@svasi  I saw a couple of potential issues and I would like you to make a few changes.     Recreate an admin for Kerberos Using the below syntax # kadmin.local -q "addprinc admin/admin" ----------start of output--------- Authenticating as principal root/admin@EDHDEV.COM with a password. WARNING: no policy specified for admin/admin@EDHDEV.COM; defaulting to no policy Enter the password for principal "admin/admin@EDHDEV.COM": welcome1 Re-enter password for principal "admin/admin@EDHDEV.COM": welcome1 Principal "admin/admin@EDHDEV.COM" created. ----------end of output---------   Validate the principal works # kadmin -p admin/admin@EDHDEV.COM   It will ask for the password once successfully authenticated then type q to quit Can you leave the default encryption types? and you should select Manage krb5.conf through Cloudera Manager Don't change the kadm5.acl file it's okay the way it is !!   I saw something missing in your krb5.conf between [realms] and [logging] the domain_realm add that to all the hosts if it's a multinode [realms] EDHDEV.COM = { kdc = master-1.dev.edl.gcp.domain.it admin_server = master-1.dev.edl.gcp.domain.it }   [domain_realm] .edhdev.com = EDHDEV.COM edhdev.com = EDHDEV.COM   [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON   Go to the CM and launch the kerberization using  this below the principal   admin/admin@EDHDEV.COM   Please make the above changes restart the kdc and retry kerberization it should go smoothly Happy hadooping  ... View more

@neha_t_jain    Do you still need more clarification or did the response give you a good idea on how to proceed? I think if you plan to test drive HDP that's the only solution not to compromise your network security.   Please let me know. ... View more

@Harpreet_Singh    Any updates do you still need help? ... View more

@svasi  Can you explain one cannot guess with the information you have given. HDP or CDH?  OS Steps executed Krb5.conf Kdc.conf kadm5.acl Error log or screenshot. With the above the problem could be easier to  analyze     ... View more

@iamabug  I now get you so yours is Ambari managed let me get back to you after testing ... View more

@m4x1m1li4n  Was you cluster deployed using a cloudfornation template? Apart from that strange port  can your hostname master.sysdatadigital.it resolve to the AWS IP? Remember its very trick with Internal and Public  IP's because the hosts in the AWS datacenter need the internal IP's to communicate whilst the public IP is the accessible to the outside world. If you was to access and Cloudera service in AWS you will need to map your local hostname to the Public IP in AWS. The best solution for testing is to create a firewall inbound rule to only accept connections from you IP this is only good for testing and you should always harden your network security. ... View more

@iamabug  I think it's a misconfiguration can you see the differences between these 2? The one in Black and BOLD is your current remove the ( = ) and replace it with a colon ( : ) and space after    listener.security.protocol.map=SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT          [old] listener.security.protocol.map: SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL:SASL_PLAINTEXT              [New] Restart the brokers and let me know if you still encounter the problem   ... View more

@m4x1m1li4n  I am wondering why your zookeeper is running on port 4181?? As shown in the log. Please check that  the default zk port is 2181 after sorting that out restart the zookeeper ensemble   2019-11-05 16:05:48,449 WARN org.apache.zookeeper.server.quorum.QuorumCnxManager: Cannot open channel to 2 at election address slave3.sysdatadigital.it/13.53.62.160:4181 java.net.ConnectException: Connection refused (Connection refused)   The default port for zookeeper is 2181 I have attached a screenshot of my zk see attached even if I had an assemble I would still have usually an FQDN:2181 slave3.sysdatadigital.it:2181,slave1.sysdatadigital.it:2181,slave2.sysdatadigital.it:2181   Can you ensure your Zookeeper assemble is up and running, down in the log too it seems you don't have an odd number of zookeepers in your case at least 3 Zookeepers to avoid the split-brain decision Happy hadooping ... View more