Currently when failed to connect, one can only see logs at debug level with a vague SocketTimeoutException. (Luckily in the env I saw this,
HADOOP-10015 was not present, so the last WARN log was printed.)
2015-12-17 12:28:01,410 DEBUG org.apache.hadoop.security.UserGroupInformation: PrivilegedAction as:hdfs (auth:SIMPLE) from:org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:477)
2015-12-17 12:28:01,469 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:hdfs (auth:SIMPLE) cause:java.net.SocketTimeoutException: connect timed out
The issue was then fixed by opening up the KMS server port.
This jira is to propose we add specific loggings in this case, to help user easily identify the problem.