In a secured cluster, the JournalNode validates that the caller is one of a valid set of principals. One of the principals considered is that of the SecondaryNameNode. This involves checking dfs.namenode.secondary.http-address and trying to interpret it as a network address. If a user has specified a value for this property that cannot be interpeted as a network address, such as "null", then this causes the JournalNode operation to fail, and ultimately the NameNode cannot start. The JournalNode should not have a hard dependency on dfs.namenode.secondary.http-address like this. It is not typical to run a SecondaryNameNode in combination with JournalNodes. There is even a check in SecondaryNameNode that aborts if HA is enabled.