×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 109768431, Entry date: 07/29/2019
(0)
Rate

Which DCOM settings must be checked for WinCC (V7 and Professional) with OPC DA if the connection between server and client does not work?

  • Entry
  • Associated product(s)
With OPC there is a manufacturer-independent standard via which systems and devices of different manufacturers can exchange data. In this FAQ response we describe which DCOM settings must be checked for WinCC with OPC DA if the connection between server and client does not work or is blocked.

1. Enable DCOM on the computer

  1. Open the Component Services by pressing the Windows key and run "dcomcnfg".
  2. Navigate via "Computer" to "My Computer".
  3. Right-click "My Computer" to open the "Properties".
  4. Select the "Default Properties" tab and then select "Enable DCOM on this computer".


2. COM security settings

  1. Open the Component Services by pressing the Windows key and running "dcomcnfg".
  2. Navigate via "Computer" to "My Computer".
  3. Right-click "My Computer" to open the "Properties".
  4. Select the "COM Security" tab.
  5. Go to "Access Permissions" and click "Edit limits".
  6. For all users (SIMATIC HMI, ANONYMOUS LOGON,..) you select "Local access" and "Remote access" as permissions.
  7. Under "Launch and Activation Permissions" you click "Edit limits".
  8. For all users (SIMATIC HMI, ANONYMOUS LOGON,..) you select the permissions "Local Launch", "Remote Launch", "Local Activation" and "Remote Activation".


3. Checking the DCOM configuration

3.1 Identity of the OPC server

  1. Open the Component Services by pressing the Windows key and running "dcomcnfg".
  2. Navigate via "Computer" to "My Computer".
  3. Open the DCOM configuration.
  4. Navigate to "OPCServer.WinCC".
  5. Right-click "OPCServer.WinCC" to open the "Properties".
  6. In the Properties of "OPCServer.WinCC" you navigate to the "Identity" tab.
  7. Select the "Interactive user".
  8. Confirm with "OK".

Note: If "This user" is set at this point, the user and password must be known on all the computers. Further information is available in Entry 44443989.


3.2 OPCEnum security

  1. Open the Component Services by pressing the Windows key and running "dcomcnfg".
  2. Navigate via "Computer" to "My Computer".
  3. Open the DCOM configuration.
  4. Navigate to "OPCEnum".
  5. Right-click "OPCEnum" to open the "Properties".
  6. In the properties of "OPCEnum" you navigate to the "Security" tab.
  7. Under "Launch and Activation Permissions" you click "Edit".
  8. For all users (SIMATIC HMI, SYSTEM...) the permissions for "Local Launch", "Remote Launch", "Local Activation" and "Remote Activation".
  9. Confirm with "OK".
  10. Go to "Access Permissions" and click "Edit".
  11. For all users (SIMATIC HMI, SYSTEM,..) you assign "Local access" and "Remote access" as permissions.


4. Windows firewall settings

Check the "Windows firewall settings with advanced security" to see whether Port 135 permits a TCP connection with "Inbound" and "Outbound" rules:

  1. Open the "Windows firewall settings with advanced security".
  2. Click "Inbound Rules".
  3. Sort according to "Local Port" and check whether Port 135 has the status "Permit" under "Action".
  4. Click "Outbound Rules".
  5. Sort according to "Local Port" and check whether Port 135 has the status "Permit" under "Action".
  6. If Port 135 is not permitted, start "cmd.exe".
  7. To create an "Inbound Rule" you enter the command "netsh advfirewall firewall add rule name="DCOMIn" dir=in action=allow protocol=TCP localport=135".
  8. To create an "Outbound Rule" you enter the command "netsh advfirewall firewall add rule name="DCOMOut" dir=out action=allow protocol=TCP localport=135".


5. Other OPC servers and clients

Make the same settings (points 1-4) on all the OPC DA servers and clients.


Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.