DCOM Configuration
Overview
DCOM is a technology to be able to access between different PCs by Microsoft. Using DCOM, User can reuse program code in distributed application of network. DCOM is necessary to config of proper sucure settings, because the validity is audited by using the logon account of the client when accessing it from Remote PC.
Using DCOM, the following three settings are necessary.
(1)To be available DCOM.
- Check the“Enable Distributed COM on this Computer"
(2)To connect from outside.
- Authentication Level:Connect
- Identity:Interactive User
- Exception setting of Windows firewall/Anti-Virus Software.
(3)To be possible to Sending and receiving from outside.
- Security of user account(Add Everyone to "Launch and Activation Permissions")
- Validity confirmation of logon account (same account, same password, and blank password not acceptable)
Basic setting(in Workgroup)
Pay attention to the following points in case of using DCOM in workgroup.
- Both Server-PC and Client-PC must belong to the same workgroup.
- Be logged in with same user name and password.
- Not be blank password
[OPC Server-PC]
Configure the following by DCOMCNFG.
(1)In "Default Properties" tab from "My Computer" property page, Check the “Enable Distributed COM on this Computer".
(2)Configure the properties of "DeviceXPlorer OPC Server".
- Authentication Level:[Connect]
- Identity:[The interactive user]
- Launch and Activation Permission:[Add Everyone]
- Access Permissions:[Add Everyone]
* Change to "interactive user", because "launching user" immediately after the installation of the OPC server.
* It is necessary to add [SYSTEM] if OPC Client is a service programming, because it logs on network by SYSTEM account.
[SYSTEM] doesn't belong to [Everyone].
* Restart computer with changing DCOM Configuration.
* If user select "launching user", it is possible to access to Server-PC even if it doesn't be logged on in the same account.
But it is necessary to register same account in Server-PC and the configuration screen doesn't be displayed.
(3)If user use Anti-Virus Software, Configure it to Stop or not to block communication port.
[OPC Client-PC]
Show property pages of "My Computer" by DCOMCNFG.
Check the “Enable Distributed COM on this Computer", and configure Authentication Level to be [Connect].
* In case using Windows XP/SP2,Windows Server 2003 and later version, please sho "Configuraions depending on OS(Windows XP/SP2,Windows Server 2003 and later version)".
Configuration in case of Domain
You configure Domain user accoutn as Local administrator, and execute Component Services (DCOM Setting Tool : DCOMCNFG.EXE) from start menu.
The same configuration as the previous sentence, workgroup is done as "Domain Users" instead of Everyone.
Configurations depending on OS(Windows XP)
If a OPC client access to OPC Server running on XP from remote, The access might be refused though DCOM is set to permit the access from remote. This reasons is that security to the access from remote has been strengthened in XP compared with W2K.The security policy of XP secures the safety of the resource of a local computer by auditing the intruder from remotely as Guest, and controlling security to this Guest appropriately. Therefore, it is necessary to ease the security configuration of XP at the W2K level to enable the access from the OPC client.
[The way to ease security (modification of auditing those from remotely who access it with ID]
“Local Security Policy” from Administrative Tools and set “Network Access: Sharing and security model for local accounts” to “Classic.” in OPC Server side PC
*Default:Guest (in Windows XP)
*Default:Classic (in Windows Vista)
*Because the change in the local security policy is immediately reflected, it is not necessary to reboot.
Configuraions depending on OS(Windows XP/SP2,Windows Server 2003 and later version)
Security comes to be controlled more severely in XP, and it is necessary to do the following setting in addition to the previous setting.
(1)The Windows firewall is effectively set by default. It is necessary to set the exception configuration or invadation of Windows firewall.
* Specify DeviceXPlorer.exe and OPCEnum.exe to pass the firewall.
* Add a port "135" of "TCP" as exception port.
(2)Open the property page of "DeviceXPlorer OPC Server" by DCOMCNFG. Edit "Access permissions" is Security tab, and "Remote Access" of "ANONYMOUS LOGON" is set to "Allow".
In OPC Client-PC ,similar with OPC Server-PC , Open the property page of "My Computer". Edit "Access permissions" is COM Security tab, and "Remote Access" of "ANONYMOUS LOGON" is set to "Allow".
* If "Remote Access" of "ANNONYMOUS LOGON" set to "Deny"(Default), when OPC Client requires Read/Write to OPC Server-PC,
Error message "Advise Connection Point:Denied access" may be shown.
(3)Open the property page of "Launch Permission","Everyone" is selected, and "Remote Launch" and "Remote Activation" are set to "Allow".
Configurations depending on OS(Windows VISTA)
The Configuration of DCOM operates by setting the WindowsXP/SP2 corresponding.
Required files to install to Remote-PC
The interface of OPC-DA Server is a group of COM interface called "OPC Custom interface". Generally, the programming (application) that can handle the pointer like C++ can be directly accessed to the custom interface. Otherwise, the programming that cannot handle the pointer like VB6.0 and Excel VBA, etc. is accessed to the OPC server through the rapper that is called "OPC automation interface". And, in case of .NET application made by VB.NET and C# etc. , because the conversion processing of .NET and COM is needed, so .NET application passes the rapper that is called "RCW(Runtime Callable Wrapper)".
To access OPC Server, Get Prog.ID and CLSID for the COM access by OPC Enumerator. When OPC Enumerator is not used, it is necessary to import COM information to access the OPC Server-PC in Client-PC beforehand.
DeviceXPlorer's installer for OPC Client installs following items.
OPC Enumerator・・・ OpcEnum.exe
OPC Proxy / Stub ・・・ OpcProxy.dll, OpcComn_ps.dll
OPC Automation Wrapper ・・・ OpcDaAuto.dll
Runtime Callable Wrapper ・・・ OpcRcw.Da.dll
* OpcDaAuto.dll:since Ver2.02, it supports .NET. It might be overwrited by the old version files according to the environment.
Please confirm these files when the .NET application is unstable to use the OPC interface.
DXP2007 series set up version "2.02.5.30".
Error messages by OPC Test client
We display the error messages and reasons with the possibility to be output when the DCOM connection is tried by using the test client (custom interface).
[Please install the OPC 2.0 Components on XXX]
When the logon account or the password is not correct, the following dialog is displayed.
"Access is denied"
- In case the logon account is a disagreement though set to "The interactive user"
- In case the Local Security policy is insufficient in OPC Server-PC
- In case the DCOM security is insufficient
"The RPC server cannot be used."
- In case firewall dosn't be registerd as Exception
- In case Anti-Virus Software blocks the DCOM port
- In case "Remote Access" of "ANNONYMOUS LOGON" is set to "Deny"(Default).
