Initial Kerberized Impala Troubleshooting Steps
After configuring Composer to connect to a kerberized Impala data source per Connect to a Kerberized CDH Cluster, Composer may still fail to connect when the user attempts to create a new Impala data source to this kerberized CDH cluster. In these situations, we recommend you to check the following first before opening a support ticket for further assistance:
Verify that the time is synchronized between the Kerberos and Composer servers. Kerberos is very sensitive to time differences that exist. If possible, consider configuring a Network Time Protocol (e.g. ntpd) to synchronize the time on your servers.
Double-check the configuration parameters, JDBC URL, and that the correct user is specified in the
zoomdata.jvmfile for Kerberos. For example, an unintended space when copying parameters can cause the connection to fail.
Check if you are using AES-256 encryption level in your Active Directory. By default, Java does not support AES-256 encryption. In case your environment is using AES-256 encryption, make sure to do the following whenever you install Composer on a new server or you are upgrading Composer to a new major version:
Navigate to the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 download page.
Download the archive
jce/US_export_policy.jarfiles from the archive to the appropriate directory. Overwrite the files already present in the directory.
Please sign in to leave a comment.