How to Configure DCOM for OPC Communications On Windows XP

How to Configure DCOM and O.S. Settings for OPC Communications On Windows XP SP2 At Taubate

Version 1.5

Page 1

How to Configure DCOM for OPC Communications On Windows XP

Table Of Contents

INTRODUCTION.........................................................................................................................................................3 CONFIGURING DCOM..............................................................................................................................................3 ENABLING REMOTE DESKTOP OPTION..........................................................................................................11 DISABLING SDS.......................................................................................................................................................11 REMOVING WELCOME MESSAGE...................................................................................................................12

Page 2

How to Configure DCOM for OPC Communications On Windows XP

Introduction
OPC Communications between PLCs and PC applications such as PCCOMSRV, DXD, and RF Tag Processor utilize DCOM or Distributed COM to establish connections and transport data. By default DCOM is installed with restricted permissions and access parameters. This occurs anytime a new application is installed and DCOM components are registered on the PC. In order to establish communications between an OPC server and OPC client running on two separate computers, two things need to be accomplished.

1. Permissions and access rights need to be opened on DCOM for either the individual objects or the global settings. 2. User name and password that is used to start the apps must be the same on both computers. In our example we set "Guest" as the user (assuming they are not services) In this paper we will cover how to set the DCOM global settings so all permissions are opened up for all DCOM objects to all registered users. Currently the DCOM settings for QLSCM are setup with the account TSTONE10, a local type of Admin account that is not in the DOMAIN. We want to change this to E-Accounts that are properly registered. The E-Accounts have to have SOME admin privileges in order to properly allow DCOM to communicate. DCOM is used for interprocess communication between the Upload PCs and Message Broker. The settings should be identical on both the Message Brokers and the Upload PCs with the exception that the Upload PC also has to DCOM objects, OPCEnum and

Configuring DCOM
In order to change permissions you must be a member of the Administrative Group To access the DCOM Configuration, run c:\windows\system32\dcomcnfg 1. Select Control Panel 2. Select Administrative Tools. 3. Select Component Services 4. Double Click Component Services icon 5. Select Computers folder 6. Select My Computer See the example below of where you should be at.

Page 3

How to Configure DCOM for OPC Communications On Windows XP

Put your mouse on "my computer" and right mouse click it, and then select properties. This window will open up.

Page 4

How to Configure DCOM for OPC Communications On Windows XP

Under Default properties, set them to look like this

Don't use Anonymous option in the Default Impersonation Level (which was previously defined in older directions) as this is a know issue by Microsoft that causes not showing the network icons. Use Identify instead.

Page 5

How to Configure DCOM for OPC Communications On Windows XP

Move over to the DCOM Security tab and add Groups Everyone, SYSTEM and ANONYMOUS LOGON to both Access and Launch, on Edit Limits and Edit Default (Access Permissions and Launch and Activation Permissions).

If you are using a Windows XP Service Pack2 or higher, you need to add "Anonymous Logon" account with full control privileges to all the Security Settings. Also add the EAccount and give it full permissions like the example. (Access Permissions and Launch and Activation Permissions).

Page 6

How to Configure DCOM for OPC Communications On Windows XP

The new E-accounts should match exactly as the mgallu account above.

Page 7

How to Configure DCOM for OPC Communications On Windows XP

On the upload PC ONLY, Under My Computer, open DCOM Config, locate OPCEnum option:

Right Click on OPCEnum and select Properties, move over General Tab and select None as the Authentication Level.

Page 8

How to Configure DCOM for OPC Communications On Windows XP

Move over Security tab, select DEFAULT option for Launch and Activation Permissions, and Access Permissions. Select Customize for Configuration Permissions, and add EVERYONE and ANONYMOUS LOGON , and the E-Account with FULL CONTROL permissions. Move to the Location tab and choose "Run the application on this computer" Move over IDENTIFY tab and select option "The Launching User". On the "Security Tab" select the Launch and Activation permissions, highlight the customize option. Under Launch and Activation permissions click the Customize option and select the Edit button. In the Launch permissions window, click the "Add" button and add the E-Account users. Allow this account all privleges. Repeat the steps for Access Permisions and Configuration Permissions on the OpcEnum properties window.

Repeat the above steps for the rest of the QRFTP_Processor registered DCOM objects.

Page 9

How to Configure DCOM for OPC Communications On Windows XP

Disabling Auto-Enrollment in Active Directory

If you installed the Global Client load, then the PC has Active Directory installed and configured and Auto-Enrollment enabled. This Auto-Enrollment feature can cause problems including disconnects because the process attempts to contact a server to get credential updates and fails. We have seen DCOM authentification errors as a result which leads to disconnects to the host. To disable Auto-Enrollment, perform the following steps: 1. From the Run Command window, enter gpedit.msc

2.

The following screen will appear. Expand Windows Settings, then expand Security Settings and open Public Key Policies. In the right window you will see Auto enrollment Settings.

3.

Double click on Autoenrollment Settings in the right pane. You will see the window below. Click the radio button for "Do not enroll certification automatically"

Page 10

How to Configure DCOM for OPC Communications On Windows XP

Enabling Remote Desktop Option

To "ungray" the remote desktop check box, delete the following registry entry: hklm\software\policies\microsoft\windows nt\terminal services\fdenytsconnections By deleting this key, the checkbox for remote desktop will not be grayed out, and you can turn it on or off in the normal manner.

Disabling SDS
Run RegEdit on the DXD and navigate to this entry: [HKEY_LOCAL_MACHINE\SOFTWARE\Ford Motor Company\FordGINA] In the "FordGINA" hive there are several items in it, of which there are these 2. "PreProgramToStart"="c:\\sys\\utl\\servserv.exe /x:s" "ProgramToPulse"="c:\\sys\\utl\\servserv.exe /x:p" To disable SUDS from running, change the name of the exe here to an invalid name. It can be anything but your could call it "servserv.exe_disable" or something.

Page 11

How to Configure DCOM for OPC Communications On Windows XP

Removing Welcome Message

When set to autorestart the software, this action will be interrupted by the Welcome/Warning message dialog box that shows up. To remove this, use the regedit.exe program and go to the following key as shown in the screen capture below: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion|Policies\System

Set the legalnoticecaption to blank

Set the legalnoticetext to blank.

Page 12