Well today we faced an issue with a Third Party app that runs off a shared folder off the APP server

When the app is run it errors out with a code 0x80070721 we get from the LOG while doing an operation of CreateObject

Looking around I came to know that this means a “Security Service Package Error”

So I ran Microsoft Network Monitor and I saw the following

KerberosV5 KerberosV5:TGS Request Realm: <domain.local> Sname:  svc_PWDSRVR

This is definitely a Kerberos error, so looking at the SPN registered on the APP server, I found none referencing the Service Account we need

so I ran the

setspn -A DCOMService/DCOMServerDomain COMServiceAccount
setspn -A DCOMService/DCOMServerFQDN domain DCOMServiceAccount

Now the DCOMService is the name of the DCOM app on the server in my case it was PWDSRVR

The DCOMServerDomain is the NETBIOS Name of the Server where the DCOM APP resides. and DCOMServerFQDN is the FQDN of it.

The DCOMServiceAccount is the Service account under which the DCOM runs. it is what you get from the Sname on the network monitor.

so I did





it works like a charm Smile.