@rizalt  Can you share the OS ,OS version and HDP version you are trying to Kerberize? I don't have a dump of HDP binaries though. I would like to reproduce and share the steps.? I suggest starting afresh so delete/destroy the current KDC as the root user or sudo the following steps are specific to  ubuntu  re-adapt for appropriate OS # sudo  kdb5_util -r HADOOP.COM destroy Accept with a "Yes" Now create a new Kerberos database Complete remove Kerberos $ sudo apt purge -y krb5-kdc krb5-admin-server krb5-config krb5-locales krb5-user krb5.conf  $ sudo rm -rf /var/lib/krb5kdc Do a refresh installation First, get the FQDN of your kdc server for this example # hostanme -f  test.hadoop.com Use the above output for a later set up # apt install krb5-kdc krb5-admin-server krb5-config Proceed as follow At the prompt for the Kerberos Realm = HADOOP.COM Kerberos server hostname = test.hadoop.com Administrative server for Kerberos REALM = test.hadoop.com Configuring krb5 Admin Server # krb5_newrealm Open /etc/krb5kdc/kadm5.acl it should contain a line like this */admin@HADOOP.COM * The kdc.conf should be adjusted to look like this [kdcdefaults]  kdc_ports = 88  kdc_tcp_ports = 88 [realms]  HADOOP.COM = {   #master_key_type = aes256-cts   acl_file = /var/kerberos/krb5kdc/kadm5.acl   dict_file = /usr/share/dict/words   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab   supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal }   The krb5.conf should look like this if you are on a multi-node cluster this is the fines you will copy to all other hosts, notice the entry under domain_realm? [libdefaults]   renew_lifetime = 7d   forwardable = true   default_realm = HADOOP.COM   ticket_lifetime = 24h   dns_lookup_realm = false   dns_lookup_kdc = false   default_ccache_name = /tmp/krb5cc_%{uid}   #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5   #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [domain_realm]   .hadoop.com = HADOOP.COM   hadoop.com = HADOOP.COM [logging]   default = FILE:/var/log/krb5kdc.log   admin_server = FILE:/var/log/kadmind.log   kdc = FILE:/var/log/krb5kdc.log [realms]   HADOOP.COM = {     admin_server = test.hadoop.com     kdc = test.hadoop.com   }  Restart the Kerberos kdc daemons and kerberos admin servers: # for script in /etc/init.d/krb5*; do $script restart; done  Don't manually create any principle like the "ambari_hdfs-050819@HADOOP.COM" Go to the ambari kerberos wizard for the domain notice the . (dot)  kdc host = test.hadoop.com Real Name = HADOOP.COM Domains = .hadoop.com ,hadoop.com ----- kadmin host = test.hadoop.com Admin principal = admin/admin@HADOOP.COM Admin  password = password set during the creation of kdc database Now from here just accept the default the keytabs should generate successfully.  ... View more

@rizalt  Did you see the same entry in the krb5.conf that I suggested you add? [domain_realm]   .hadoop.com = HADOOP.COM   hadoop.com = HADOOP.COM In the Kerberos setup UI you should also include  HADOOP.COM , . HADOOP.COM  Check a solution I offered Error while enabling Kerberos on ambari Hope that helps ... View more

@rizalt  Make a backup of your krb5.conf and modify it like below # Configuration snippets may be placed in this directory as well includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = /tmp/krb5cc_%{uid} #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [realms] HADOOP.COM = { admin_server = master1.hadoop.com kdc = master1.hadoop.com } [domain_realm] .master1.hadoop.com = HADOOP.COM master1.hadoop.com = HADOOP.COM   Then restart the KDC and retry    ... View more

@rizalt  There are a couple of things to validate. Step 1 Pre-requisites Kerberos Server: Ensure you have a Kerberos Key Distribution Center (KDC) and an administrative server set up. DNS: Proper DNS setup is required for both forward and reverse lookups. NTP: Time synchronization across all nodes using Network Time Protocol (NTP). HDP Cluster: A running Hortonworks Data Platform (HDP) cluster. Step 2:  Check your /etc/host file ensure your KDC host is assigned the domain HADOOP.COM to match your KDC credentials # hostname -f Step 3: Once that matches then edit the Kerberos configuration file (/etc/krb5.conf) on all nodes to point to your KDC you can scramble the sensitive info and share   [libdefaults] default_realm = HADOOP.COM dns_lookup_realm = false dns_lookup_kdc = false [realms] HADOOP.COM = { kdc = kdc.hadoop.com admin_server = admin.hadoop.com } [domain_realm] .hadoop.com = HADOOP.COM hadoop.com = HADOOP.COM   Step 4: Locate your kadm5.acl file and ensure it looks like this */admin@HADOOP.COM * Step 5: Restart the KDC and admin servers as root or with sudo   # systemctl restart krb5kdc # systemctl restart kadmin   Step 6: Check Kerberos Ticket: Ensure that the Kerberos ticket is obtained correctly. kinit -kt /etc/security/keytabs/hdfs.keytab hdfs/hostname@HADOOP.COM klist If your setup is correct you will see an output like below    Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: hdfs/hostname@HADOOP.COM Valid starting Expires Service principal 06/05/2024 09:50:21 06/06/2024 09:50:21 krbtgt/HADOOP.COM@HADOOP.COM renew until 06/05/2024 09:50:21 06/05/2024 09:50:22 06/06/2024 09:50:21 HTTP/hostname@HADOOP.COM renew until 06/05/2024 09:50:21 Hope that helps  ... View more

@achemeleu  Welcome Acemeleu, @DianaTorres  for pinging me on this one. I provide 2  solutions see  threads about a similar case  Ambari stuck1 Ambari.stuck2 Can you check the above solution and see if that works out for you too? In case it doesn't please can you share your HDP version, database type/version, ambari-server logs  and OS type/version, and  the brief  background of the steps you executed before getting stuck Please let us know whether that resolved your issue. Geoffrey ... View more

@harry_12  Assumption non kerberized sandboox User creation in Ambari Ui should auto create user's home directory. Let try out this recommended approach On your Ambari Server host, backup and edit the ambari-properties file. # cp /etc/ambari-server/conf/ambari.properties /etc/ambari-server/conf/ambari.properties_<$date> Edit using vi in this example # vi /etc/ambari-server/conf/ambari.properties For consistency group it alphabetically add the line below as shown see last line  ambari.post.user.creation.hook=/var/lib/ambari-server/resources/scripts/post-user-creation-hook.sh #Sat Apr 15 21:49:53 CEST 2023 agent.package.install.task.timeout=1800 agent.stack.retry.on_repo_unavailability=false agent.stack.retry.tries=5 agent.task.timeout=900 agent.threadpool.size.max=25 ambari-server.user=root ambari.python.wrap=ambari-python-wrap ambari.post.user.creation.hook=/var/lib/ambari-server/resources/scripts/post-user-creation-hook.sh Save the new ambari.properties Restart Ambari server. # ambari-server restart Recreate a new user and see if the home dir is auto-created in /user/<New_user> Please let me know if that helped ... View more

@harry_12  Can you share the link for the download of the sandbox? I want to try it  ... View more

@harry_12  Can you share the configs ie Memory /Cores  allocated to your Sandbox and share the link  for the download I will test that  and document my process   ... View more

@harry_12  Sounds familiar is the first time running VB  is virtualization enabled on the host? Or have you simply tried re-installing it? If you are the type who loves to deep dive here is good documentation on  Result Code E Fail 0x80004005  I am sure that should help out  ... View more

@YasBHK  File /user/hdfs/data/file.xlsx could only be written to 0 of the 1 minReplication nodes. There are 1 datanode(s) running and 1 node(s) are excluded in this operation. So that means your data node is down can you restart the HDFS service and retry? ... View more