We are implementing a system where our clients are Windows XP and our server is Windows Server 2008 R2. Ours clients use DCOM to connect COM+ components in our Windows 2008 Server.
It works fine when the user defined in our COM+ package is a local user. However we need acces to network shares in the COM+ component, so we need to use a AD user in our COM+ package. But then we have Kerberos error : KDC_ERR_S_PRINCIPAL_UNKNOWN
So I read that it was a missing SPN. I used network monitor to trace the name of that SPN. I got a SNAME in the following format : user@domain (see screen)
If I run the following command
setspn -s user@domain domain\user
it says the name is invalid. It expect a name in the following format :
service\host.
Anyone could point me what I am doing wrong to debug this ?
Also please note that I had a preauthentication issue in my event log before I had this issue. I desactivated the preauthentification for the user in our AD.
Thanks
http://filedb.experts-exchange.com/incoming/2013/05_w19/653312/screen-scan.JPG
Best Answer
Instead of using "user@domain" you should use the syntax as documented here.
I found the following commands ("-A" parameter is changed to "-s") in this article.