If you are having problems with OPC DCOM communication within your domain and are encountering the following errors and symptoms on the client side:
DCOM error code: “0x80070721”
Windows reports error 0x80070721 as: A security package specific error occurred.
unable to receive data updates (asynchronous callbacks).
And the client’s eventviewer’s securitylog is riddled with
status error 0xc00002ee ” An Error occured during Logon.”
Event ID: 4625.
You might want to do a Wireshark capture of your DCOM calls and Kerberos traffic.
You can filter out your Kerberos traffic, by simply adding “kerberos” in the filter field.
If you notice any KRB5 – TGS-REQ packets containing the KRB error KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN and you dig into the value;
Kerberos -> tgs-req -> req-body -> etype and there is no AES encryption type listed when you are running a domain functional level of Windows 2008 or higher then you are probably hitting a Windows XP flaw.
This flaw can be patched on a XP SP3 system with this Hotfix: https://support.microsoft.com/en-us/kb/969442
During my research I noticed I wasn’t the only one encountering this problem.