[Lane Ford]

Issue: Receiving the error message: “A security package specific error occurred.” .
Solution: This error is received when the DNAFusion client requests a Kerberos ticket for the COM+ application or the DCOM service but the users account does not have a Service Principal Name (SPN) identified. In order to resolve the issue, the SPN will need to be registered.
1. Run a network trace with Microsoft Network Monitor to will view the Kerberos error. The trace will look similar to the example below: 172.17.10.21 172.17.10.17 KerberosV5 KerberosV5:TGS Request Realm: <domain> Sname: DCOMServiceAccount 172.17.10.17 172.17.10.21 KerberosV5 KerberosV5:KRB_ERROR – KDC_ERR_S_PRINCIPAL_UNKNOWN (7) The DCOMServiceAccount is the identity of the COM+ application or the DCOM server application.
2. To resolve the issue, run setspn.exe to register the SPN for a domain account. NOTE: In order to run setspn.exe the logged in user must be a domain administrator. The setspn.exe can be run on any workstation connected to the domain. setspn -A DCOMService*/DCOMServer Domain**\DCOMServiceAccount**** setspn -A DCOMService*/DCOMServerFQDN Domain***\DCOMServiceAccount**** *DCOMService: The name of the COM+ application or the DCOM server application. **DCOMServer Domain: The NetBIOS name of the server machine where the COM+ application or the DCOM component resides. ***DCOMServerFQDN: The Fully Qualified Domain Name of the server machine where the COM+ application or the DCOM component resides. ****DCOMServiceAccount: The identity of the COM+ application or the DCOM server application..
3. There is also a patch for Windows XP SP3 that addresses the “A security package specific error occurred.” error. http://support.microsoft.com/kb/969442