Unable to connect to Administration Server Creating an instance of the COM Component (NETIQKB72697)

Document ID:7772697
Creation Date:01-Dec-2010
Modified Date:29-Jan-2014
- Micro Focus Products:
  Directory and Resource Administrator

Environment

Directory & Resource Administrator 8.6.x
Directory & Resource Administrator 8.7

Situation

Error when trying to connect to DRA.

Unable to connect to Administration server. Error creating an instance of the Com Component with CLSID{} from the IClassFactory failed due to the following error:80070721 (A security package specific error) occurred.

Unable to connect to Administration Server Creating an instance of the COM Component.

Resolution

This issue can be resolved in two ways:

1) Registering the follwing Service Princable Name SPN's should reslove this issue:

setspn -A DCOMService/DCOMServer Domain\DCOMServiceAccount
setspn -A DCOMService/DCOMServerFQDN Domain\DCOMServiceAccount

Where DCOMService for DRA is: MCSAdminSvc and DCOMServer/DCOMServerFQDN is the name of the DRA server.

Note: Please note the space between DCOMServer and Domain and DCOMServerFQDN and Domain.

See: http://blogs.msdn.com/b/distributedservices/archive/2009/07/20/activation-of-a-com-component-fails-on-windows-server-2008-with-the-error-80070721.aspx

2) Add NETIQ/DRASVR to the ServicePrincipalName attribute of the DRA Service Account in ADSIEdit.

Cause

This happens because when the client requests a Kerberos ticket for the COM+ application or the DCOM service it uses a user name as the SPN (Service Principal Name). The KDC (Key Distribution Center) finds the account but it does not have any SPN.

Additional Information

Formerly known as NETIQKB72697