7 Replies Latest reply on Jan 12, 2021 9:25 AM by Thiru S

Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Daniel Laoh Jan 7, 2021 12:22 AM

Our Informatica Developer 10.2.2 can't connect to Kafka connection after we upgraded it from previous version.

Here, our problems:

1. We tried to check Kafka connection in Informatica Administrator (Admin Console).

The result was "Connection tested successfully"

2. With the same configuration in Informatica Administrator, we tried to restart our Informatica Developer 10.2.2 and check Kafka connection. The result was "Test Connection failed. Failed to construct kafka consumer. Cause: javax.security.auth.login.LoginException: Unable to obtain password from user"

3. Our problems probably like this:

https://knowledge.informatica.com/s/article/576611?language=en_US

But, we already applied the resolution and we got another errors.

"Test Connection failed. Failed to construct kafka consumer. Case: javax.security.auth.login.LoginException: null(68)"

After we upgraded the Informatica Developer to 10.4.1, we still couldn't connect to Kafka connection in Informatica Developer 10.4.1.

Any idea how to solve this problem? Please help us!

Thanks

Best Regards,

Daniel Laoh

1. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

puneeth natesha Jan 7, 2021 12:48 AM (in response to Daniel Laoh)

Hi Daniel ,

Could you please confirm, is this a kerberose enabled kafka? If yes, could you please share the connection screenshot to check on this issue futher.

Thanks
Puneeth
Like Show 0 Likes(0)

Actions
2. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Daniel Laoh Jan 7, 2021 1:29 AM (in response to puneeth natesha)

Hi Punneth Natesha,

How can I check the kerberos enabled for kafka? Is it for general or only for Informatica? Because if we use another application or programming language, we can connect to kafka using kerberos.
By the way, this is our connection properties:

Thanks
Best Regards,
Daniel Laoh
Like Show 0 Likes(0)

Actions
3. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Thiru S Jan 7, 2021 6:59 PM (in response to Daniel Laoh)
Hi Daniel,

Kerberos is the Authentication protocol and it would be generally enabled at the Application side for enhanced security.

From the shared Kafka connection details, it seems Kerberos Authentication is already enabled at the Kafka server.

As per the connection details, for the Kerberos authentication, keytab file of name - kafka-client-ex.keytab - would be used.

As the 'Test connection' is mentioned to be working from the 'Informatica Admin Console' , we believe that keytab file is present and accessible in the Informatica Domain machine. Based on the connection properties, keytab file should be present at '/home/appbigd/kafka_dev' location in the Informatica Domain server machine.

To test the Kafka connection successfully from 'Developer Client' machine, perform the following steps:

Ensure that Kerberos server configuration file - 'krb5.ini' - is present in 'C:\Windows' location of Developer client machine and it has the details of KDC corresponding to the realm - 'DTI.CO.ID'. Reach out to your System/Kafka Admin, if the file is not present.

Sample 'krb5.ini' file content

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d

[realms]
DTI.CO.ID = {
kdc = inxyzdei04.informatica.com
admin_server = inxyzdei04.informatica.com
}

Download the Keytab file - kafka-client-ex.keytab - from the Informatica Server Machine into the 'Developer Client' machine.
Once the keytab file is downloaded, edit the Kafka connection update the 'keytab' attribute in the 'Additional Connection Properties' of the Kafka connection:

Existing:

[other_properties] keytab=/home/appbigd/kafka_dev/kafka-client-ex.keytab [remaining_properties]

Expected:

[other_properties] keytab=<path_to_downloaded_keytab_file_in_Developer_Client_Machine> [remaining_properties]

E.g.
[other_properties] keytab=C:\tmp\kafka-client-ex.keytab [remaining_properties]

Note:-

Take backup of existing properties before the change.
Once the connection is tested successfully and the required Kafka topics are imported, before running the mapping, change the keytab location back to Informatica Domain machine location (/home/appbigd/kafka_dev/kafka-client-ex.keytab ) .
Like Show 0 Likes(0)

Actions
4. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Daniel Laoh Jan 7, 2021 8:49 PM (in response to Thiru S)

Dear Thiru S,

Thanks for your advice, we tried to follow your instructions and still got errors like this:
What does it means? Is there any wrong configuration about our krb5.ini?

Thanks
Best Regards,
Daniel Laoh
Like Show 0 Likes(0)

Actions
5. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Thiru S Jan 11, 2021 10:12 AM (in response to Daniel Laoh)
Hi Daniel,
   It seems the Kerberos configuration/connectivity related error.

To validate the Kerberos connectivity outside the Developer Client, you can perform the following steps:

Launch a command prompt (cmd) program in the Windows Developer client machine.
Run the following commands to verify if the Kerberos ticket could be generated successfully:

cd %INFA_CLIENT_HOME%\clients\java\bin

.\klist.exe -k -t [absolute_path_to_keytab]   ### To get the Service Principal Name (SPN) in the keytab

.\kinit.exe [absolute_path_to_keytab] [spn] ## To generate new Kerberos authentication ticket

.\klist.exe                                  ## To verify the newly generated Kerberos authentication ticket

E.g.
cd C:\Informatica\10.4.1.2\clients\java\bin

.\klist.exe -k -t C:\Work\keytabs\GCSBDMSNHDP\ths.keytab

.\kinit.exe C:\Work\keytabs\GCSBDMSNHDP\ths.keytab ths@GCSBDMSNHDP.COM

.\klist.exe

If the Kerberos authentication ticket generation is not working outside, then we can confirm that there are some issues either with the 'krb5.ini' file (or) the keytab file used.

If the Kerberos authentication is working fine outside, then it can be confirmed that there are no issues with the 'krb5.ini' file (or) the keytab file used. In such case, verify the Kafka connection details once again and ensure that they are matching the tested values.
Like Show 0 Likes(0)

Actions
6. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Daniel Laoh Jan 11, 2021 6:42 PM (in response to Thiru S)

Dear Thiru,

It seems I have made a little mistake.
I forgot to add IP of the host (DTI.CO.ID) to my hosts file in windows developer client machine.
Thank you for your help! This problems are already solved!

Best Regards,
Daniel Laoh
Like Show 0 Likes(0)

Actions
7. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Thiru S Jan 12, 2021 9:25 AM (in response to Daniel Laoh)

Great Daniel ! Thanks for your update and confirmation!!
Like Show 0 Likes(0)

Actions

Go to original post

Signing in to Informatica Network

Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

1. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

2. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

3. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

4. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

5. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

6. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

7. Re: Kafka Connection Success in Administrator but Failed in Informatica Developer 10.2.2 and 10.4.1

Actions

More Like This

Legend