OPCHDA.NET Reference Manual
Trouble Shooting
Send comments on this topic.

Glossary Item Box

Most difficulties accessing OPC servers are related to security configuration settings. This is a complex issue and we can only give a general overview and list some points to look for. The default security permission settings used to be so that most was permitted but newer operating systems versions tend to set the default more and more restrictive.

The OpcSecurityAnalyser tool can help finding the right security settings and locate causes for access denial. The tool is intended to mainly show the novice system configurator what to look for.

 

Local Server Access

OPCHDA.NET uses two different mechanism to connect to an OPC server:


Remote OPC Server

OPCHDA.NET connects to connect to the OPC Server on the specified computer using Win32 functions and IMPERSONATE mode with the defined user/password/domain.
OpcEnum on the target computer is used to get the required CLSID for the defined Server ProgID. OpcEnum is accessed with the user defined access definition and must be accessible for the connect to be successful.

Access to a remote OPC server involves:
Access rights to the computer
The client/server computers need to be in the same domain, or in a Workgroup configuration have the same user/password on both computers.

Right to launch/access the OPC server
The client must specify a user/password that is defined as a launch/access user in the DCOM configuration of the OPC server.
The OpcEnum browser is used to get the required CLSID of the OPC server and needs to be configured to be accessible with the same user/password.
The "Local Security Policy - Security Options - Network Access: Sharing and security model for local accounts" needs to be set to "classic". Otherwise always user Guest is used and the defined user/password is ignored.
OPC server exe file names longer than 8+3 characters may cause the DCOM access right settings to be ignored and the machine default be used instead. This is because the long file name is in the registry AppId definition but otherwise the short filename is used. Microsoft documents the problem and how to solve it. The easiest solution however is to shorten the file name and register the OPC server with the shortened name.

OPC Server Identity
A specific user should to be defined so that the OPC server runs in this user. Otherwise different instances of the OPC server are started for different accessing user.
The specified user needs to have "Logon as batch job" rights. This is assigned by adding the user to the user list in: "Local Security Policy - User Rights Assignment - Logon as batch job".

 

Copyright © 2002-2018 Advosol Inc. All Rights Reserved.