Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-Classic in .NET
- Connections, Reconnections, COM/DCOM
- DCOM raise activation authentication level
DCOM raise activation authentication level
26 May 2022 16:00 #10911
by support
Replied by support on topic DCOM raise activation authentication level
Yes.
The following user(s) said Thank You: FAnsariCMC
Please Log in or Create an account to join the conversation.
- FAnsariCMC
- Offline
- Senior Member
-
Less
More
- Posts: 7
- Thank you received: 1
26 May 2022 11:48 #10906
by FAnsariCMC
Replied by FAnsariCMC on topic DCOM raise activation authentication level
Thank you for the prompt response! I apologize for the double posting. I Thought the first message didn't post for some reason.
You were right, it does exist and I did not see it because I was trying to find it in the instance. I checked out the second link and it recommends using the ComManagement class instead. So this is what my instantiation code looks like now:
public QuickOPC_DaServerMgtWrapper()
{
ComManagement.Instance.Configuration.SecurityParameters.EnsureDataIntegrity = true;
ComManagement.Instance.AssureSecurityInitialization();
_daServerMgt = new EasyDAClient();
}
Please let me know if this is legal.
You were right, it does exist and I did not see it because I was trying to find it in the instance. I checked out the second link and it recommends using the ComManagement class instead. So this is what my instantiation code looks like now:
public QuickOPC_DaServerMgtWrapper()
{
ComManagement.Instance.Configuration.SecurityParameters.EnsureDataIntegrity = true;
ComManagement.Instance.AssureSecurityInitialization();
_daServerMgt = new EasyDAClient();
}
Please let me know if this is legal.
Please Log in or Create an account to join the conversation.
26 May 2022 11:06 #10905
by support
Replied by support on topic DCOM raise activation authentication level
Please also read:
- kb.opclabs.com/COM_management
- kb.opclabs.com/What%27s_new_in_QuickOPC_2022.1#OPC_Classic
The property SharedParameters *does* exist on EasyDAClient. My guess is that you are looking at instance properties, but this is a static property.
Best regards
- kb.opclabs.com/COM_management
- kb.opclabs.com/What%27s_new_in_QuickOPC_2022.1#OPC_Classic
The property SharedParameters *does* exist on EasyDAClient. My guess is that you are looking at instance properties, but this is a static property.
Best regards
Please Log in or Create an account to join the conversation.
- FAnsariCMC
- Offline
- Senior Member
-
Less
More
- Posts: 7
- Thank you received: 1
26 May 2022 10:53 #10904
by FAnsariCMC
Replied by FAnsariCMC on topic DCOM raise activation authentication level
Have there been any changes regarding this?
Looks like Microsoft has confirmed that the hadening changes will be enabled by default in June: support.microsoft.com/en-us/topic/kb5004442-manage-changes-f...52-c141-43d2-941e-37ed901c769c
I checked out the link you provided (kb.opclabs.com/COM_settings_in_OPC_Classic_client_components) and it looks like the newer version does have security properties we can change:
Parameters from ComManagement.Instance.Configuration.InstantiationParameters, possibly overridden by values from EasyXXClient.SharedParameters.ClientParameters.ComInstantiationParameters, are used for instantiations of target OPC servers.
However, I cannot seem to find SharedParameters under the EasyDAClient class. I am running v5.63.194 Nuget package.
Looks like Microsoft has confirmed that the hadening changes will be enabled by default in June: support.microsoft.com/en-us/topic/kb5004442-manage-changes-f...52-c141-43d2-941e-37ed901c769c
I checked out the link you provided (kb.opclabs.com/COM_settings_in_OPC_Classic_client_components) and it looks like the newer version does have security properties we can change:
Parameters from ComManagement.Instance.Configuration.InstantiationParameters, possibly overridden by values from EasyXXClient.SharedParameters.ClientParameters.ComInstantiationParameters, are used for instantiations of target OPC servers.
However, I cannot seem to find SharedParameters under the EasyDAClient class. I am running v5.63.194 Nuget package.
Please Log in or Create an account to join the conversation.
- FAnsariCMC
- Offline
- Senior Member
-
Less
More
- Posts: 7
- Thank you received: 1
26 May 2022 10:28 #10903
by FAnsariCMC
Replied by FAnsariCMC on topic DCOM raise activation authentication level
Hello,
Has this seen any changes? The link you provided does say that the latest version does have mention:
Parameters from ComManagement.Instance.Configuration.InstantiationParameters, possibly overridden by values from EasyXXClient.SharedParameters.ClientParameters.ComInstantiationParameters, are used for instantiations of target OPC servers.
However, I cannot find SharedParameters under the EasyDAClient class.
Thank you.
Has this seen any changes? The link you provided does say that the latest version does have mention:
Parameters from ComManagement.Instance.Configuration.InstantiationParameters, possibly overridden by values from EasyXXClient.SharedParameters.ClientParameters.ComInstantiationParameters, are used for instantiations of target OPC servers.
However, I cannot find SharedParameters under the EasyDAClient class.
Thank you.
Please Log in or Create an account to join the conversation.
20 Oct 2021 16:34 #10271
by support
Replied by support on topic DCOM raise activation authentication level
Thank you for the interesting link. You might be right - although I am not sure, it would need quite a deep investigation.
Currently, there is no way to tell EasyDAClient to specify RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. The current behavior is summarized here: kb.opclabs.com/COM_settings_in_OPC_Classic_client_components .
We can think of adding some configurable setting to a future version; but with the currently released version (2021.2), it cannot be done.
Best regards
Currently, there is no way to tell EasyDAClient to specify RPC_C_AUTHN_LEVEL_PKT_INTEGRITY. The current behavior is summarized here: kb.opclabs.com/COM_settings_in_OPC_Classic_client_components .
We can think of adding some configurable setting to a future version; but with the currently released version (2021.2), it cannot be done.
Best regards
The following user(s) said Thank You: ToSi
Please Log in or Create an account to join the conversation.
19 Oct 2021 09:59 #10268
by ToSi
Replied by ToSi on topic DCOM raise activation authentication level
Hello,
Sadly the key was not present, so this is not causing the problem. I have the feeling the need for RPC_C_AUTHN_LEVEL_PKT_INTEGRITY is now standardized in windows. See the following article: winprotocoldoc.blob.core.windows.net/productionwindowsarchiv...5BMS-DCOM%5D-210407-errata.pdf
I quote the important part of the article here:
I have tested with Matrikon OPC Explorer, Connectivity Explorer and my own Client (based on QuickOPC). I don't know about any modern clients who could solve this issue.
Best Regards
ToSi
Sadly the key was not present, so this is not causing the problem. I have the feeling the need for RPC_C_AUTHN_LEVEL_PKT_INTEGRITY is now standardized in windows. See the following article: winprotocoldoc.blob.core.windows.net/productionwindowsarchiv...5BMS-DCOM%5D-210407-errata.pdf
I quote the important part of the article here:
To come back to QuickOPC and not get lost in DCOM configuration and internal windows stuff, is there a way to configure my EasyDAClient to connect with the discussed authentication level? Or do I just need to set the authentication level to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in the DCOM settings?The default activation authentication level is raised to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
level on client-side and the required activation authentication level needs to be at least at
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level for authenticated activation on the server
I have tested with Matrikon OPC Explorer, Connectivity Explorer and my own Client (based on QuickOPC). I don't know about any modern clients who could solve this issue.
Best Regards
ToSi
Please Log in or Create an account to join the conversation.
18 Oct 2021 05:19 #10267
by support
Replied by support on topic DCOM raise activation authentication level
Hello.
Look, I do not know what is causing your issue. I am just investigating the possibilities. The reason I started with this specific suspicion is because the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY requirement as a result of Microsoft update has recently been discussed on OPC forums, and the message from OPCExplorer specifically mentions RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, so there could be some relation. But it can also be something else.
DCOM configuration & security is quite complex - and can differ based on system versions and configurations - that we normally do not support our customers setting it up.
Is there any other remote client that *can* connect to this server?
Best regards
Look, I do not know what is causing your issue. I am just investigating the possibilities. The reason I started with this specific suspicion is because the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY requirement as a result of Microsoft update has recently been discussed on OPC forums, and the message from OPCExplorer specifically mentions RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, so there could be some relation. But it can also be something else.
DCOM configuration & security is quite complex - and can differ based on system versions and configurations - that we normally do not support our customers setting it up.
Is there any other remote client that *can* connect to this server?
Best regards
Please Log in or Create an account to join the conversation.
16 Oct 2021 15:51 #10266
by ToSi
Replied by ToSi on topic DCOM raise activation authentication level
Hello,
Well, I misunderstood the article then. If the key is present and its value is set to 1, are there any additional steps we can do on the server-side? I don't have direct access to the machine and therefore have to tell the admin about any needed changes.
Thanks for the support until now.
Best Regards,
ToSi
Well, I misunderstood the article then. If the key is present and its value is set to 1, are there any additional steps we can do on the server-side? I don't have direct access to the machine and therefore have to tell the admin about any needed changes.
Thanks for the support until now.
Best Regards,
ToSi
Please Log in or Create an account to join the conversation.
16 Oct 2021 15:41 #10265
by support
Replied by support on topic DCOM raise activation authentication level
Thank you.
I am not sure where the key applies, but I think it is more on the server side.
And, I did not suggest to add the key. I was just asking a question.
But in the end, what I intended to assure was the *opposite* to your change. I wanted to make sure that the key is *not* present, or is equal to 0: When the key is present and equal to "1", it means that (on newer systems, with particular Microsoft update) more stringent security is required - and it can bring problems to a large installed based of OPC Classic systems.
Can you please revert the change, and inspect what is the status of the key on the server side?
Best regards
I am not sure where the key applies, but I think it is more on the server side.
And, I did not suggest to add the key. I was just asking a question.
But in the end, what I intended to assure was the *opposite* to your change. I wanted to make sure that the key is *not* present, or is equal to 0: When the key is present and equal to "1", it means that (on newer systems, with particular Microsoft update) more stringent security is required - and it can bring problems to a large installed based of OPC Classic systems.
Can you please revert the change, and inspect what is the status of the key on the server side?
Best regards
Please Log in or Create an account to join the conversation.
Moderators: support
- Forum
- Discussions
- QuickOPC-Classic in .NET
- Connections, Reconnections, COM/DCOM
- DCOM raise activation authentication level
Time to create page: 0.075 seconds