AnsweredAssumed Answered

Bad server key [Caused by javax.security.sasl.SaslException: Error while trying to decrypt ticket: 22] while trying to connect to secure zookeeper node from remote cluster.

Question asked by hyalam on Jul 17, 2018
Latest reply on Jul 25, 2018 by keysbotzum

If I use zk client from a secure cluster A to connect to Zk node on Secure cluster B, I am experiencing unstability in the connection.

 

/opt/mapr/zookeeper/zookeeper/bin/zkCli.sh -server zknode:5181
Connecting to zknode:5181
Welcome to ZooKeeper!
JLine support is enabled
[zk: zknode:5181(CONNECTING) 0]
WATCHER::

WatchedEvent state:SyncConnected type:None path:null

WATCHER::

WatchedEvent state:Disconnected type:None path:null

WATCHER::

WatchedEvent state:SyncConnected type:None path:null

WATCHER::

WatchedEvent state:Disconnected type:None path:null

WATCHER::

WatchedEvent state:SyncConnected type:None path:null

WATCHER::

WatchedEvent state:Disconnected type:None path:null

 

2018-07-17 14:05:42,594 [myid:2] - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:5181:ZooKeeperServer@595] - Established session 0x2648a1a5466419d with negotiated timeout 30000 for client /zkclient:48558
2018-07-17 14:05:42,595 [myid:2] - WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:5181:ZooKeeperServer@940] - Client failed to SASL authenticate: javax.security.sasl.SaslException: Bad server key [Caused by javax.security.sasl.SaslException: Error while trying to decrypt ticket: 22]
2018-07-17 14:05:42,595 [myid:2] - WARN [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:5181:ZooKeeperServer@946] - Closing client connection due to SASL authentication failure.
2018-07-17 14:05:42,595 [myid:2] - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:5181:NIOServerCnxn@1026] - Closed socket connection for client /zkclient:48558 which had sessionid 0x2648a1a5466419d
2018-07-17 14:05:42,595 [myid:2] - ERROR [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:5181:NIOServerCnxn@180] - Unexpected Exception:
java.nio.channels.CancelledKeyException
at sun.nio.ch.SelectionKeyImpl.ensureValid(SelectionKeyImpl.java:73)
at sun.nio.ch.SelectionKeyImpl.interestOps(SelectionKeyImpl.java:77)
at org.apache.zookeeper.server.NIOServerCnxn.sendBuffer(NIOServerCnxn.java:153)
at org.apache.zookeeper.server.NIOServerCnxn.sendResponse(NIOServerCnxn.java:1101)
at org.apache.zookeeper.server.ZooKeeperServer.processPacket(ZooKeeperServer.java:907)
at org.apache.zookeeper.server.NIOServerCnxn.readRequest(NIOServerCnxn.java:365)
at org.apache.zookeeper.server.NIOServerCnxn.readPayload(NIOServerCnxn.java:202)
at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:236)
at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
at java.lang.Thread.run(Thread.java:748)

 

I have a valid mapr ticket, both clusters have merged ssl_truststore, maprservertickets belonging to each other.

 

Please provide any insights on why Iam seeing this issue?

Keys Botzum 

Outcomes