views:

76

answers:

2

I have:

  • a service running under user account domainA\userA on hostA from domainA
  • SPNs created for the service running on hostA for user account domainA\userA
  • a client part of my application is trying to access resources (through remoting) from the service running on hostA
  • but this client part is running on hostB from domainB and under the user account domainB\userB
  • appropriate delegation settings are done for user account domainA\userA

    • trusted for delegation
    • SPNs set properly with no duplicates
    • domainA and domainB have two way trust

I get this error:

  • A secuity package specific error occured: Unspecified error (0x80004005)

Could you please see if there is any authentication setting I missed?

A: 

This technet post seems similar to what you are trying todo, also runs into the same error. May offer some help!

http://social.technet.microsoft.com/forums/en-US/identitylifecyclemanager/thread/31951557-d201-4cd6-baad-d9db50af80a4/

JamesM
A: 

Note that the SPN 'servICE principal name' in AD is different than the SPN 'servER principal name' used for mutual authentication in RPC. MS documentation sometimes even mixes up the two.

Are domainA and domainB in the same or separate forests?

Has domainB\userB been granted any privs on domainA and the server computers? How would the service authorize domainB\userB for anything?

On a file server in domainA, can you grant access to a test file to domainB\userB?

Have you tried using UPN syntax '[email protected]'?

Marsh Ray
@Marsh Ray:Both domains are in same forest.There is two way trust between those domains.
gneash