OPC Server Machine Configuration
General Information
Domain Configuration
DCOM Configuration
Windows Firewall
Configuration
General Information
- For remote OPC Server operation,
server must be running under Windows XP Pro,
Windows Server 2003, Windows Vista (Business & Ultimate), Windows 7
(Professional & Ultimate), Windows Server 2008.
- This document refers to Automated
Solutions OPC Server throughout. If you are using Automated
Solutions Modbus or Modbus/TCP OPC Server, simply substitute the appropriate
file name:
Automated Solutions OPC Server: Asopc.exe
Modbus OPC Server: Asmbseropc.exe
Modbus/TCP OPC Server: Asmbtcpopc.exe
- Two components require
configuration in order to operate properly:
- Automated Solutions OPC Server
(Asopc.exe)
- OPC Server Browser (OpcEnum.exe)
- Changes to Default
DCOM settings could result in insufficient security for other DCOM enabled
applications. Changes to default DCOM settings should be reviewed and
approved by your system/security administrator.
Domain Configuration
If your PCs are members of the same domain
Proceed to section titled
DCOM
Configuration.
If your PCs are members of two different domains
When you have multiple domains, settings in both domains must be made so that
Domain A trusts users from Domain B and vice versa.
For DCOM to work properly, trust must be established on both domain
controllers. Refer to Microsoft Windows Server documentation for information on
how to setup trusts between domains.
Once the trusts have been setup on your domain controllers, proceed to
section titled
DCOM
Configuration.
If your PCs are not members of a domain
In the following section, Windows refers to Windows NT, 2000, XP, or Server
2003; Windows 9x and ME are not supported.
If your Windows PCs are not members of a domain, then they are running as
standalone machines. Every Windows PC has it's own local database of trusted
users regardless of whether it is a member of a domain. When a Windows PC is not
a member of the domain, the ONLY user accounts it will trust are those it finds
in its local security database.
If you attempt to connect to a remote server and are receiving an “Access
Denied” or similar error, you are experiencing permission issues between the two
PCs.
To alleviate the permission issue, all you need to do is create the EXACT
SAME user account names AND passwords on BOTH PCs.
To verify proper permission settings, go to Network Neighborhood, browse from
PC A to PC B and try to connect to PC B.
Once permissions are setup properly, you should proceed to section titled
DCOM
Configuration.
DCOM Configuration
Use these instructions to configure DCOM for OPC Servers running under Win
XP, 2000, or NT 4.0.
OPC Server DCOM Configuration consists of three steps:
The dialogs shown in the configuration instructions are captured from a Windows XP system. For Windows NT
and 2000, the steps are essentially the same, however the look and feel of the
dialogs may be slightly different.
For Windows XP SP 2 or higher, you will need to perform the steps listed below
and also refer to this OPC Foundation document for additional configuration
instructions:
Using OPC via DCOM with XP SP2
When setting DCOM configuration and
testing OPC Server for remote connectivity, it is recommended that Windows
Firewall be temporarily disabled. After connectivity has been established,
Windows Firewall should be re-enabled with exceptions to allow for OPC Server
connectivity.
Step 1: Configure Default DCOM Settings
Run DCOM Configuration Tool
- Open a
Run prompt
- In the
‘Open:’ list box, type in ‘dcomcnfg’
- Click the
[OK] button.
- The next
step is operating system specific.
|
Windows XP only
The Component Services
dialog will appear
Navigate down the
Component Services branch in the tree view until the ‘My Computer’
branch is selected.
Click the Properties icon
on the toolbar or right-mouse click on ‘My Computer’ and select
‘Properties…’ from the popup menu to display the ‘My Computer
Properties’ dialog.
The ‘My Computer Properties’ dialog will appear.
|
|
|
|
|
|
Windows NT and 2000
only
The ‘Distributed COM
Configuration Properties’ dialog will appear.
|
|
Configure Default Properties Tab
- Select the ‘Default Properties’ tab.
- Select
‘Connect’ from the ‘Default Authentication Level’ dropdown list.
- Select
‘Identify’ from the ‘Default Impersonation Level’ dropdown list.
Configure Default Protocols Tab
- Select the ‘Default Protocols’ tab.
- It is not necessary to make changes here for OPC, however, to minimize the DCOM timeout
delay, you should move ‘Connection-oriented TCP/IP to the top and remove unused
protocols.
Configure
COM Security Tab
- Select the ‘COM Security’ tab.
- In the ‘Access Permissions’ section, click the ‘Edit Default’ button.
Here you will set who will have access to OPC Servers and the OPC Server Browser
on this machine.
- Configure access permissions.
To allow very broad access you
could add the domain group ‘Everyone’.
Or, if you would rather not allow access
to Everyone, create a domain group and add all logins that will be allowed to
access OPC Servers and the OPC Server Browser, then add the group to the ‘Group
or user names’ list.
- Configure for local and/or remote access.
If remote OPC Clients will access the server, ensure that ‘SYSTEM’ is listed in the ‘Group
or user names’ list box with the ‘Allow’ check box checked for ‘Local Access’
and ‘Remote Access’. If not, click the [Add] button, then add ‘SYSTEM’.
If local OPC Clients will also access the server, also include ‘INTERACTIVE’.
- Click the
[OK] button.
- In the ‘Launch Permissions’ section, click the ‘Edit Default’ button.
Here you will set who can launch OPC Servers and the OPC Server Browser on this
computer.
- Configure launch permissions.
To allow very broad access you
could add the domain group ‘Everyone’.
Or, if you would rather not give launch
permission to Everyone, create a domain group and add all logins that will be
allowed to launch OPC Servers and the OPC Server Browser, then add the group to
the ‘Group or user names’ list.
- Configure for local and/or remote Launch.
If remote OPC Clients will be allowed to launch OPC Servers and the OPC Server Browser,
ensure that ‘SYSTEM’ is listed in the ‘Group or user names’ list box with the
‘Allow’ check box checked for ‘Local Access’ and ‘Remote Access’. If not, click
the [Add] button, then add ‘SYSTEM’.
If local OPC Clients will also be allowed to launch OPC Servers and the OPC
Server Browser, also include ‘INTERACTIVE’.
9.Click the
[OK] button.
Step 2: Configure OPC Server DCOM Settings
Open Automated Solutions OPC Server Properties
- The next
step is operating system specific.
|
Windows XP only
From the Component
Services dialog, navigate down the tree view until the ‘DCOM Config’
branch is selected.
Select ‘Automated
Solutions OPC Server’ in the list view
Click the Properties icon
on the toolbar or right-mouse click on ‘Automated Solutions OPC Server’
and select ‘Properties…’ from the popup menu to display the ‘Automated
Solutions OPC Server Properties’ dialog. |
|
|
|
|
|
Windows NT and 2000
only
From the Distributed COM
Configuration Properties’ dialog, ‘Applications’ tab, select ‘Automated
Solutions OPC Server’.
Click the Properties
button to display the ‘Automated Solutions OPC Server Properties’
dialog.
|
|
Configure General Tab
- Select
the ‘General’ tab.
- Select ‘Default’ from the ‘Authentication Level’ dropdown list.
Authentication level
will default to ‘Connect’ since we set the Default Authentication Level to
‘Connect’ earlier.
Configure Location Tab
- Select
the ‘Location’ tab.
- Check the
‘Run application on this computer’ check box.
- Uncheck
all other check boxes
Configure Security Tab
- Select the ‘Security’ tab.
- For
Launch Permissions we recommend that you check the ‘Use Default’ option.
If you use the ‘Customize’ option, ensure that adequate OPC Server users
and/or groups
are added.
- For
Access Permissions, we recommend that you check the ‘Use Default’ option.
If you use the ‘Customize’ option, ensure that adequate OPC Server users
and/or groups
are added.
- For
Configuration Permissions we recommend that you use the value that the dialog
defaulted to.
If you use the ‘Customize’ option, ensure that adequate OPC Server
users and/or groups
are added.
Configure Endpoints Tab
- Select
the ‘Endpoints’ tab.
- It is not
necessary to make changes here for OPC, however, to minimize the DCOM timeout
delay, you should move ‘Connection-oriented TCP/IP to the top and remove unused
protocols.
Configure Identity Tab
- Select
the ‘Identity’ tab.
- The next
entry depends on the intended operation of the OPC Server PC.
|
'This user.'
account
Use this setting for
unattended or attended operation
·
If there will not be anyone logged-on to the PC where the
OPC Server is running, we recommend that you select the ‘This user’
option and specify a user name and password. This will allow the OPC
Server to start with no one logged onto the PC.
·
You can also use this option if someone is logged on to
the PC.
·
In the example shown to the right, the user name is
‘OPCServer’ and the user domain is ‘Domain1’.
·
If this option is selected and the server is started
locally, the User account must have Admin privileges to make OPC Server
configuration changes. |
 |
|
|
|
|
'The interactive
user.'
Use this setting for
attended operation
·
In general, we recommend using the ‘This user’ option
discussed above. With this option, when a remote OPC Client launches the
server, the server will not show up on your taskbar.
·
Alternately, if a user will always be logged-on to the PC
where the OPC Server is running, you can select ‘The interactive user’
because there will be an interactive user under which to run the OPC
Server.
·
If ‘The interactive user’ option is selected, when a
remote OPC Client launches the server, the server will show up on your
taskbar.
·
If either option is selected and the server is started
locally, the logged-in user must have Admin privileges to make OPC
Server configuration changes. |
 |
|
'The launching user.'
Do not use this setting.
|
|
- Click the ‘OK’ button.
Step 3: Configure OPC Server Browser DCOM Settings
Follow the steps
in Step 2: Configure OPC Server DCOM Settings, except substitute ‘OpcEnum’ for ‘Automated Solutions OPC
Server’
Windows XP SP2 and Higher Users Additional Settings
- Refer to this document for additional
settings required for Windows XP SP2 or higher
Using OPC via DCOM with XP SP2
Windows Firewall Configuration
When setting DCOM configuration and
testing OPC Server for remote connectivity, it is recommended that Windows
Firewall be temporarily set to 'Off'. After connectivity has been established,
Windows Firewall should be re-enabled with OPC-specific exceptions added to allow for OPC Server
connectivity.
If Windows Firewall is permanently set to 'Off' on your system, you can skip
this section.
Configuring Windows Firewall
Open Windows Firewall Application
- Open Control Panel
- Run 'Windows Firewall' applet.
Add OPC Server to Exceptions List
- Select the 'Exceptions' tab
- Click the [Add Program...] button.
- The 'Add a Program' dialog will appear.
- Select Automated Solutions OPC Server (Asopc.exe) from the list. If
Automated Solutions OPC Server is not in the list, click the [Browse]
button, browse to the Automated Solutions OPC Server install directory, and
select Asopc.exe.
Default install directory is C:\Program Files\Automated Solutions\OPC\ASOPC\.
- Click the [OK] button.
Windows XP SP2 and Higher Users Additional Settings
- Refer to this document for additional
settings required for Windows XP SP2 or higher
Using OPC via DCOM with XP SP2
|
