... 54 more
2018-02-02 09:52:50,353 WARN org.apache.hadoop.crypto.key.kms.server.KMS: User hdfs/xxxx.com@VSP.SAS.COM (auth:KERBEROS) request GET https://xxxx.com:16000/kms/v1/key/testTLS1/_eek?num_keys=150&eek_op=generate caused exception.

Can someone advise where to check ? 

We have kerberos and SSL enabled in the cluster.