Hello, I enabled HTTPS for my Ambari Server before I changed it to run as a non-root daemon user. After I enabled non-root daemon, I'm getting the following error: 24 Jan 2017 17:06:48,001 WARN [main] AbstractLifeCycle:204 - FAILED SslSelectChannelConnector@0.0.0.0:443: java.net.SocketException: Permission denied java.net.SocketException: Permission denied at sun.nio.ch.Net.bind0(Native Method) at sun.nio.ch.Net.bind(Net.java:433) at sun.nio.ch.Net.bind(Net.java:425) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74) at org.eclipse.jetty.server.nio.SelectChannelConnector.open(SelectChannelConnector.java:187) at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:316) at org.eclipse.jetty.server.nio.SelectChannelConnector.doStart(SelectChannelConnector.java:265) at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:631) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) at org.eclipse.jetty.server.Server.doStart(Server.java:293) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) at org.apache.ambari.server.controller.AmbariServer.run(AmbariServer.java:617) at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:927) It seems as though even though I've put in all the sudo settings (starting here: https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-security/content/commands_server.html ) the non-root user still doesn't have enough permissions to read the certificate to use for SSL binding. Does anyone know what is needed for this permission issue to be resolved? The SSL certificate and key are installed in /etc/ssl/certs/ I've been searching and I can't seem to find an answer to this. Thanks ... View more

Hello, I'm receiving this error: Failed to connect to KDC - Failed to communicate with the Active Directory at LDAP://hq.domain.com/OU=Production,OU=domain,DC=hq,DC=domain,DC=com: simple bind failed: hq.domain.com:389 Update the KDC settings in krb5-conf and kerberos-env configurations to correct this issue. I've been following this guide: https://www.ibm.com/support/knowledgecenter/SSPT3X_4.2.0/com.ibm.swg.im.infosphere.biginsights.admin.doc/doc/admin_kerb_activedir.html as well as the HDP documentation on this. I'm doing the automated kerberos wizard. JCE has been distributed to all of the nodes, I'm using Oracle JDK 1.8. Attached is the full stack trace: kerberos-stack.txt The KDC Test Connection passes just fine, I can see expected network traffic between my domain controller and the Ambari server. The only main difference is that I'm not using SSL on AD. I figure this should be fine and Ambari can just use the plaintext 389 port. I realize this is a security concern but I have no way around this right now. I don't have control over this area of our domain setup. Could this be my issue? Any help appreciated. Thanks. EDIT: I was able to successfully parse AD using the ldapsearch tool using the same DN and LDAP url that I'm specifying. Also with the same admin user. ... View more