Porovnávané verzie

Stará verzia 14

changes.mady.by.user D2000 Dev Team

Uložené

porovnané s

Nová verzia Aktuálny

changes.mady.by.user D2000 Dev Team

Uložené

Kľúč

  • Tento riadok sa pridal
  • Riadok je odstránený.
  • Formátovanie sa zmenilo.

...

then it is necessary to add a user in the context of whose communication runs. In "Component Services" on the computer with OPC client (KOM process) add this user to the list of users on the "COM Security" tab -> "Edit Limits", for both "Access Permissions" and "Launch and Activation Permissions" parameters and enable "Remote Access" / "Remote Activation". It is a problem connected with establishing the callback connection with the OPC server. In this case, the roles are reversed, and the OPC client (i.e., KOM process) works as a DCOM server. Adding this user and enabling the remote access enables establishing the callback procedures between the OPC client and the OPC server. Call-back procedures are necessary for acquiring the values from the OPC server in the  "Async I/O 2.0" and "Async I/O 3.0" asynchronous modes.

Info
titleA note about Windows security hardening

Due to Microsoft security updates (e.g., KB5004442), OPC communication stops working after applying the updates. Sometimes, even setting the Authentication Level parameter does not help.

For example, when the D2000 KOM is on a patched/new Windows (e.g. Windows 11) and the OPC server is on an unpatched/old Windows (e.g. Windows XP, for which patches do not even exist), errors such as:


ERROR: MetsoAutomation.XDOPCServer2.6 caused COM/OPC error 80070005H on Advise(IID_IOPCDataCallback), Error string : E_ACCESSDENIED Access is denied.

can be seen, while in the Windows system log there are messages like:

The server-side authentication level policy does not allow the user SRV-KOM1\testuser SID (S-1-5-21-776983252-1896133985-1590337295-1001) from address 10.12.1.50 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application. 

 The solution, according to Microsoft, is to update/reinstall the old Windows.

Info
titleNote about OPC.SimaticNET and possibly other OPC servers

If the OPC server is configured to run under "The interactive user" on the Identity tab of the "Properties" dialog window, it may cause the OPC server to be available only when a user is logged on to the computer. We recommend changing this setting to "The launching user", "This user", respectively or "The system account".


Info
titleAnother note about OPC.SimaticNET

In the specific case for the OPC communication to work, it was required:

  • DCOM setting of the OPC server OPC.SimaticNET - the option "This user" (e.g., D2000 user) had to be enabled in the Identity tab. If "The launching user" was enabled, the connection to the OPC server timed out (both for D2000 KOM and Matricon OPC Explorer), although it could be seen in Task Manager that the OPC server (opcdaserver.exe) was started under the specified user.
  • The specific user with whose credentials the OPC server was running (e.g., D2000 user) had to be in the "Distributed COM Users" and "Administrators" groups. If the user was not an administrator, the KOM process reported an error CoCreateInstanceEx(CLSCTX_REMOTE_SERVER), Error string: Class not registered).

...