1. Login to ambari database hosted server.   2. Take the backup of database. Replace XXXXXX with correct pasword nohup mysqldump -u root -pXXXXXX --databases ambari >/ambari.sql & 3. Login to mysql with root or ambari account and remove hive keytabs. delete from kerberos_principal_host where principal_name like '%hive%'; delete from kerberos_principal where principal_name like '%hive%'; 4. Restart Ambari server. 5. Regenerate the keytabs with valid   account 6. Start the Node manager.   Note: its not only for Hive.. we can remove based on error. as caches in ambari database prevents to regenerate again  ... View more

thank you so much. I encountered same problem,but it solved after read your solution. I also changed the default config in Ambari to only 2 encryption types and hashed out the default ticket encryptions as well, then error went away. ... View more

@mRabramS Can you share how you reconfigure the KDC ?  @VidyaSargur I’m really sorry , I opened a new thread but there’s no response    BR, ... View more

Hi,  You must deploy the jce policy on every cluster nodes if you are using built-in openjdk. Please follow the steps. [root@hostname]# locate local_policy.jar [root@hostname]#  wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip" [root@hostname]#  unzip -o -j -q jce_policy-8.zip -d /usr/jdk64/jdk1.8.0_112/jre/lib/security/ [root@hostname]# ambari-server rstart   Now test the connection. Hopes it will resolves the issue.   ... View more

There are properties that are set under both - service level configurations and under Admin -- Kerberos configurations, such as  yarn. admin. acl  What if the two properties point to different values, which properties does the service pick when required?  ... View more

Sorry for the bump. I tried this in the HDP Sandbox and discovered that installing krb5-workstation-1.15.1-37.el7_7.2.x86_64.rpm solved the problem ... View more

How did you find that some process is destroying the ticket? I am also facing same issue. ... View more

I manage to retrieve the group named "ad_sshaccess_users" from the LDAP directory to the Ambari. But there is "0 member" inside this group. But in the Active Directory I created 2 users under this group mapped in the FreeIPA. Do you know if Ambari can retrieve AD users through a FreeIPA server which is doing the LDAP part? I'm not sure about that. ... View more