Initial Kerberized Impala Troubleshooting Steps
After configuring Zoomdata to connect to a kerberized Impala datasource per our documentation , Zoomdata may still fail to connect when the user attempts to create a new Impala datasource to this kerberized CDH cluster. In these situations, we recommend you to check the following first before opening a support ticket for further assistance:
- Verify that the time is synchronized between the kerberos and Zoomdata servers. Kerberos is very sensitive to time differences that exist. If possible, consider configuring a Network Time Protocol (e.g. ntpd) to synchronize the time on your servers.
- Double-check the configuration parameters, JDBC URL, and that the correct user is specified in the zoomdata.env file for Kerberos. For example, an unintended space when copying parameters can cause the connection to fail.
Check if you are using AES-256 encryption level in your Active Directory. For more information on how to do this in Active Directory, refer to
. By default, Java
support AES-256 encryption. In case your environment is using AES-256 encryption, make sure to do the following
whenever you install Zoomdata on a new server or you are upgrading Zoomdata to a new major version
- Navigate to the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 download page .
- Download the archive jce_policy-8.zip.
- Extract the jce/local_policy.jar and jce/US_export_policy.jar files from the archive to the /opt/zoomdata/jre/lib/security/ directory. Overwrite the files already present in the directory.
- Restart Zoomdata.