Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

× If you are developing in .NET, but are using the OPC-UA (OPC Unified Architecture), please post in the QuickOPC-UA category instead.

Connection to same machine with 5.62 possible but with 5.71 I get "Acces Denied"

More
20 Nov 2023 12:13 #12379 by support
Hello,
can you please answer following questions:

In your test (1) below, is the application running .NET Framework (4.7.x/4.8), or .NET 6+?

In your test (2) below, is the ASP NET running your app in 32-bit process, or in 64-bit process?

Thank you

Please Log in or Create an account to join the conversation.

More
20 Nov 2023 11:20 #12378 by mut9bu
Hello

I think we are one step forward: :-)

After long trials: I have noticed following 2 points:

1)****************************************************************************
Just When I set following security parameters: (of course before creating client object)

ComManagement.Instance.Configuration.InstantiationParameters.OverrideDefaultSecurity = false;
ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity = false;

I still get "Acces Denied" for browsing servers. but when I tried 1) client.BrowseBranches(ipaddress, "OPC.IwSCP.1" ,"") by writing the OPC Server name manualy
and 2) client.ReadMultipleItems(...) I can browse the branches and read also the values of the tags without problem !!!

That means: I have just problem on browsing the servers. I thought, when I get "Acces Denied" at this step I would get it also in browsing branches and reading items.
But as said with the above setted two security parameters browsing branches and reading items is working. But why not the browsing?

2)*****************************************************************************
After this observations I implemented the settings and the code in my real project (ASP NET Core Blazor Server Side with .NET7) which is on the same server like the console test app. In this case of course I can still not browse servers but when trying client.BrowseBranches(ipaddress, "OPC.IwSCP.1" ,"") this time I get following Error:

The COM server does not support the interface 'OpcRcw.Da.IOPCServer'.

This problem could be caused by:
- incorrectly installed proxy/stubs.
- problems with the DCOM security settings.
- a personal firewall (sometimes activated by default).

My code is

public void MTX_Connect()
{
ComManagement.Instance.Configuration.InstantiationParameters.OverrideDefaultSecurity = false;
ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity = false;
Browse_Servers();
Browse_nodes();

}

public void Browse_Servers()
{
var client = new EasyDAClient();
ServerElementCollection serverElements;
try
{
serverElements = client.BrowseServers(IPAdress);
}
catch (OpcException opcException)
{
Console.WriteLine("*** Failure: {0}", opcException.GetBaseException().Message);
return;
}

foreach (ServerElement serverElement in serverElements)
{
Console.WriteLine($"ServerElements(\"{serverElement.ClsidString}\").ProgId: {serverElement.ProgId}");
using (StreamWriter sw = File.AppendText(CommonClass.error_path))
{
sw.WriteLine($"ServerElements(\"{serverElement.ClsidString}\").ProgId: {serverElement.ProgId}" + " " + Convert.ToString(DateTime.Now));

}
}
}

public void Browse_nodes()
{
// Instantiate the client object.
var client = new EasyDAClient();
DANodeElementCollection branchElements;
try
{
branchElements = client.BrowseBranches("10.92.120.174", "OPC.IwSCP.1", "");
}
catch (OpcException opcException)
{
Console.WriteLine("*** Failure: {0}", opcException.GetBaseException().Message);
return;
}

foreach (DANodeElement branchElement in branchElements)
{
Console.WriteLine($"BranchElements(\"{branchElement.Name}\").HasChildren: {branchElement.HasChildren}");
}

}

Please Log in or Create an account to join the conversation.

More
20 Nov 2023 09:57 #12377 by support
Hello.

I am concerned about the contents of the event log message (1). The problem is the "(Default)" part in it. If you set anything in ComManagement.Instance.Configuration.SecurityParameters to be different from the default, the difference should appear listed in the event log message. For example. this code I tested:
        static void Main(string[] args)
        {
            ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity = false;
 
            var client = new EasyDAClient();
            client.BrowseServers();
        }

results in the following event log message:

COM security initialization (process "zz3653" Id 41588, application domain "zz3653.exe" Id 1) for requestor 'ComSecurityInitializingEasyDAClient' succeeded; the initialization object was: UseCustomSecurity=False.
Made system call: yes, current thread name: "", from thread pool: no, apartment state: MTA.

(I highlighted the relevant part).

If you are seeing always "(Default)", then your settings in ComManagement.Instance.Configuration.SecurityParameters are being ignored. Are you setting them before creating the EasyDAClient object?

Regards

Please Log in or Create an account to join the conversation.

More
20 Nov 2023 07:49 #12376 by mut9bu
Hello

My target is to find a solution for this issue this week, so I will give my full capacity for this issue.
To your question, what is logged in the eventviewer: If I run my minimized console app with OPCLabs 5.62, I get just following info messages in the appl. log:

1) COM security initialization (process "ConsoleApp1" Id 13056, application domain "ConsoleApp1.exe" Id 1) for requestor 'ComSecurityInitializingEasyDAClient' succeeded; the initialization object was: (Default).
Made system call: yes, current thread name: "", from thread pool: no, apartment state: MTA.

2) COM instantiation parameters (process "ConsoleApp1" Id 13056, application domain "ConsoleApp1.exe" Id 1) are: OverrideDefaultSecurity=False.

Today I will add an algoritm into my code for adjusting all the relevant security parameters, programaticaly.
That means for each combination of the rel. parameters it will trigger o "browse server" automatically.

Before doing that I wanted to be sure: What security parameter should I add additionaly to the known 4 parameters for this test?

ComManagement.Instance.Configuration.InstantiationParameters.OverrideDefaultSecurity
ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity
ComManagement.Instance.Configuration.SecurityParameters.TurnOffCallSecurity
ComManagement.Instance.Configuration.SecurityParameters.AllowImpersonateClient

Please Log in or Create an account to join the conversation.

More
17 Nov 2023 15:17 #12375 by support
Hello.

The order of setting the parameters is not relevant. They should be placed as early as possible in the program - before any COM (OPC) operation is made.
Can you please check the Windows Event log (Application log) for events near the time the program is started? If there is an event (or more events), please post it here.

The last statement you have (ComInstantiationParameters.Default.TurnOffActivationSecurity = // true-false) is meaningless. It does not do anything useful. If you intended to modify the TurnOffActivationSecurity value, you need to do analogically to the other statements, i.e. inside the ComManagement.Instance.Configuration object or its sub-properties.

Regards

Please Log in or Create an account to join the conversation.

More
17 Nov 2023 14:34 #12374 by mut9bu
Thank you for the links, I have read all of them.
I have nearly tried all of the combinations of following security parameters in 5.71,without succes. Always get Access is denied.
Is the order of the parameters critical? Or where exactly I should place them?

In 5.62, still I can browse and read data from the same opc.da server without setting any parameter.
Isn't there any formula of the security parameters to set, in order to achieve the state of 5.62?
I would give up long ago if with 5.62 I couldn't connect.

There is still something missing but what :(

ComManagement.Instance.Configuration.InstantiationParameters.OverrideDefaultSecurity = false; //allways false
ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity = false; // true-false
ComManagement.Instance.Configuration.SecurityParameters.TurnOffCallSecurity = true; // true-false
ComManagement.Instance.Configuration.SecurityParameters.AllowImpersonateClient = true; // true-false
ComInstantiationParameters.Default.TurnOffActivationSecurity = // true-false

var client = new EasyDAClient();

//client.InstanceParameters.EnableNetApiClient = false;
ServerElementCollection serverElements;


try
{
Console.WriteLine("Halllooooooo");
serverElements = client.BrowseServers("10.92.120.174");
}
catch (OpcException opcException)
{
Console.WriteLine("*** Failure: {0}", opcException.GetBaseException().Message);
Console.ReadLine();
return;
}

foreach (ServerElement serverElement in serverElements)
{
Console.WriteLine($"ServerElements(\"{serverElement.ClsidString}\").ProgId: {serverElement.ProgId}");

}
Console.ReadLine();

Please Log in or Create an account to join the conversation.

More
17 Nov 2023 13:04 #12373 by support
Hello.
If I can guess, this is related to changes made in version 2022.1 (5.63), and not specifically in 5.71 or the versions in between.

Please read:
- kb.opclabs.com/What%27s_new_in_QuickOPC_2022.1
- kb.opclabs.com/COM_settings_in_OPC_Classic_client_components
and possibly kb.opclabs.com/COM_settings_in_OPC_Classic_client_components .

One thing that you have not covered in your experiments with changing the settings is the OverrideDefaultSecurity property, which has a default ('true') which indeed causes a different behavior between versions up to 5.62, vs 5.63 and later. So, please try to set this property to 'false'. You can do this globally in ComManagement.Instance.Configuration.InstantiationParameters, or for specific purposes in

- EasyXXClient.SharedParameters.MachineParameters.ComInstantiationParameters: This for OPCEnum, which is what BrowseServers uses.
- EasyXXClient.SharedParameters.ClientParameters.ComInstantiationParameters: This is for connections to the actual target OPC servers.

Regards

Please Log in or Create an account to join the conversation.

More
16 Nov 2023 06:13 - 17 Nov 2023 05:46 #12372 by mut9bu
Hello

I have used Quick OPC V5.62 without problem. I could connect to machine A 's OPC DA server without problem. (Without setting any security parameter)
I had to upgrade my .NET to .NET7 so I have updated Quick OPC to the latest version V5.71.
But then I got with the same code, on the same server , for the same machine the Error: "Acces Denied" while browsing the OPC DA servers.
As you see in the code below I have tried to set some security parameters with different combinations, but without succes.

I could reproduce the problem with a minimum .NET framework console app like this: (This is the complete code) NetFramework 4.7.2
For testing I run one console application with 5.62 and the other with 5.71 on the same server under the same conditions. (Visual Studio 2022 netframework 4.7.2, Debug mode)

With 5.62 I can browse the OPC DA servers without problem:
ServerElements("9cc7e5b1-dfa5-11d8-983b-000102df7c07").ProgId: Marposs.OPCServerDA.1
ServerElements("108fb1cf-f509-4d86-b1da-54bf1dd67a8d").ProgId: OPC.IwSCP.1
ServerElements("cd049e4b-67fb-4673-bf09-8d47896e3d09").ProgId: Studio.Scada.OPC
ServerElements("193b9f48-1d59-477b-933f-391346163677").ProgId: IndraLogic.OPC.02

With 5.71 I get Acces Denied Error
*** Failure: Access is denied.
+ COM security initialization object: (Default).
+ COM instantiation parameters: (Default).
+ The machine name was '10.92.120.174'.
+ Execution details: HasNativeClient=True, HasNetApiClient=True.
+ The client method called (or event/callback invoked) was 'BrowseServers'.

Is it possible that on V5.71(different to 5.62) some security parameters are set in default, so that I have to change them?
I think there must be something different in V5.71 compared to V5.62.

namespace ConsoleApp1
{
class Program
{
static void Main(string[] args)
{

//These three lines I have added for 5.71 after I got "Acces Denied". With all possible combinations, still not worked
//ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity = false;
//ComManagement.Instance.Configuration.SecurityParameters.TurnOffCallSecurity = true;
//ComInstantiationParameters.Default.TurnOffActivationSecurity = true;

var client = new EasyDAClient();
ServerElementCollection serverElements;
try
{
Console.WriteLine("Halllooooooo");
serverElements = client.BrowseServers(ipadress);
}
catch (OpcException opcException)
{
Console.WriteLine("*** Failure: {0}", opcException.GetBaseException().Message);
Console.ReadLine();
return;
}

foreach (ServerElement serverElement in serverElements)
{
Console.WriteLine($"ServerElements(\"{serverElement.ClsidString}\").ProgId: {serverElement.ProgId}");

}
Console.ReadLine();

}

}
}
Last edit: 17 Nov 2023 05:46 by mut9bu. Reason: Additional info added

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.077 seconds