Having completed some additional testing I would now strongly suggest the following are always completed prior to starting any Kerberized services. Without these changes or validation you will likely see errors with startup:
1.Fix the SAMAccount names for hdfs and ambari-qa in AD
Change the auto-generated SAMAccount name field in AD to be the same as the UPN name.
Validate all DNS is fully functional and all records are correct. This includes:
-- All hosts in the compute cluster have forward A and reverse PTR records
-- Isilon Smartconnect Name Delegation is correct, NS record
-- All IP's in the pool assigned to the zone have a PTR record
All clients in the computer cluster should be able to resolve all hostnames, smartconnect zone name and reverse IP lookups.
Issues with reverse DNS may be more likely to be seen with WebHDFS as it relies on SPNEGO, you can likely execute successful hadoop kerberized rpc calls# hadoop fs -ls / but webhdfs calls fail with 401 errors.
Without these updates to Isilon post kerberization you will see errors starting services currently. having validated the configuration above, start the kerberized hdfs services. Additional changes may also be required.
Version of OneFS this post is applicable to: 8.0.x, 8.0.0.x OneFS