Escolar Documentos
Profissional Documentos
Cultura Documentos
of an
OPC-Connection
from
ibaPDA-V6
to an OPC-Server.
OPC Configuration
page 2
INTRODUCTION...............................................................................................................4
1.1 General ....................................................................................................................................... 4 1.1.1 OPC ..................................................................................................................................... 4 1.1.2 OPC and iba Products.......................................................................................................... 4 1.1.3 DCOM ................................................................................................................................. 5 1.1.4 Firewall................................................................................................................................ 5 1.1.5 Local Security Policy .......................................................................................................... 5 2 CONFIGURATIONS .........................................................................................................6
Part A: OPC Server with Windows XP or Win2003 Server ............................................................. 6 Step A1: Preparation ........................................................................................................................... 6 Step A2: Configuration of the Windows Firewall............................................................................... 7 Step A3: Configure Local Security Settings for Network Access....................................................... 8 Step A4: Set Security Settings for DCOM .......................................................................................... 9 Step A5: DCOM Configuration ........................................................................................................ 10 Step A6: DCOM Configuration for OPCEnum................................................................................. 11 Step A7: DCOM Configuration fr OPC Data Access Server.......................................................... 12 Step A8: Reboot the OPC Server PC ................................................................................................ 12 Part B: OPC Client (ibaPda) with Windows XP or Win 2003 Server............................................ 13 Step B1: Configuration of Windows Firewall................................................................................... 13 Step B2: Set Local Security Settings for Network Access................................................................ 14 Step B3: Reboot the OPC-Client PC ................................................................................................. 15 Step B4: User Accounts for OPC Connection................................................................................... 15 Step B5: Select OPC Server .............................................................................................................. 16 Step B6: Connect and add Signals .................................................................................................... 17 Part C: OPC Server (ibaLogic) with Windows 2000 ....................................................................... 18 Step C1: Prepartion ........................................................................................................................... 18 Step C2: Configuration of a Firewall ................................................................................................ 18 Step C3: Configure DCOM............................................................................................................... 19 Step C4: Configuration of DCOM for OPCEnum ............................................................................ 20 Step C5: DCOM Configuration for a OPC Data Access Server ....................................................... 21 Step C6: Reboot the OPC Server PC................................................................................................. 21 Part D: OPC Client (ibaPda) with Windows 2000 ........................................................................... 22 Step D1: Configure Firewall ............................................................................................................. 22 Step D2: User Account for OPC Connection .................................................................................... 23 Step D3: Select OPC Server.............................................................................................................. 24 3 3.1 4 4.1 4.2 SPECIAL OPC-SERVERS .............................................................................................25 DriveOPC (ABB) .................................................................................................................... 25 TROUBLESHOOTING....................................................................................................26 No OPC server found .............................................................................................................. 26 Error establishing connection ................................................................................................ 28
iba AG 2006
Manual
page 3
iba AG 2006
OPC Configuration
Manual
page 4
1 Introduction
This document describes a few from many possible configurations that are necessary to establish a connection between OPC-client and OPC-server within a network. There are several ways to achieve this goal. The configurations described in this document were tested and lead to satisfying results. In case the settings in this document do not work as desired or if you find other settings that are more simple, please contact us. We are thankful for all hints considering errors in this document. contact: Dieter Kopp, iba-AG Email: dieter.kopp@iba-ag.com
or
1.1 General
1.1.1 OPC
OPC stands for OLE for Process Control. This is a standard software interface, which makes it possible that applications of different manufacturers exchange data with another. OPC is used wherever sensors, control systems and HMIs of different manufacturers shall create a flexible network. For communication between the different applications the OPC uses Microsoft's DCOM technology. The transparent DCOM shows whether the data comes from own address space, another process or another computer connected by TCP/IP. OPC is based on the Client/Server-principle. The process data is generated on the server side (usually a control system) and is made available for the clients . More information about OPC is found under http://www.opcfoundation.org/, and in the manuals of ibaLogic and ibaPda(V6).
iba AG 2006
OPC Configuration
Manual
page 5
1.1.3 DCOM
DCOM (Distributed Component Object Model) is a protocol defined by Microsoft, for communication of program components within a network. The great potency of this functionality bears the problem because DCOM is activated as a part of the OS- that every internet user had the possibility of connecting to the server, which of course was a security hazard. A solution for this problem was the service pack 2 from XP. The Service Pack 2 improved the security and now the DCOM-interface requires access & launch permissions. To enable data transfer over OPC these permissions have to be specified exactly.
1.1.4 Firewall
XP service pack 2 also comes with a firewall which is activated by default, other firewalls might be installed also on SP1 or Windows 2000 PCs. To enable the data transfer through the firewall we have to configure some exceptions in the firewall.
iba AG 2006
OPC Configuration
Manual
page 6
2 Configurations
First of all you need administrator rights on all PCs involved. Overview: Part A: OPC Server with Windows XP Part B: OPC Client with Windows XP Part C: OPC Server with Windows 2000 Part D: OPC Client with Windows 2000
Note: Other OPC-Clients ( e.g.. the OPCTestClient from ExperTune or the OPCLink from Wondware) do not use this browse service. Therefore the Core components are not necessary for these and older OPC-Clients.
iba AG 2006
OPC Configuration
Manual
page 7
security center
Windows Firewall
exceptions
Check if following entries are active : File and printer sharing (TCP-Ports 139, 445, UDP-Ports 137, 138 ) DCOM Port (TCP Port 135 ) Management Console (...\Windows\System32\mmc.exe) OpcEnum (...\Windows\System32\OpcEnum.exe) "Opc Server" (...\iba\ibaLogic\ibaLogic.exe) Add missing ports and programs. If you have a different firewall installed, you have to make these entries there.
iba AG 2006
OPC Configuration
Manual
page 8
Look for security setting "Network access: Sharing and security model for local accounts..."
iba AG 2006
OPC Configuration
Manual
page 9
Right mouse click select Properties , click on "edit security", make following settings:
Security Limits \ Group Local access Remote access ANONYMOUSallow allow Everyone allow allow
Choose security Option "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax " Choose with right mouse click "Properties", click on "edit security", make following settings:
Security Limits \ Group Local Launch Remote Launch Local Activation Remote Activation
iba AG 2006
Manual
page 10
If ANONYMOUS LOGON and EVERYONE are not in the Group or users names field they have to be added with Button Add. Then you can add users by edit or with the button advanced and then find.
Component
With double click on "Component Services", "Computers", "My Computer" and "DCOM- Config" the DCOM objects are shown in the right column. with a right-click on the object you can open and edit the properties.
iba AG 2006
OPC Configuration
Manual
page 11
Set the following properties: Tab "General": Authentication Level: none Tab "Location": Run Application on this computer Tab "Security": Launch and Activation Permissions: Customize, Edit:
Security Limits \ Group Local Launch Remote Launch Local Activation Remote Activation ANONYMOUS-. allow allow allow allow Everyone allow allow allow allow
If ANONYMOUS LOGON and EVERYONE are not in the Group or users names field they have to be added with Button Add. Then you can add users by edit or with the button Advanced and then Find (see above).
iba AG 2006
OPC Configuration
Manual
page 12
Apply the following settings: Tab "General": Tab "Location": Tab "Security": Authentication Level: none Run Application on this computer
iba AG 2006
OPC Configuration
Manual
page 13
Windows Firewall
Exceptions,
Following ports and programs must be active in the exception list: File and Printer sharing (TCP-Ports 139, 445, UDP-Ports 137, 138 ) DCOM Port (TCP Port 135 ) ibaPda-Client (...\iba\ibaPda\Client\ibaPda.exe) ibaPda-Server (...\iba\ibaPda\Server\ibaPDAService.exe) ibaPda-ServerStatus (...\iba\ibaPda\Server\ibaPDAServerStatus.exe) Management Console (...\Windows\System32\mmc.exe) Add missing ports and programs as needed.
iba AG 2006
OPC Configuration
Manual
page 14
Look for security option: " Network Access: Sharing and security model for local accounts"
iba AG 2006
OPC Configuration
Manual
page 15
case 2: Both are within the same workgroup: Check if the OPC-Server PC and the OPC-Client are in the same workgroup. If not, change Network settings at the OPC-Client PC or the OPC-ServerPC. (My Computer Properties Computer Name change ) Check, if the OPC-Server PC and the OPC-Client PC run with the same user account and password. if not, you have to create a local user account on the OPC-Client PC With the same rights (Administrator !) With the same user name And with the same password , used in the OPC-Server PC. No empty password allowed Example: OPC-Server PC: PC-Name: User: Password: PC-Name: User: Password: ibaLogic-PC logic logic1111 ibaPDA-PC pda pda2222
OPC-Client PC:
create on the OPC-Client PC an extra Administrator Account: User: logic Password: logic1111 It is not necessary to log in with this account, it only has to exist.
iba AG 2006
OPC Configuration
Manual
page 16
Start the ibaPDA Client, open the I/O Manager, create a OPC-Module and enter Account data to the OPC-Connection of ibaPDA.
case 3: mixed mode: As case 2: create a local user account on the OPC Client PC with the same rights, name and password as the user account of the OPC Server PC uses with XP (or domain). Start the ibaPDA Client, open the I/O Manager, create an OPC Module and enter Account data to the OPC Connection of ibaPDA.
In case no OPC server is shown OPC-Server in this box and instead you see the message "No OPC Server found", then you have a conflict with your security policies. Read step B2.
iba AG 2006
OPC Configuration
Manual
page 17
iba AG 2006
OPC Configuration
Manual
page 18
Check if following entries are active : File and printer sharing (TCP-Ports 139, 445, UDP-Ports 137, 138 ) DCOM Port (TCP Port 135 ) Management Console (...\Windows\System32\mmc.exe) OpcEnum (...\Windows\System32\OpcEnum.exe) "Opc Server" (...\iba\ibaLogic\ibaLogic.exe) Add missing ports and programs.
iba AG 2006
OPC Configuration
Manual
page 19
iba AG 2006
OPC Configuration
Manual
page 20
Note:
If the name Everyone does not appear you have to add it.
Use default configuration permissions The system Account (services only) do not change. .default system protocols
iba AG 2006
OPC Configuration
Manual
page 21
General: Authentication Level : none Location: Run Application on this computer Security: Use custom access permissions: edit:
user Everyone Type of Access Allow Access
Note:
If the name Everyone does not appear you have to add it.
Identity: Endpoints:
iba AG 2006
OPC Configuration
Manual
page 22
Check if following entries are active : File and printer sharing (TCP-Ports 139, 445, UDP-Ports 137, 138 ) DCOM Port (TCP Port 135 ) ibaPda-Client (...\iba\ibaPda\Client\ibaPda.exe) ibaPda-Server (...\iba\ibaPda\Server\ibaPDAService.exe) ibaPda-ServerStatus (...\iba\ibaPda\Server\ibaPDAServerStatus.exe) Management Console (...\Windows\System32\mmc.exe) Add missing ports and programs.
iba AG 2006
OPC Configuration
Manual
page 23
case 2: Both are within the same workgroup: Check if the OPC-Server PC and the OPC-Client are in the same workgroup. If not, change Network settings at the OPC-Client PC or the OPC-ServerPC. (My Computer Properties Computer Name change ) Check, if the OPC-Server PC and the OPC-Client PC run with the same user account and password. if not, you have to create a local user account on the OPC-Client PC With the same rights (Administrator !) With the same user name And with the same password , used in the OPC-Server PC. No empty password allowed Example: OPC-Server PC: PC-Name: User: Password: PC-Name: User: Password: ibaLogic-PC logic logic1111 ibaPDA-PC pda pda2222
OPC-Client PC:
create on the OPC-Client PC an extra Administrator Account: User: logic Password: logic1111 It is not necessary to log in with this account, it only has to exist. Start the ibaPDA Client, open the I/O Manager, create a OPC-Module and enter Account data to the OPC-Connection of ibaPDA.
iba AG 2006
OPC Configuration
Manual
page 24
In case no OPC server is shown OPC-Server in this box and instead you see the message "No OPC Server found", then you have a conflict with your security policies. Read chapter : troubleshooting. After Connect the OPC-Item browser is started by add signals and the OPCItems are shown. If you receive an "Error connecting to OPC-Server: .........." message, you might have a problem with your Security Options. Read chapter : troubleshooting.
iba AG 2006
OPC Configuration
Manual
page 25
3 Special OPC-Servers
3.1 DriveOPC (ABB)
From ibaPda Version 6.10.0 on, the ibaPda OPC-Client can connect and communicate with drive control DriveWindows (at Version V2.01) by the OPC-Server DriveOPC Version 2.02. With the standard installation of DriveWindows the OPC-Server is installed as "in-process server". The ibaPdaClient can not connect in this mode. You must Stopp the DriveOPC Server and reinstall as "local server". Do this the following way. 1. Stop In-process server: The Server Dll "smp.dll" is normally located under "C:\Program Files\Common Files\DriveWare\DriveOPC". Stop the server with this command:
Regsvr32 -u "C:\Program Files\Common Files\DriveWare\DriveOPC\SMP.DLL"
2. start Local server: The Server-exe "smp.exe" is normally located under "C:\Program Files\Common Files\DriveWare\DriveOPC". Start the server with this command:
"C:\Program Files\Common Files\DriveWare\DriveOPC\SMP.EXE" -RegServer
The Server is found in the DCOM Configuration under the name"DriveOPC" . You must select "ABB.SMP.1" in the ibaPDA browser.
iba AG 2006
OPC Configuration
Manual
page 26
4 Troubleshooting
4.1 No OPC server found
No. Action 1.1 You start the OPC Browser by entering the PC name of the OPC Server. . Reaction ibaPda "No OPC Server found" In the server list System Events Client PC DCOM 10006:
DCOM got error "The service cannot find the file specified" from the computer "opc_server" when attempting to activate the server: {13486D51-4821-11D2-A4943CB306C10000}
System Events Server PC DCOM 10000 A DCOM-Server could not be started: {13486D51-4821-11D2-A4943CB306C10000}. Error: "The service cannot
find the file specified"
Reasons und remedy The Service OpcEnum is not installed on the OPC server PC. Install the "OPC Core Components" on the OPC server PC.
1.2
1.3
DCOM 10006:
DCOM got error "General access denied error " from the computer Ibafue-dev011 when attempting to activate the server: {13486D51-4821-11D2-A4943CB306C10000}
DCOM 10016 The application-specific permission settings do not grant Local Activation permission for the COm server application with CLSID {CLSID} to the user {User} SID {SID}.
User names have to be the same see step B4 e.g.. D2. The user "user_2" has not activation rights to the service OpcEnum in the opc server PC. Make identical user accounts and passwords on both PCs. 1. The computer "opc_server" is not reachable in the network. 2. Check the network connection. 3. Insure that the file and printer sharing is not blocked by the firewall in the OPC server PC. 4. User/Password do not match
1.4
DCOM 10009:
DCOM was unable to communicate with the computer "opc_server" using any of the configured protocols.
none
iba AG 2006
OPC Configuration
Manual
page 27
No. Action 1.5 You start the OPC Browser by entering the PC name of the OPC Server.
Reasons und remedy Invalid user account. Enter a valid user account to the OPC connection.
1.6
none
none
With connections within the workgroup the network access is not enabled in the local security policy change local security policy see step A3, B2 In the local security policies the access network access sharing options are not correct. On OPC-Serverside the OpcEnum.exe is blocked by a firewall. see steps A2, C2 Enable remote access in DCOM security policy see step A4
1.7
none
none
1.8
none
DCOM 10024: The machine wide group policy <policy> Limits security descriptor is invalid....
DCOM 1009: DCOM shows error " The RPC Server is Unavailable " {13486D51-4821-11D2-A4943CB306C10000}
iba AG 2006
OPC Configuration
Manual
page 28
Reaction Pda
Message box "Errors occurred while connecting to "opc_server": System cannot find the file specified"
System Events Client PC DCOM 10006: DCOM got an error "System cannot find the file specified" from the computer "opc_server", while trying to activate the following server: {13486D51-4821-11D2-A4943CB306C10000}
System Events Server PC DCOM 10000 Unable to start a DCOM Server: {13486D51-4821-11D2-A4943CB306C10000}. Error: The system cannot find the file specified. " appeared while starting: "C:\WINDOWS\system32\OpcEnum.exe" Embedding DCOM 1005: DCOM got error: The system cannot find the file specified. Attempting to start the service OPCEnum with arguments Service in order to run the server {13486D51-4821-11D2-A4943CB306C10000} none
Reasons und remedy The service OPCEnum is not installed on the OPC-Server PC Install the OPC-Core-Components" on the OPC-Server PC.
2.2
2.3
2.4
Message box: "Error connecting to OPCServer: access is denied" Message box: " Error connecting to OPCServer: server execution failed"
none
2.5
DCOM 10006 DCOM got error "Server execution failed " from the computer dieter_kopp_pc1 when attempting to activate the server: {4C68190E-91E0-11D3-8D470060084A056F} DCOM 10010 The server {4C68190E-91E0-11D38D47-0060084A056F} did not register with DCOM within the required timeout.
It is not allowed to start ibaLogic embedded, please start ibaLogic first DCOM 10010 The server {4C68190E-91E0-11D3-8D470060084A056F} did not register with DCOM within the required timeout. none
The OPC-Server (e.g.. ibaLogic) is not running Start the OPC-Server, ( ibaLogic ) and start evaluation
iba AG 2006
OPC Configuration
Manual
page 29
Nr.
2.6
Action
connect
2.7
2.8
System Events Client PC DCOM 10006: DCOM got error "Server execution failed " from the computer PDANOTE1 when attempting to activate the server: {4C68190E-91E0-11D3-8D470060084A056F} Message box: " Error DCOM 10006: connecting to OPC-A494-3CB306C10000} Server : RPC server is DCOM got error "The RPC server is not available " unavailable. " from the computer Pda-note1 when attempting to activate the server: {2F5D6B10-9CA4-11D1-9FFD00A024366A7A} Error connecting to OPC DCOM 10009: Server: Specified cast is DCOM was unable to communicate not valid with the computer opc_server using any of the configured protocols.
Reaction ibaPda
System Events Server PC DCOM 10010: The server {4C68190E-91E0-11D3-8D470060084A056F} did not register with DCOM within the required timeout
Reasons und remedy The user account the OPC-server is using is different from the windows logon. Correct on the OPC-Server side the object property Identity: set it to interactive user"
none
The service OPCEnum.exe is blocked on the server side by a firewall. see step A2, C2
none
The OPC-server can not be reached in the network. Check network and firewall settings
2.9
Error connecting to OPC DCOM 1006: Server: Access denied DCOM got error "General access denied error " from the computer opc_server when attempting to activate the server: {4C68190E-91E0-11D3-8D470060084A056F} Error connecting to OPC none Server: Specified cast is not valid none
none
with W2000 : user accounts of ibaPDA-Services and OPC-Client-are different. see step D2
2.10
none
with W2000: different user accounts see step D2 Allow remote access, see step A4.
2.11
DCOM 10024: The machine wide group policy <policy> Limits security descriptor is invalid. The security descriptor is defined as an invalid Security Descriptor Definitions Language (SDDL) string. The requested action was therefore not performed. Please contact your administrator to get the security descriptor corrected in the Group Policy settings.
iba AG 2006
OPC Configuration
Manual
page 30
Reaction Pda
3.3
System Events Client PC the OPC-Items are none shown but the values are not updated Error at activating the none callback of the OPC Server Iba.Logic.1 : Exception from HRESULT 0x80040202 Error at activating the none callback of the OPC server Iba.Logic.1 : The RPC server is unavailable (Exception from HRESULT:0x800706BA) DCOM 1009: DCOM got error "The RPC server is unavailable. " from the computer Pda-note1 when attempting to activate the server:
{13486D51-4821-11D2-A4943CB306C10000}
none
Reasons und remedy 1.Network configuration workgroup: Network access is not enabled on the client PC. change local security policy see step A3/B2. 2. a user account does not have a password. add password to account. 1. The service OPCEnum.exe is blocked on the server side by a firewall. 2. The ibaPdaServer.exe is blocked on the client side by a firewall. Enter application to exception list of firewall, see step A2
none
none
none
DCOM 1000: DCOM got an error "System cannot find the file specified" from the computer "opc_server", while trying to activate the following server: {13486D51-4821-11D2-A494-. DCOM 10006: DCOM got error "Server execution failed " from the computer PDANOTE1 when attempting to activate the server: {4C68190E-91E0-11D38D47-0060084A056F} DCOM 10020: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
It is not allowed to start ibaLogic embedded, please start ibaLogic first DCOM 10010: The server {3D14228D-FBE1-11D0-995D00C04FD919C1} did not register with DCOM within the required timeout. none
the OPC-Server (e.g.. ibaLogic) is not running . Start the OPC-Server, ( ibaLogic ) and start evaluation Wrong default entries for DCOM : Change DCOM defaults
iba AG 2006
OPC Configuration
Manual
page 31
iba AG 2006