Log In
Home
11/21/2018
Offline
Hello,
I am currently porting an OPC Server application from a Win2K(AnonymousLogon) to a WinServer2012 (Login/Pass). The OPC server is a 32 bits application based on LIGHTOPC (C/C++/GNAT).
This OPC Server is accessed by an OPC Client application on a WIN2K(AnonymousLogon). This client cannot be changed in any way (cannot create user, or change DCOM configuration).
Following instructions to configure OPCEnum, DCOM and Computer, I am able to view the OPC server from my client, but not to connect. (Connection fails with error "CoCreateInstance Failed:RPC Server is unavailable").
Note that the same OPC server will be 100% OK with client if the WIN2K is started with a user/pass matching my OPC server user/Pass.
Could anyone confirm me:
- Is it possible to connect an OPC server x32 started by "User/Pass" on a winS2012 from a "NT AUTHORITY\ANONYMOUS LOGON" on a Win2K?
- If Yes, Do you think the problem may come from Configuration or from LIGHTOPC?
- Do I have to configure x32 (mmc comexp.msc /32) x64 (dcomcnfg) DCOM parameters? (Following instruction would tend to use 32 bits configuration, but it seemsthat the 64 bits configuration is taken into account
Thanks for any help!!
05/30/2017
Offline
Using anonymous will often create problems with newer OSes.
You may have to go into DCOM config and explicitly allow anonymous logins on the server.
But even then the very old client OS could still have issues.
11/21/2018
Offline
This is what I have done in "Computer" (DCOMCNFG on server):
- Add Anonymous & Everyoner "COM Security",
- Set "Connect/Identify" for "Default properties"
In my servers:
- Authentication Level => None
- "Interactive User"
- "Security" => ensure EveryOne & anonymous have all rights
With this configuration :
- I can enumerate servers from W2K
- If I try to connect, I get a "AddGroup : Acces is denied" error from FactorySoft OPC client (Note that This is the only OPC client I found that could run on W2K without KERNEL32 link error)
- Also note that when I try this connection I get a login callback in my server with "NT AUTHORITY\ANONYMOUS LOGON" identifer, meaning that at least a part of the "connection" is done.
I feel that there is no link with the library we use (LIGHTOPC) because:
- The same issue exists when trying with the MATRIKON demo OPC server
- The issue does not exist if the W2K is configured with a USER/PASS identical to my server.
At least, is it possible to have a few help on the difference between "DCOMCNFG" and "mmc comexp.msc /32". I have a 32 bits server but it seems that the rules used by DCOMCNFG are taken into account?
Thanks in advance
11/21/2018
Offline
I finally found what was the issue by looking into Windows Event log.
I thought that the client was trying to connect as "ANONYMOUS LOGON" due to my Server logs, but actually, the login "Administrator" was used (without password).
I simply had to enable administrator without password on my server and ad it to DCOM group, and it is now OK.
But I still have to determine if all parameters are really required (If I can remove anonymous connections and everyone, I'll do it)
1 Guest(s)
Usage Policy