Server
This section describes the required settings on the server's side. The server is the computer on which the TwinCAT OPC-Server application is running. Usually the OPC-Client is also located on this computer. However, in some environments it may be necessary that OPC-Client and OPC-Server need to be installed on different computers. Both, the OPC-Server's and OPC-Client's DCOM settings need to be configured, so that a remote communication between client and server is possible.
 | The following settings have been tested on Windows 2000, Windows XP and Windows 7 computers. |
Step 1: General network configuration
Depending on the server's operating system, some additional network settings need to be taken. Basically, the same settings must be performed. However, some "operating system specific" settings must be done to get the DCOM security runing.
Please refer to our Article about Operating Systems for more information.
Step 2: DCOM configuration
To configure DCOM for a remote OPC communication, please perform the following steps on the computer running TwinCAT OPC-Server.
| Only local administrators are allowed to open and change the DCOM security. |
- Open Start --> Run --> dcomcnfg.exe to start the DCOM configuration dialog.
- Navigate to Console Root --> Component Services --> Computers --> My Computer --> DCOM Config to display all DCOM server applications.
- Select the TwinCAT OPC-Server (or one of its Clones), right click it and select Properties to change the DCOM security for this specific DCOM Server only.
- On the "General" tab no changes must be made. The default settings will be correct for OPC Server's security settings. The Authentification Level set to Default will overtake the settings from the Default Properties Tab valid for all COM Objects on this machine (Connect by default).
- On the "Location" tab no changes must be made. The default settings will be correct for the OPC Server's security settings.
- On the "Security" tab the Access- and Launch permission for this specific COM-Server can be changed. As the OPC Server is nothing else than a COM Server, the security setings should be changed to grant access and lauch permission to the Server application.
- The Server Specific Access Permission should be granted for
- Administrators
- Interactive User
- System
- Network
- "OPC Client's Security Context"
- The Server Specific Launch Permission should be granted for
- Administrators
- Interactive User
- System
- Network
- "OPC Client's Security Context"
- The Server Specific Configuration Permission should not be changed on the Server machine.
- On the "Endpoints" tab the default settings should remain. In the Default Protocols Tab for all COM-Objects Connection-oriented TCP/IP protocol should be moved to the top position.
- On the "Identity" tab no changes must be made. By default, the Interactive User will be selected. This means that the server will be launched with the security context of the interactive user (the user that is logged on). As this security context changes if somebody else is logged on, in most cases a specific person should be selected i.e even if nobody is logged on to the machine (after reboot) the server can be launched always having the same security context.
- The preferred setting should be the third selection.
- The interactive user = default
The interactive user depends on the person that is logged on, thus it can be different each time and only exists if somebody is logged on. - The launching user = should NEVER be used
The launching user will have the security context of the Client application (the OPC Client launches/connects the OPC Server). When having different Clients in the network, several instances of the Server will be launched having different security context each. - This user = Server will overtake the security context of this person
By selecting This user it will be guaranteed that always the same person's security context is used when the server is started. On the Client side only for this person the Access Permission must be granted.