Error : HTTP/hostname@REALM already exists in Active Directory | Deleting Principals in Active Directory

0 votes
147 views
asked Aug 30, 2017 in Hadoop by admin (4,410 points)
SummaryEnabling Kerberos from Cloudera Manager UI results in Error requiring you to delete Principals in Active Directory
Applies To
  • Cloudera Manager
  • Kerberos
  • Active Directory (AD)
Symptoms
  • The following error occurs when trying to enable Kerberos from Cloudera Manager UI:

echo 'HTTP/hostname@REALM already exists in Active Directory. Please delete it before re-generating it from Cloudera Manager.'

Cause

When you generate or regenerate credentials, Cloudera Manager will use LDAP to add the necessary principals in Active Directory.  Cloudera Manager checks to see if they exist and will exit if any of the principals' objects already exist via LDAP. If it sees any it is trying to create exist, you get the following error:

HTTP/hostname@REALM already exists in Active Directory. Please delete it before re-generating it from Cloudera Manager.
Instructions
  • ​For Cloudera Manager 5.7 or lower, the Active Directory administrator must manually remove the hadoop specific principals in AD .
  1. Get assistance from an AD administrator and use the AD Users and Computers UI to delete all the principals except the Account Manager from the organization unit (OU). 
  2. In Cloudera Manager, generate the credentials:

Administration > Security > Kerberos Credentials > Generate Credentials
 

  • For Cloudera Manager 5.8 and higher, Cloudera Manager may be used to delete the accounts. Used only if Active Directory KDC is used for authentication
  1. Navigate to Administration > Settings > Kerberos and set "Active Directory Delete Accounts on Credential Regeneration"  option to true.  This will enable Cloudera Manager to automatically delete the associated Active Directory accounts. 
  2. Generate the credentials:

Administration > Security > Kerberos Credentials > Generate Credentials

Please log in or register to answer this question.

...