A very late reply to this topic, just to document the similar error I had using a Kafka client from a different Kerberos realm.   [2020-07-13 09:47:08,678] ERROR [Consumer clientId=consumer-1, groupId=console-consumer-57017] Connection to node -1 failed authentication due to: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]) occurred when evaluating SASL token received from the Kafka Broker. Kafka Client will go to AUTHENTICATION_FAILED state. (org.apache.kafka.clients.NetworkClient)   Debugging showed: error code is 7 error Message is Server not found in Kerberos database crealm is REALM1.DOMAIN.COM cname is rzuidhof@REALM1.DOMAIN.COM sname is krbtgt/REALM2.DOMAIN.COM@REALM1.DOMAIN.COM   Situation is a HDP cluster being access using a client on a host joined to a different (IPA) domain. No trust. This works without trust, I think trust is only needed to use accounts from a different domain but we used keytabs and interactive kinit from REALM1 in REALM2 to access services in REALM1.   All that was needed to get this to work was one additional line in /etc/krb5.conf on the REALM2 servers under [domain_realm] realm1.domain.com = REALM1.DOMAIN.COM   We already had under [libdefaults]: dns_lookup_realm = true dns_lookup_kdc = true We also arranged DNS forwarding, but no reverse lookups. ... View more

For me the solution to this issue was just reinstalling the ambari-agent. Maybe it was partially installed somehow. ... View more

Thank you for this explanation. I restarted Infra Solr, afterwards Atlas would not start anymore. The url /solr/admin/authorization gave a 404 not found error but was solved by the first three configs on top of this page. ... View more