We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Barracuda ArchiveOne

PRB: AOneSearch page returns COM Exception "0x80070721" error

  • Type: Knowledgebase
  • Date changed: 2 years ago
Solution #00007540

Scope: 

ArchiveOne Enterprise, all versions

Answer:

SYMPTOMS

You have ArchiveOne installed on a dedicated Archive server. You have installed the Search & Retrieval websites on a separate Web server. Neither of these servers are Domain Controllers. When launching the AOneSearch page from the server where the Search & Retrieval websites are installed, an error page is returned. The exception error is:

"Creating an instance of the COM component with CLSID

{644708C3-2015-408F-964D-CF855B69FAE0}

from the IClassFactory failed due to the following error: 80070721"

Checking the COM permissions on the server, Everyone has sufficient Launch and Activation permissions.

ROOT CAUSE

This is a known Microsoft bug. During mutual authentication of the machines, the Web server hosting the Search & Retrieval websites is searching for a Windows Server 2008 Domain Controller to provide Kerberos authentication and it is this call which is failing.

WORKAROUND

You can work around this authentication issue by setting a Service Principal Name (SPN). If you have already registered a SPN for Outlook Web Access and this is hosting on the same server as the Search & Retrieval websites, you should not use this workaround as it may cause your authentication process for Outlook Web Access to fail.

1. On the Archive server, open a command prompt.

2. Run:

setspn -A AOnePolService/ARCHIVE_SERVER DOMAIN\SERVICE_ACCOUNT

where "ARCHIVE_SERVER" is the NetBIOS name of the archive server where the Archive One Policy service is installed.

"DOMAIN" is the Windows domain.

"SERVICE_ACCOUNT" is the domain account name that the Archive One Policy Service is running under.

3. Run:

setspn -A AOnePolService/ARCHIVE_SERVER_FQDN DOMAIN\SERVICE_ACCOUNT

where "ARCHIVE_SERVER_FQDN" is the Fully Qualified Domain Name of the server where the Archive One Policy service is installed.

"DOMAIN" is the Windows domain.

"SERVICE_ACCOUNT" is the name that the Archive One Policy is running under.

4. To confirm that the changes have propagated, on the Web server where the Search & Retrieval websites are installed open a command prompt.

5. Run:

spn -l SERVICE_ACCOUNT

where "SERVICE_ACCOUNT" is the name that the Archive One Policy is running under.

Note that the number of DCs in the site may affect how long it takes for all servers to recognise this change.

6. Now retest accessing the AOneSearch website to confirm the error is resolved.

Note: SetSpn is not installed by default under Windows Server 2003. You will need to acquire the Support Tools pack appropriate for the version of Windows and Service Pack installed.