Cloudera Docs

Troubleshooting

When creating your hybrid Data Hub, you may encounter configuration issues that prevent successful provisioning. This page lists possible issues and solutions.

Trust was not configured on KDC

Symptoms in the Cloudera Manager of the Cloudera Hybrid Data Hub

The import template command failed with the following details:
Failed to perform First Run of services.
Failed to create Ranger repository.
stdout: result GET service/public/v2/api/service/name/<clustername> 401

Solution

Ensure that you have run all steps in https://docs.cloudera.com/hybrid-cloud/latest/creating-hybrid-envs/topics/hc-setting-up-trust-hybrid-envs.html and then retry.

Trusted realms were not configured in Cloudera Manager of Cloudera on premises

Symptoms in the Cloudera Manager of the Cloudera Hybrid Data Hub

The import template command failed with the following details:
Failed to perform First Run of services.
Failed to create Ranger repository.
stdout: result POST service/public/v2/api/service 404

Symptoms in the Cloudera Manager of the Cloudera on premises cluster

Ranger Admin role contains logs with the following details:
Operation error.
response=VXResponse={org.apache.ranger.view.VXResponse@494fb292statusCode={1}
msgDesc={RangerKRBAuthenticationFilter Failed : No rules applied to
<datahub_principal>} messageList={null} }
javax.ws.rs.WebApplicationException: null

Solution

Ensure that you have all run all steps in https://docs.cloudera.com/cdp-private-cloud-base/7.3.1/security-kerberos-authentication/topics/cm-security-kerberos-authentication-add-trusted-realms.html and then retry.

Active Directory has weak encryption settings

The default weak encryption settings of older Active Directory versions are not compatible with FreeIPA.

Symptoms in the Cloudera Manager of the Cloudera Hybrid Data Hub

The import template command failed with the following details:
Failed to perform First Run of services.
Failed to create Ranger repository.
stdout: result GET service/public/v2/api/service/name/<clustername> 403

Symptoms in the Cloudera Manager of the Cloudera on premises cluster

There are errors in Ranger Admin role logs:
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: Failure unspecified at GSS-API level (Mechanism level: AES256 CTS
mode with HMAC SHA1-96 encryption type not in permitted_enctypes list)

Solution

Follow the steps in https://docs.cloudera.com/hybrid-cloud/latest/creating-hybrid-envs/topics/hc-active-directory-encryption-settings-task.html and then retry.