What are the recommended DCOM security settings for OPCEnum, regarding AC800M OPC-AE subscription in 800xA
AFAIK, System 800xA can NOT use OPCEnum to enumerate a remote OPC AE server like it can in the case with remote OPC DA servers (where OPCEnum is launched when browsing).
Also, for regular installations of System 800xA and AC 800M Connect, the OPC AE server and Event Collector (in xA) should run on the same computer - no need for DCOM then.
Remote OPC AE can be "somewhat done" over DCOM by exporting the registry settings for the OPC AE server in regard and import it where the Event Collector runs and use the "Node name" field on the Special Configuration tab of the Service Provider to force DCOM launch (instead of local COM launch which is default).
For security reasons, it is NOT advisable to allow "Everyone" to perform remote launch.
If possible, create a dedicated OPC Connect account and give access to certain users only.
I have attached a few pages from a slide I use when teaching the E143 Troubleshooting 800xA workshop. It describes DCOM settings necessary for OPC DA. OPC AE is similar, but the OPC AE client is called "Event Collector"
Thanks for your information about DCOM settings.
I agree with you on the point that there is no need to go in the DCOM settings for a normal 800xA configuration for AC800M AE
(Event Collector and OPC-Server are installed on the same node).
The problem for me is (or was, at this time I've got a workaround) the inpossibility to connect the OPC Server (AE) to the Event Collector Service group on an second CS-pair.
The Event Collector's Service Provider is pointed to a new installed ConnectivityServer (node)
I noticed the OPCEnum DCOM settings - Identity tab. The radiobutton selection is made on 'The system acount (services only)'
See also the attached file, I only can select this one and the option 'This user'. I've tried this with a several valid acounts, No OPC AE Servers shown up in the dropdown list.
After installing a Third Party OPC AE Explorer program on the new CS (to investigate), the blocked options in the DCOM identity tab (OPCEnum) are available now.
So it is possible to select 'launching user' and after that, several OPC-AE servers are shown up in the dropdown list. I can select my desired OPC AE Server for AC800M.
Now it is working properly, also on my third pair of ConnectivityServers but I can't explain the details.
Maybe someone can..