OPC Connectivity, DCOM, Windows Firewall, and Anonymous Access

The OPC connectivity between two computers rely on compatible authentication mechanisms, which ensures that both computers can communicate with one another. In OPC, this configuration is stored in the DCOM settings. As per settings for Anonymous Access and full control, the configuration could be set to allow everyone, without restrictions. Our software does not support the Anonymous Access and full control. Hence, it is recommended that the two computers which need to communicate with one another, have the appropriate security access configuration that is common to both.

Note: Our software no longer supports Anonymous Logon setting in DCOM configuration for OPC connections.

Potential Issue:

To ensure successful connectivity to an OPC server on a remote machine, you must be aware of the security and configuration issue of OPC. The OPC connectivity employs the callback scheme where the OPC server may need to call-back to the OPC client. The following symptoms may be presented if the security and configuration on either or both of the machines are not set up correctly.

• The OPC Client application fails to create an OPC Group

• The OPC Client application does not display data updates. Consequently, data values remain unchanged or display “bad” quality

• The logger reports a COM error 0x80040202

Potential Solutions:

Depending on the configuration of the Operating System, apply one or more solutions below to resolve the issue.

Solution 1: Resolving Invalid Username/Password

Issue: When the OPC client receives a call-back from the OPC server, the OPC client authenticates the caller identity. The OPC Client fails to validate the username and password combination of the OPC Server.

Solution: DCOM Matching Identity: In the DCOM configuration of the OPC Server computer, the User (Username and Password) selected in the Identity tab of the DCOM configuration dialog, must match an existing user in OPC Client computer.

Solution 2: Resolving Guest-Only Access

Issue: In a workgroup environment, the Windows Operating System may force local users to authenticate as guest. However, the guest privilege is insufficient to access the OPC client computer.

Solution: Fall back the “Network access: Sharing and security model for local accounts” security policy on the computer to “Classic – local users authenticate as themselves”

Solution 3: Resolving Windows Firewall Blocks

Issue: The Windows Firewall blocks the call-backs from the OPC Server, while the OPC client would still be able to make the outgoing calls.

Solution: As an initial test, disable the firewall on either or both the OPC client and OPC server computers. If the problem is resolved by disabling the firewall, revert to enabling the setting and confirm that the DCOM port 135 inbound and outbound rules are configured in the firewall and are set to allow access. You may need to contact you system administrator to set the specific firewall settings.