@Raju It looks like you might not have setup the FQDN properly for all your hosts. (Or the hostname might have changed) Ambari associates the FQDN (hostname) in the principal name So ig you are not setting up your host FQDN properly then the keytabs might be generated with incorrect principals. Please check if your Hosts have recently changed their hostname? Vefify the output of the following command in different hosts of your cluster including the problematic host. # hostname -f # /cat /etc/hosts . Once you fix the hostname, Please try to regenerate the Keytabs from Ambari UI --> Kerberos --> Regenerate Keytabs NOTE: Regenerating Keytabs will require whole cluster restart, hence please find a maintenance window to do that. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.2/bk_ambari-operations/content/how_to_regenerate_keytabs.html . Hadoop relies heavily on DNS, and as such performs many DNS lookups during normal operation. All hosts in your system must be configured for both forward and and reverse DNS. If you are unable to configure DNS in this way, you should edit the /etc/hosts file on every host in your cluster to contain the IP address and Fully Qualified Domain Name of each of your hosts. https://docs.hortonworks.com/HDPDocuments/Ambari-2.6.2.2/bk_ambari-installation-ppc/content/check_dns.html ... View more

Hey @Vipin Rathor I'm running Ambari 2.7.X on my cluster and I want to disable all protocols but TLSv1.2 Following you suggestion, I've added the following to ambari.properties: security.server.disabled.protocols=SSL|SSLv2|SSLv3|TLSv1.0|TLSv1.1. Yet, after restarting the server and running a SSL scanner tool, it still marks both TLSv1.0 and TLSv1.1 valid. Could you please help? Thanks, Tomer ... View more

@Kuldeep Kulkarni Add "deploy JCE policies" steps as prerequisites. I tried without JCE and it fails for me. Let me know if i am missing anything. ... View more