|
DCOM for XP SP2 Setup Tutorial - Step 1
Windows Firewall Settings
The Windows Firewall settings are found by going to Start- Control
Panel and choosing the Windows Firewall icon. The screen below is the first one shown.
- We suggest using the Windows Firewall and setting it to the On setting
shown below.
- If you choose "Don't allow exceptions" you will not be able to use DCOM or
do any remote OPC Connections. We suggest leaving this unchecked.
- If you choose Off you are turning of the firewall and you can skip the
part of the DCOM configuration. This is NOT RECOMMENDED except for testing purposes or for internal networks which you know
you have otherwise secured from attack. You assume responsibility if you turn off the Windows Firewall.
Next Click on the Exceptions Tab to perform two key steps:
- Enable incoming and outgoing DCOM network access by opening TCP/IP
port 135.
- Enable OPCEnum.exe access to DCOM
- Allow each OPC client and server access to network resources
The screen below already has opcenum.exe and some OPC client and OPC Server
applications enabled as exceptions, and a port opened for DCOM.
Step 1A - Enabling DCOM:
Should be performed on: Client and Server Computers
DCOM isn't associated with any one executable (unlike your OPC clients and OPC
servers) so we will enable it by adding a port. Click on the the Add Port button.
You need to fill out this dialog box exactly as shown above
for DCOM to work. Port 135 is the standard Port number that DCOM uses. TCP must be checked. When done click OK.
If you choose to click on the Change scope button in the Add a Port Dialog, we
recommend the setting above. Any change to this requires advanced knowledge of
the network system you are using and is beyond the scope of this tutorial.
Step 1B - Enable OPCEnum.exe
Should be performed on: OPC Server Computers at a minimum.
- OPCEnum.exe is a standard OPC application installed by nearly every OPC
server on the market. It should be in the \Windows\System32\ directory if present.
- The purpose of OPCEnum.exe is to allow remote OPC clients connect to a
computer with OPC servers installed and ask the computer the question
"Give me a list of your available OPC servers" and get a response. The OPC
client can then pick the desired OPC server from the list and obtain the
necessary data from the remote PC to then be able to establish a connection to that remote OPC server.
- If this step is not performed, or is not successful on any PCs where you
have OPC servers installed, then the symptoms will be that your OPC client
PCs will not be able to browse the remote PC for a list of available OPC servers.
For the reasons above, It is critical that OPCEnum.exe be added as an exception.
To Add OPCEnum.exe, from the Windows Firewall Exceptions tab, click the Add
Program button:
Then in the resulting dialog you can browse to \Windows\System32\ and pick
OPCEnum.exe to add as an exception.
Step 1C - Enable OPC Client and OPC Server Applications
Should be performed on: Client Computers for OPC Client Applications,
Server computers for OPC Server applications.
This step is where your list of OPC client and server applications is important.
Users of Software Toolbox products, Click for a list of applications, their filenames, and install locations.
- The applications may already appear in the exceptions dialog but need to be
marked as exceptions - they would appear potentially using their "friendly name"
- If the applications are not already in the Exceptions list, you will need to
know the name of the application executable (EXE) and its location on your hard drive so you can add it to the list.
Adding an Application:
As an example, we'll use an OPC client application that needs to be added to the
exceptions list. These steps are the same whether you are adding an OPC client or OPC server application.
On the Windows Firewall Exceptions tab, click on the Add Programs button. Using
the dialog below, you can browse to the target application EXE on your hard drive
to add it to the Exceptions list. No changes are required to the areas of setup
accessed by the Change Scope button unless your vendor specific instructions suggest that you make a change there.
Special Notes:
- If you have written your own OPC client application using all of your own
code or using a rapid development tool like our OPC Data Control ActiveX you may need to add two different client side executables:
- First, the name you assigned to your compiled application will
determine what application you need to add on the client side.
- Second, if you need to be able to test in debug mode, remember that
you will need to add the name of the EXE that corresponds to your
development environment needs to be added. For example, if you
use VB6, you need to also add VB6.exe if you plan to work in Visual Basic 6 and test/debug a client application you are writing.
- If you have written your own OPC server application, the same concepts
apply. You must add the name of your application and potentially the
executable that corresponds to your development environment.
- By adding your OPC server as an exception, you automatically take care of
allowing traffic between the OPC server and the devices it communicates
with because granting an exception in the Windows Firewall opens network traffic for that application for all ports.
Summary:
- All EXE programs using OPC remotely should be added.
- It is critical that you add the port for DCOM, grant an exception for
OPCEnum.exe, and grant exceptions for any OPC Clients or OPC Servers that you want to do any remote OPC Connections with.
- You have to do this on any Server or Client PC that has XP SP2 installed.
- Any affected programs that are not on the exceptions list to start with will
have to be added by clicking on the Add Program button.
Once this is all complete you can click OK and exit out of the Windows Firewall
settings. You are done with the first step.
|
