This is the Ambari error we receive when we attempt to restart the services. raise Fail(err_msg) resource_management.core.exceptions.Fail: Execution of 'curl -sS -L -w '%{http_code}' -X GET --negotiate -u : 'http://devehdp001.unix.xxxx1900.org:50070/webhdfs/v1/user/hcat?op=GETFILESTATUS&user.name=hdfs'' returned status_code=401. <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> <title>Error 401 Authentication required</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /webhdfs/v1/user/hcat. Reason: <pre> Authentication required</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/> ... View more

All users are defined locally without any AD integration. The cluster is Kerberized on HDP 2.3 and Ambari 2.1.0. The knit fails as follow: kinit: krb5_init_creds_set_keytab: Failed to find kafka/hdpblv10.t-mobile.lab@T-MOBILE.LAB in keytab FILE:/etc/security/keytabs/kafka.service.keytab (unknown enctype) . The Storm UI uses SPNEGO AUTH when in Kerberos mode. Before accessing the UI, you have to we configured our browser for SPNEGO authorization before accessing the UI as follow: Safari: no changes needed. Firefox: 1) Go to about:config and search for network.negotiate-auth.trusted-uris. 2) Double-click and add the following value: "http://storm-ui-hostname:ui-port" 3) Replace the storm-ui-hostname with the hostname where your UI is running. 4) Replace the ui-port with the Storm UI port. Google-chrome: from the command line, issue: google-chrome --auth-server-whitelist="storm-ui-hostname" --auth-negotiate-delegate-whitelist="storm-ui-hostname" Internet Explorer: 1) Configure trusted websites to include "storm-ui-hostname". 2) Allow negotiation for the UI website. ... View more