7 Replies Latest reply on Jan 12, 2021 9:25 AM by Thiru S

    Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

    Daniel Laoh New Member

      Our Informatica Developer 10.2.2 can't connect to Kafka connection after we upgraded it from previous version.

      Here, our problems:

      1. We tried to check Kafka connection in Informatica Administrator (Admin Console).

      The result was "Connection tested successfully"

       

      2. With the same configuration in Informatica Administrator, we tried to restart our Informatica Developer 10.2.2 and check Kafka connection. The result was "Test Connection failed. Failed to construct kafka consumer. Cause: javax.security.auth.login.LoginException: Unable to obtain password from user"

       

      3. Our problems probably like this:

      https://knowledge.informatica.com/s/article/576611?language=en_US

      But, we already applied the resolution and we got another errors.

      "Test Connection failed. Failed to construct kafka consumer. Case: javax.security.auth.login.LoginException: null(68)"

       

      After we upgraded the Informatica Developer to 10.4.1, we still couldn't connect to Kafka connection in Informatica Developer 10.4.1.

       

      Any idea how to solve this problem?  Please help us!

       

      Thanks

      Best Regards,

      Daniel Laoh

        • 1. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1
          puneeth natesha Active Member

          Hi Daniel ,

           

          Could you please confirm, is this a kerberose enabled kafka? If yes, could you please share the connection screenshot to check on this issue futher.

           

           

          Thanks

          Puneeth

          • 2. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1
            Daniel Laoh New Member

            Hi Punneth Natesha,

             

            How can I check the kerberos enabled for kafka? Is it for general or only for Informatica? Because if we use another application or programming language, we can connect to kafka using kerberos.

            By the way, this is our connection properties:

             

             

             

             

            Thanks

            Best Regards,

            Daniel Laoh

            • 3. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1
              Thiru S New Member

              Hi Daniel,

               

              Kerberos is the Authentication protocol and it would be generally enabled at the Application side for enhanced security.

               

              From the shared Kafka connection details, it seems Kerberos Authentication is already enabled at the Kafka server.

               

              As per the connection details, for the Kerberos authentication, keytab file of name - kafka-client-ex.keytab - would be used.

               

              As the 'Test connection'  is mentioned to be working from the 'Informatica Admin Console' , we believe that keytab file is present and accessible in the Informatica Domain machine.  Based on the connection properties, keytab file should be present at '/home/appbigd/kafka_dev' location in the Informatica Domain server machine.

               

              To test the Kafka connection successfully from 'Developer Client' machine, perform the following steps:

               

              • Ensure that Kerberos server configuration file - 'krb5.ini' - is present in 'C:\Windows' location of Developer client machine and it has the details of KDC corresponding to the realm - 'DTI.CO.ID'. Reach out to your System/Kafka Admin, if the file is not present.

               

              Sample 'krb5.ini' file content

               

               

              [libdefaults]

              dns_lookup_realm = false

              ticket_lifetime = 24h

              renew_lifetime = 7d

               

              [realms]                                   

              DTI.CO.ID = {

                kdc = inxyzdei04.informatica.com

                admin_server = inxyzdei04.informatica.com

              }

               

              • Download the Keytab file - kafka-client-ex.keytab -  from the Informatica Server Machine into the 'Developer Client' machine.
              • Once the keytab file is downloaded, edit the Kafka connection update the 'keytab'  attribute in the 'Additional Connection Properties' of the Kafka connection:

               

              Existing:

               

              [other_properties] keytab=/home/appbigd/kafka_dev/kafka-client-ex.keytab [remaining_properties]

               

              Expected:

               

              [other_properties] keytab=<path_to_downloaded_keytab_file_in_Developer_Client_Machine> [remaining_properties]

               

              E.g.

              [other_properties] keytab=C:\tmp\kafka-client-ex.keytab [remaining_properties]

               

               

              Note:-

               

              • Take backup of existing properties before the change.
              • Once the connection is tested successfully and the required Kafka topics are imported, before running the mapping, change the keytab location back to Informatica Domain machine location (/home/appbigd/kafka_dev/kafka-client-ex.keytab ) .
              • 4. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1
                Daniel Laoh New Member

                Dear Thiru S,

                 

                Thanks for your advice, we tried to follow your instructions and still got errors like this:

                What does it means? Is there any wrong configuration about our krb5.ini?

                 

                Thanks

                Best Regards,

                Daniel Laoh

                • 5. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1
                  Thiru S New Member

                  Hi Daniel,

                     It seems the Kerberos configuration/connectivity related error.

                   

                  To validate the Kerberos connectivity outside the Developer Client, you can perform the following steps:

                   

                  • Launch a command prompt (cmd) program in the Windows Developer client machine.
                  • Run the following commands to verify if the Kerberos ticket could be generated successfully:

                   

                  cd %INFA_CLIENT_HOME%\clients\java\bin

                   

                  .\klist.exe -k -t [absolute_path_to_keytab]   ### To get the Service Principal Name (SPN) in the keytab

                   

                  .\kinit.exe [absolute_path_to_keytab] [spn]  ## To generate new Kerberos authentication ticket

                   

                  .\klist.exe                                  ## To verify the newly generated Kerberos authentication ticket

                   

                   

                  E.g.

                  cd C:\Informatica\10.4.1.2\clients\java\bin

                   

                  .\klist.exe -k -t C:\Work\keytabs\GCSBDMSNHDP\ths.keytab

                   

                  .\kinit.exe C:\Work\keytabs\GCSBDMSNHDP\ths.keytab ths@GCSBDMSNHDP.COM

                   

                  .\klist.exe

                   

                   

                   

                  If the Kerberos authentication ticket generation is not working outside, then we can confirm that there are some issues either with the 'krb5.ini' file (or) the keytab file used.

                   

                  If the Kerberos authentication is working fine outside, then it can be confirmed that there are no issues with the 'krb5.ini' file (or) the keytab file used. In such case, verify the Kafka connection details once again and ensure that they are matching the tested values.

                   

                  • 6. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1
                    Daniel Laoh New Member

                    Dear Thiru,

                     

                    It seems I have made a little mistake.

                    I forgot to add IP of the host (DTI.CO.ID) to my hosts file in windows developer client machine.

                    Thank you for your help! This problems are already solved!

                     

                    Best Regards,

                    Daniel Laoh

                    • 7. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1
                      Thiru S New Member

                      Great Daniel !  Thanks for your update and confirmation!!