I reset the KDC credentials via the "Manage KDC credentials" button in Kerberos menu and now Iam getting a slightly different error when I try to reinstall Ranger KMS my TGT system is working fine for HIVE n HBASE so why ranger KMS cant find the krb5.conf file . .is there a setting in the KMS service for this that might be wrong ? ... 103 more 23 Dec 2016 22:16:33,131 WARN [ambari-client-thread-837] ServletHandler:561 - Error Processing URI: /api/v1/clusters/FDOT_Hadoop/hosts/hadoop1.abc.com/host_components/RANGER_KMS_SERVER - (java.lang.RuntimeException) Update Host request submission failed: org.apache.ambari.server.AmbariException: The 'krb5-conf' configuration is not available 23 Dec 2016 22:16:33,131 WARN [ambari-client-thread-837] ServletHandler:561 - Error Processing URI: /api/v1/clusters/FDOT_Hadoop/hosts/hadoop1.abc.com/host_components/RANGER_KMS_SERVER - (java.lang.RuntimeException) Update Host request submission failed: org.apache.ambari.server.AmbariException: The 'krb5-conf' configuration is not available ... View more

ok I reset the KDC credentials via the Manage KDC credentials button and I entered principal as admin/admin. now I am not getting locked out but if I try to reinstall KMS I am getting t he error below .. he is not finding the krb5.conf file . is there a setting in Kerberos which is messed up ? since as I stated earlier the TGT system is working fine on the command level for HIVE n HBASE ? ... 103 more 23 Dec 2016 22:16:33,131 WARN [ambari-client-thread-837] ServletHandler:561 - Error Processing URI: /api/v1/clusters/FDOT_Hadoop/hosts/hadoop1.abc.com/host_components/RANGER_KMS_SERVER - (java.lang.RuntimeException) Update Host request submission failed: org.apache.ambari.server.AmbariException: The 'krb5-conf' configuration is not available 23 Dec 2016 22:16:33,131 WARN [ambari-client-thread-837] ServletHandler:561 - Error Processing URI: /api/v1/clusters/FDOT_Hadoop/hosts/hadoop1.abc.com/host_components/RANGER_KMS_SERVER - (java.lang.RuntimeException) Update Host request submission failed: org.apache.ambari.server.AmbariException: The 'krb5-conf' configuration is not available ... View more

I don't see any button to do the "service check " how can I run this check ? ... View more

but which credential we are talking about ? this error is coming up when I try to install ranger KMS also how can I know what is my current KDC administrator credentials ? ... View more

yes i did ... View more

you misunderstood me , i have no issue logging in, its just that it logs me out after every few mins or if try to start some service inside the ambari console . There is no problem with username or password. ... View more

I have already tried this ----- --- To set up Ambari's credential store, the following command must be invoked from the Ambari server host's command line: -------------------------------------------------------------------------------------------------------------------------- [root@hadoop1 ambari-server]# ambari-server setup-security Using python /usr/bin/python Security setup options... =========================================================================== Choose one of the following options: [1] Enable HTTPS for Ambari server. [2] Encrypt passwords stored in ambari.properties file. [3] Setup Ambari kerberos JAAS configuration. [4] Setup truststore. [5] Import certificate to truststore. =========================================================================== Enter choice, (1-5): 2 Please provide master key for locking the credential store: Re-enter master key: Do you want to persist master key. If you choose not to persist, you need to provide the Master Key while starting the ambari server as an env variable named AMBARI_SECURITY_MASTER_KEY or the start will prompt for the master key. Persist [y/n] (y)? y Adjusting ambari-server permissions and ownership... Ambari Server 'setup-security' completed successfully. [root@hadoop1 ambari-server]# ls -ltr /var/lib/ambari-server/keys/credentials.jceks -rw-r----- 1 root root 503 Dec 23 15:33 /var/lib/ambari-server/keys/credentials.jceks [root@hadoop1 ambari-server]# ---- TO TEST THE KEY STORED --------------------------- [root@hadoop1 ambari-server]# $JAVA_HOME/bin/keytool -list -keystore /var/lib/ambari-server/keys/credentials.jceks -storetype JCEKS Enter keystore password: Keystore type: JCEKS Keystore provider: SunJCE Your keystore contains 1 entry ambari.db.password, Dec 23, 2016, SecretKeyEntry, [root@hadoop1 ambari-server]# [root@hadoop1 ambari-server]# $JAVA_HOME/bin/keytool -importpass \ -keystore /var/lib/ambari-server/keys/credentials.jceks \ -storetype JCEKS \ -alias cluster.FDOT_hadoop.kdc.admin.credential Enter keystore password: Enter the password to be stored: Re-enter password: Enter key password for <cluster.FDOT_hadoop.kdc.admin.credential> (RETURN if same as keystore password): ... View more

I fixed the Kerberos-env error the same way rgangappa suggested update clusterconfigmapping set selected=1 where type_name='kerberos-env' and version_tag='version1480534635088'; ... View more