×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ, Entry ID: 868014, Entry date: 04/18/2018
(9)
Rate

What are the requirements for operating SIMATIC WinCC in a Windows network?

  • Entry
  • Associated product(s)
Several requirements must be fulfilled in the configuration of your Windows environment in order to enable multi-user operation of WinCC. If the settings required for this are not correct, there is no guarantee that WinCC functions error-free in multi-user mode or whether it is at all possible.

Procedure
Make the settings below on your computer to meet the requirements for multi-user operation.

1. IP addressing (TCP/IP)

The IP addressing is the basis for a working logical network. Ensure that the computers to be networked are in a physical and a logical network.

In order to fulfill this condition, you must think about how to structure you network already when assigning the IP addresses. It is not possible for two computers from different logical networks or subnetworks to communicate if you are not using a router.

The network address and subnet mask define the association of a computer to a logical network.

Note
Network address: it is not the IP address of a computer that is meant here, but the address of the network, in other words, just a part of the character string.
There are three different classes of network addresses:


Class

 Available

networks

Available

hosts 

Range 

Example

of a network address

in the range 

Standard

subnet mask 

 A 126 16777214 1-126 5.0.0.0 255.0.0.0
 B 16384 65534 128-191 129.10.0.0 255,255.0.0
 C 2097151 254 192-223 198.10.20.0 255.255.255.0

Table 1: Network addresses for TCP/IP

Note on subnet masks and IP addresses
Further information on the topic is available in Entry ID: 2073614.

Warning
The range of 127.X.Y.Z is reserved for loopback tests and interprocess communication and is not a reliable network address.

Example of a network address: 142.16.x.y | Network | Host |

This is an example of a Class B address. You can tell this from the address range which is from 128 to 191 for Class B. The first two tetrads correspond to the IP network address in this case.

In the case of different IP network addresses (142.16.x.y and 142.11.x.y, for example) you must make further preparations for the client-server operation, because you need a router (gateway) for different network addresses.
When using routers, it is absolutely necessary to read and apply the notes from the WinCC Information System in this path.
WinCC Installation / Release Notes > WinCC Release Notes > Operation Notes >

Note
You can test correct computer addressing with the ping command.
For this you open the input prompt (Start > Run > cmd) and execute the "ping +IP address" command (ping 128.0.0.1, for example) for each other computer.
If you do not get a response, you must check the complete network configuration and parameterization.

2. Name resolution

If you are not using a DHCP service in conjunction with DNS in your network, which does this task automatically, you must configure the "lmhosts" file for name resolution. If you are using a DNS and WINS server, the system also does the name resolution.

The "lmhosts" file is in the path below in Windows.
<Drive>\Windows\system32\drivers\etc\
Open the file with the text editor and enter all the computers that can be reached in the network according to the example in the file. Delete the comments above the entries and then save the changes in the file.

Notes

  • If you edit the "lmhosts.sam" file in the path above, you have to change the name to "lmhosts" to enable. The "lmhosts.sam" file is a sample file that has no effect on the system. The changes only become effective after restarting the computer. Make these changes on all the computers.
  • In order to further optimize the name resolution in the network you write the code word "#PRE" after each entry (default maximum of 100 entries). Entries with this code word are buffered in the cache right at system start. In the case of IP address resolution, the cache is read out first and then the lmhosts file if not all of the computer names can be resolved.
  • By default the "lmhosts" file is imported via the network card setting for the terminal bus.


Fig. 01

  • In large networks, in addition to the "lmhosts" file you should also configure the "hosts" file from the same directory in order to speed up name resolution. Bear in mind that the syntax of the "lmhosts" and "hosts" files is different.
  • All SIMATIC WinCC stations must be logged on in the same workgroup or in the same domain.

A detailed description of the "lmhosts" file is available at the following Microsoft internet sites.
https://msdn.microsoft.com/en-us/library/gg723314.aspx

You can perform another ping command to test whether the changes have been applied.
Open the input prompt (Start > Run... > cmd) and execute the "ping + computer name" command (for example, ping WINCCPC01) for all the computers that you entered in the "lmhosts" file in the previous step.
If you get a response and the computer name has been resolved in the associated IP address, the file is configured correctly and the name resolution works in the network.

3. Operating system

Which version of SIMATIC WinCC requires which operating system is given in Entry ID 64847781. (This also gives information about which WinCC client/server environments are possible.)

Assignment of rights
Which user rights are required for specific actions is given in the WinCC Information System at the link below.
WinCC Installation / Release Notes > Installation Notes > Installation Requirements >

Note
If you install an update (formerly hotfix) or a Service Pack for WinCC, you should always read the Release Notes for this extension. Under certain circumstances the required user rights might change.

4. Terminal bus

The terminal bus must be configured for the right network card in the SIMATIC shell. If you are using multiple network cards, there is the danger that the network card via which the WinCC communication is supposed to run is not selected here.
Notes on configuring the terminal bus are available in Entry ID 25437381.

Another indicator that the network is functioning (availability of the other computers) is that you can see the projects of the other computers in the network in the SIMATIC shell.

5. Network card order

The order of network cards defines the order in which the network services access the network cards You must therefore ensure that the network card/connection (that you have selected as terminal bus) is in first place.

You make the settings in the path below: "Control Panel > Network Connections > Advanced > Advanced Settings > Network Cards and Connections".

If you are using Windows 7 or Windows Server 2008, you must make settings in the Explorer window to get to this setting.
For this you switch to the Windows Explorer. Show the menu bar via "Organize > Layout". You can also have this menu bar displayed temporarily by pressing the "Alt" key.


Fig. 02

Then, via the Control Panel you switch to the "Networks and Release Center". In the left window pane is the "Change adapter settings" button. Click the button and then proceed with the "Advanced" step as already described above.

6. Firewall

Computers often have a firewall installed for security reasons. Only the Windows firewall is released for operation with WinCC. If you activate this, you must then run the SIMATIC Security Control again and "Make settings". Port filters are generally also not released.

Improve the stability of the Windows firewall
If the logging settings "Log discarded packages" and "Log successful connections" are enabled for the Windows firewall, this can lead to a "Deadlock" of the firewall and thus to blocking when WinCC is disabled.
To clear this behavior you install the July 2016 Update rollup from Microsoft as described in theMicrosoft KB 3155768.

Further Information
The WinCC Information System provides more information about distributed systems at the following link.
Configurations >

If you are using WinCC version V5 or older, refer also to the notes in the following document. There you will also find notes on WINS, DNS and IPX.
   
 WinCC_PCS7_lmhost_e.pdf (468.2 KB) 


Additional Keywords
Network configuration, System requirements, HOSTS, LMHOSTS, LMHOST, DNS, WINS, IP address, Subnet, Subnet mask, 70775, 31385098, Client, Server


Security information
In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.