We are unable to make queries to collections on Ambari Infra Solr. This same request works on other Ambari 2.5 clusters. # curl -g --negotiate -u : "http://hostname:8886/solr/ranger_audits/query?debug=query&q=*:*"<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <title>Error 403 GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))</title> </head> <body><h2>HTTP ERROR 403</h2> <p>Problem accessing /solr/ranger_audits/select. Reason: <pre> GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/> </body> </html> Here is the krb5 debug log showing the duplicate key after setting SOLR_OPTS="$SOLR_OPTS -Dsun.security.krb5.debug=true . >>> KrbApReq: authenticate succeed. Krb5Context setting peerSeqNumber to: 907174024 >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType Krb5Context setting mySeqNumber to: 512754846 Found KeyTab /etc/security/keytabs/spnego.service.keytab for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Found KeyTab /etc/security/keytabs/spnego.service.keytab for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Entered Krb5Context.acceptSecContext with state=STATE_NEW Looking for keys for: HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Added key: 17version: 2 Found unsupported keytype (1) for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Found unsupported keytype (3) for HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM Added key: 18version: 2 >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType Using builtin default etypes for permitted_enctypes default etypes for permitted_enctypes: 18 17 16 23. >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType MemoryCache: add 1508065886/914380/B8B23803754E028D7923075AFEB12AAC/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM to infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM|HTTP/hostname.domain.com@MYCLUSTER.DOMAIN.COM MemoryCache: Existing AuthList: #3: 1508065826/137763/263ACEC1894287E10DE785337DF032E1/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM #2: 1508065868/906511/338AF89A3C5C5E73950D89CD559EBEFD/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM #1: 1508065886/914380/B8B23803754E028D7923075AFEB12AAC/infra-solr/hostname.domain.com@MYCLUSTER.DOMAIN.COM But administrative requests work: # sudo curl -g --negotiate -u : "http://hostname:8886/solr/admin/collections?action=LIST" <?xml version="1.0" encoding="UTF-8"?> <response> <lst name="responseHeader"><int name="status">0</int><int name="QTime">0</int></lst><arr name="collections"><str>fulltext_index</str><str>ranger_audits</str><str>edge_index</str><str>vertex_index</str></arr> </response> ... View more

Note: HDP 2.5 is used, but can be updated for HDP 2.6 and beyond. Boot an Amazon Linux instance with at least 16GB of RAM Execute the following. It will take a while ## install docker sudo yum update -y sudo yum install -y docker ## fix docker for importing the large sandbox image sed -i.backup 's/\(^OPTIONS=.*\)"$/\1 --storage-opt=dm.basesize=20G"/' /etc/sysconfig/docker ## start docker sudo service docker start ## confirm docker is working sudo usermod -a -G docker ec2-user docker info ## download docker image curl -O http://hortonassets.s3.amazonaws.com/2.5/HDP_2.5_docker.tar.gz ## load docker image docker load -i HDP_2.5_docker.tar.gz ## confirm image is available docker images ## get sandbox docker startup script curl -O https://raw.githubusercontent.com/hortonworks/tutorials/hdp-2.5/tutorials/hortonworks/hortonworks-sandbox-hdp2.5-guide/start_sandbox.sh ## start sandbox bash start_sandbox.sh ## configure to start at boot echo "bash /root/start_sandbox.sh" >> /etc/rc.local ## Print the URL for accessing the Sandbox echo -e "##\nAccess the Sandbox at:\nhttp://$(curl -sS4 icanhazip.com):8888\n##" ... View more