@Muhammad waqas I saw some discrepancy in the krb5.conf please copy and paste this one which I have updated with your entries [libdefaults]     default_realm = ABCDATA.ORG     dns_lookup_realm = false     dns_lookup_kdc = false     ticket_lifetime = 24h     forwardable = true     udp_preference_limit = 1000000     default_tgs_enctypes = aes256-cts-hmac-sha1-96     default_tkt_enctypes = aes256-cts-hmac-sha1-96     permitted_enctypes = aes256-cts-hmac-sha1-96     kdc_timeout = 3000 [realms]     ABCDATA.ORG = {         kdc = cloudera.abcdata.org         admin_server = cloudera.abcdata.org         default_domain = ABCDATA.ORG     } [domain_realm]     .abcdata.org = ABCDATA.ORG      abcdata.org = ABCDATA.ORG [logging]     kdc = FILE:/var/log/krb5kdc.log     admin_server = FILE:/var/log/kadmin.log     default = FILE:/var/log/krb5lib.log Problem [TOKEN, KERBEROS]; Host Details: local host is: "FQDN/X.X.X.X"; destination host is: "FQDN":PORT;" The above shows your hostname is not configured # kadmin.local Authenticating as principal root/admin@ABCDATA.ORG with password. kadmin.local:  listprincs Sample output on Hortonworks nm/cloudera.abcdata.org@ABCDATA.ORG nn/cloudera.abcdata.org@ABCDATA.ORG oozie/cloudera.abcdata.org@ABCDATA.ORG rangeradmin/cloudera.abcdata.org@ABCDATA.ORG rangerlookup/cloudera.abcdata.org@ABCDATA.ORG rangertagsync/cloudera.abcdata.org@ABCDATA.ORG rangerusersync/cloudera.abcdata.org@ABCDATA.ORG rm/cloudera.abcdata.org@ABCDATA.ORG Can you share the output of $ hostname -f Does it match the entries in /etc/hosts? the format should be IP:FQDN:ALIAS After the validation and correction please regenerate the keytabs using Cloudera Manager Admin Console HTH ... View more

@Muhammad waqas Can you share the below files? kadm5.acl kdc.conf krb5.conf Switch to user hdfs from root account, please beware your output won't be exactly the same # su - hdfs Check if you have a valid ticket? You shouldn't have if the output isn't like below $ klist klist: No credentials cache found (filename: /tmp/krb5cc_1013) Destroy the Kerberos ticket $ kdestroy Get the principal attached to the hdfs keytab $ klist -kt /etc/security/keytabs/hdfs.headless.keytab Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab KVNO Timestamp           Principal ---- ------------------- ------------------------------------------------------    1 10/11/2018 10:48:48 hdfs-host@HADOOP.COM    1 10/11/2018 10:48:48 hdfs-host@HADOOP.COM    1 10/11/2018 10:48:48 hdfs-host@HADOOP.COM    1 10/11/2018 10:48:48 hdfs-host@HADOOP.COM    1 10/11/2018 10:48:48 hdfs-host@HADOOP.COM Grab a ticket by appending keytab + principal as below $ kinit -kt /etc/security/keytabs/hdfs.headless.keytab  hdfs-host@HADOOP.COM Now you should have a validate kerberos ticket $ klist Ticket cache: FILE:/tmp/krb5cc_1013 Default principal: hdfs-host@HADOOP.COM Valid starting       Expires              Service principal 05/16/2019 11:24:11  05/17/2019 11:24:11  krbtgt/HADOOP.COM@HADOOP.COM Try to access hdfs $ hdfs dfs -ls / The above command should not error out. ... View more

@Mazen Elshayeb Can you capture and share your screenshot? Firstly can you ensure your kdc and kadmin are started? Did you run this step? If not please do that while logged in as root, the output should look like below # kadmin.local -q "addprinc admin/admin" Desired output Authenticating as principal root/admin@HADOOP.COM with password. WARNING: no policy specified for admin/admin@HADOOP.COM; defaulting to no policy Enter password for principal "admin/admin@HADOOP.COM":   {password_used_during_creation} Re-enter password for principal "admin/admin@HADOOP.COM": {password_used_during_creation} Principal "admin/admin@HADOOP.COM" created. Restart kdc (Centos please adapt accordingly) # /etc/rc.d/init.d/krb5kdc start Desired output Starting Kerberos 5 KDC:                                   [  OK  ] Restart kadmin # /etc/rc.d/init.d/kadmin start Desired output Starting Kerberos 5 Admin Server:                          [  OK  ] Now continue with Ambari kerberization wizard using the admin/admin@HADOOP.COM with password earlier set That should work ... View more

@Mazen Elshayeb That's good news the principal admin should be admin/admin@HADOOP.COM and the password is the magic password you used when creating the Kerberos database. You must have gotten a warning saying keep the password safely 🙂 Please proceed and revert! ... View more

@Manjunath P N You are responding to an old thread I don't think you will get answers that fast it's better to start a new thread ... View more

@Mazen Elshayeb Any updates? ... View more

@Michael Bergamini Can you connect to zookeeper and share the output of /usr/hdp/3.1.0.0-78/zookeeper/bin/zkCli.sh Desired output WATCHER:: WatchedEvent state:SyncConnected type:None path:null [zk: localhost:2181(CONNECTED) 0] ls / [cluster, controller, brokers, storm, zookeeper, infra-solr, hbase-unsecure, admin, isr_change_notification, log_dir_event_notification, controller_epoch, hiveserver2, hiveserver2-leader, rmstore, atsv2-hbase-unsecure, consumers, ambari-metrics-cluster, latest_producer_id_block, config] Please revert ... View more

@Madhura Mhatre If you increase the size of the same ibdata disk mount then you don't need to update any metadata because the pointers will be intact in the metastore. Make sure you shut down the all the databases on the mount point before increasing the size. Happy hadooping ... View more