Hi Rafa,

following are the checksum failed exception with additional logs gathered in query server side.

        ... 19 more
Caused by: java.security.GeneralSecurityException: Checksum failed
        at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCry
pto.java:408)
        at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.jav
a:91)
        at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:100)
        ... 25 more
17/10/19 05:42:10 DEBUG server.AvaticaJsonHandler: HTTP request from 172.0.0.4 i
s unauthenticated and authentication is required
17/10/19 05:42:10 DEBUG server.HttpConnection: org.apache.phoenix.shaded.org.ecl
ipse.jetty.server.HttpConnection$SendCallback@5891b2c8[PROCESSING][i=ResponseInf
o{HTTP/1.1 404 null,278,false},cb=org.apache.phoenix.shaded.org.eclipse.jetty.se
rver.HttpChannel$CommitCallback@76bf3474] generate: NEED_HEADER (null,[p=0,l=278
,c=2048,r=278],true)@START
17/10/19 05:42:10 DEBUG server.HttpConnection: org.apache.phoenix.shaded.org.ecl
ipse.jetty.server.HttpConnection$SendCallback@5891b2c8[PROCESSING][i=ResponseInf
o{HTTP/1.1 404 null,278,false},cb=org.apache.phoenix.shaded.org.eclipse.jetty.se
rver.HttpChannel$CommitCallback@76bf3474] generate: FLUSH ([p=0,l=210,c=8192,r=2
10],[p=0,l=278,c=2048,r=278],true)@COMPLETING
17/10/19 05:42:10 DEBUG io.WriteFlusher: write: WriteFlusher@3d86d805{IDLE} [Hea
pByteBuffer@58e0ca22[p=0,l=210,c=8192,r=210]={<<<HTTP/1.1 404 Not ...z-SNAPSHOT)
\r\n\r\n>>>erver: Jetty(9.2....\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
x00\x00\x00},HeapByteBuffer@30ce894[p=0,l=278,c=2048,r=278]={<<<<html>\n<head>\n
<me.../body>\n</html>\n>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x
00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}]
17/10/19 05:42:10 DEBUG io.WriteFlusher: update WriteFlusher@3d86d805{WRITING}:I
DLE-->WRITING

Regards,
Mallieswari D

On Thu, Oct 12, 2017 at 11:00 AM, Mallieswari Dineshbabu <dmallieswari@gmail.com> wrote:
Hi Rafa,

As per your concerns, I have updated the JCE policy and tested now getting "Checksum Failed" Exception. Please find the error below.



GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum fa

iled)

        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:

788)

        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:342)

        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:285)

        at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoCon

text.java:871)

        at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext

.java:544)

        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:342)

        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:285)

        at org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginServi

ce.login(SpnegoLoginService.java:137)

        at org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.L

oginAuthenticator.login(LoginAuthenticator.java:61)

        at org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.S

pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)

        at org.apache.phoenix.shaded.org.eclipse.jetty.security.SecurityHandler.

handle(SecurityHandler.java:512)

        at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerLis

t.handle(HandlerList.java:52)

        at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWra

pper.handle(HandlerWrapper.java:97)

        at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Serv

er.java:499)

        at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle

(HttpChannel.java:311)

        at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onF

illable(HttpConnection.java:257)

        at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.r

un(AbstractConnection.java:544)

        at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP

ool.runJob(QueuedThreadPool.java:635)

        at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP

ool$3.run(QueuedThreadPool.java:555)

        at java.lang.Thread.run(Thread.java:744)

Caused by: KrbException: Checksum failed

        at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma

cEType.java:102)

        at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma

cEType.java:94)

        at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)

        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)

        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)

        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken

.java:108)

        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:

771)

        ... 19 more

Caused by: java.security.GeneralSecurityException: Checksum failed

        at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCry

pto.java:408)

        at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.jav

a:91)

        at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma

cEType.java:100)

        ... 25 more



Please help me to fix this .


Regards,


Mallieswari D


On Wed, Oct 11, 2017 at 5:42 PM, rafa <rafa13@gmail.com> wrote:
Hi Mallieswari,

The error:

KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled

points to JCE not installed or incorrectly installed in the JVM.

What I have configured is : Phoenix query server connects itself to the secured cluster with a valid kerberos principal and keytab.

The access to query server : sqlline-thin.py http://hostname:8765

Regards,
rafa



--
Thanks and regards 
D.Mallieswari



--
Thanks and regards 
D.Mallieswari