[ https://issues.apache.org/jira/browse/YARN-1640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13941277#comment-13941277 ]
Xuan Gong commented on YARN-1640: --------------------------------- The reason why it fails is because when we start rm in manual failover. We still start adminservice using configured RM principal. When we call transitionToActive using different principal, the saslclient compares the principal from the adminserver and the its configured principal. At this time, the authentication will pass. Since we are using different principal to call transitiinToActive, it will actually create the rpc and start all active services with second principal. So, when NM tries to connect rm, the authentication will fail. > Manual Failover does not work in secure clusters > ------------------------------------------------ > > Key: YARN-1640 > URL: https://issues.apache.org/jira/browse/YARN-1640 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Xuan Gong > Assignee: Xuan Gong > Priority: Blocker > Attachments: YARN-1640.1.patch > > > NodeManager gets rejected after manually making one RM as active. -- This message was sent by Atlassian JIRA (v6.2#6252)