What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags

View all Tags

80070721: A security package specific error occurred- Note: the OS version of the device could not b



Getting this error on all WMI sensors for a new VM I created recently. What is strange to me is that this VM is a clone of another VM which has no PRTG sensor issues. I can't find anything different about this VM.

Any ideas?

prtg windows-2008-r2-sp1 wmi

Created on Jul 25, 2014 10:14:49 PM

3 Replies



Full text of the error:

80070721: A security package specific error occurred- Note: the OS version of the device could not be determined, WMI might not work reliably.

Created on Jul 28, 2014 5:22:27 PM



The error here is related to security issues directly in PRTG or the target Windows. It's an error-message directly from the targets DCOM.

I'm afraid it's very hard to solve such sporadic issues with WMI Sensors, where the actual error originates within the target DCOM/WMI. Over which PRTG or we do not have any control or influence over. So there is very little we can do to be honest, except of course try the usual tips with WMI Issues, use longer scanning intervals, maybe use Remote Probes to distribute WMI load or do local WMI access.

It seems though using the FQDN instead of 'just' hostnames helps with this error as well: http://blogs.technet.com/b/brad_rutkowski/archive/2011/03/08/solution-for-a-security-package-specific-error-occurred.aspx

Created on Jul 29, 2014 8:25:23 PM by  Greg Campion [Paessler Support]



I was able to resolve this and the solution turned out to be easy. The problem was because I had mistakenly joined the server to the wrong domain in the forest - e.g. contoso.com, when it should belong to dev.contoso.com I had already moved the server to the correct domain a while ago, but the "old" computer account still existed in AD under contoso.com. Once I verified that it existed also in dev.contoso.com, I deleted the one under contoso.com and voila! Problem solved.

In case anyone is curious, here is an event in the system event log for the server that runs PRTG, which gave me a clue:

Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ProblemServerName$. The target name used was RestrictedKrbHost/ProblemServerName. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DEV.contoso.COM) is different from the client domain (contoso.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Created on Jul 30, 2014 9:35:35 PM

Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.