@Moka Have you resolved your issue? What steps did you followed?  ... View more

Thanks it really fixes the problem RHEL 6.10 (Open JDK 1.8) ... View more

Hi @Jonas Straub,do as your article ,i create collection by curl command,and got the 401 error: curl –negotiate –u :  ‘http://myhost:8983/solr/admin/collections?action=CREATE&name=col&numShards=1&replicationFactor=1&collection.configName=_default&wt=json’ {   “responseHeader”:{ “status”:0, “QTime”:31818},   “failure”:{     “myhost:8983_solr”:”org.apache.solr.client.solrj.impl.HttpSolrClient$RemoteSolrException:Error from server at http://myhost:8983/solr:Excepted mime type application/octet-stream but got text/html. <html> <head> <meta http-equiv=\”Content-Type\” content=\”text/html;charset=utf-8\”/>” <title> Error 401 Authentication required </title>   </head>   <body> <h2>HTTP ERROR 401</h2> <p> Problem accessing /solr/admin/cores.Reason:   <pre> Authentication required</pre> </p>   </body> </html> } }   When I debug the solr source code, found this exception is returned by “coreContainer.getZKController().getOverseerCollectionQueue().offer(Utils.toJson(m), timeout)”,so I doubt maybe the solr don’t authenticate zookeeper info and I use a no-kerberos zookeeper to replace the Kerberos zookeeper, solr collection can be created successfully. How to solve the problem with Kerberos ZK? ... View more

We were able to solve this by locating one of the Cipher Suite which is originally marked as 'disabled' in ambari.properties, and enabled the same by removing the ambari.properties and restarting the server. First tried with removing the ciphers.disabled properties(take a backup), and then restart ambari-server. Used Openssl command to connect to the ambari-server on https port. Identified which cipher suite is being used to establish connection, and then located the corresponding RFC cipher mapping for the cipher suite and removed that in the list of cipher suites listed on the ciphers.disabled property in ambari.properties file. ... View more

Thank you for clarifying my questions in detail. I switched back to using ambari- server generated certificates for the 'two_way_ssl setup' for now, as the ca-signed certificate we have are SAN certificates i.e.,1 certificate with mulitple SAN for all nodes. When I tried using them, ambari server could not pick up the CA signed agent's cert, because the node name is not present the 'Subject' field of the certificate but instead in the extensions under the SAN names attribute of the certificate. Due to this scenario, I reverted to using the ambari-server signed certificates on all the nodes. Next time, we will get individual certificate for all the nodes with the name in the 'Subject' field to avoid these type of issues. ... View more

This worked. Thanks for the detailed steps. ... View more

@Anitha R Support for Windows have been deprecated starting with HDP 2.4. The response was true for version before 2.4. There are no plans to support Windows. ... View more