DCOM Errors and Troubleshooting
The following describes the most common DCOM errors and problems, their causes, and how to resolve them.
Symptom
The usual symptom is an inability for an OPC client to establish an initial connection with the OPC server.
Cause
0x800401F3
is an error that occurs when the function CLSIDFromProgID is unable to determine an OPC Server Class ID (CLSID) from the given Program ID (ProgID). The ProgID is used to identify the name of an OPC server. This is usually due to the fact that the OPC server fails to correctly register itself.
Repair Procedure
If the OPC server installation was performed correctly during the setup, you have to register the OPC server as follows to fix this problem:
- Click the Windows Start button, and select All Programs > Accessories > Run.
- In the Run dialog box, enter the name of the Desigo CC OPC server with the complete path (for example, [Installation Drive]:\[Installation Folder]\GMSMainProject\Bin\[company name].Gms.OPCServer.exe) or drag the file from Windows Explorer.
- After the OPC server name, enter –RegServer.
- Click OK.
Symptom
When an OPC client application is unable to receive callbacks from an OPC server, users will notice at least two symptoms:
- The OPC client application fails to create an OPC group.
- The OPC client application is not able to show data updates. Consequently, data values remain unchanged.
Cause
0x80040202
is an error that appears in the OPC client application when it fails to receive a callback from the OPC server.
Firewall Repair Procedure
If the OPC client computer is behind a firewall (hardware or software), callbacks may fail to arrive at their destination. While the OPC client will be able to make outgoing OPC calls, callbacks from the OPC server may be blocked by the firewall. To correct the problem, you need to turn off the firewall.
If the computer resides on a safe network, there is usually little potential damage as long as the firewall is turned off for a short period of time. Check with the Network Administrator to ensure it is safe to temporarily turn off the firewall.
To turn off the Windows Firewall, do the following:
- Click the Windows Start button, and then select Control Panel.
- In the Control Panel window, select Windows Firewall.
- In the Control Panel Home, click Turn Windows Firewall on or off.
- In the Customize Settings window, select Turn off Windows Firewall (not recommended).
Once the communication works, ensure that you turn the Firewall back on.
Authentication Failure Repair Procedure
Once a callback reaches the OPC client computer, the operating system will attempt to authenticate the arriving user name and password combination with its existing list. Windows will reject this combination for various reasons as described in the following procedures.
User Name and Password Combination
It is imperative that both the user name and password are recognized on both the OPC client and server computers. In the case of callbacks, it is possible that the user name and passwords on one computer do not match the other computer. You must carefully ensure that all combinations match on both computers.
Guest Only
The default setting in Windows XP and later when using workgroups is to force local users to authenticate as guest. This is also known as Simple File Sharing. This default setting does not allow you the necessary authentication level for working. You must turn this option off as follows:
- Open the Local Security Policy window, in one of the following ways:
- Click the Windows Start button, and then select Control Panel. In the Control Panel window, select Administrative Tools, and then select Local Security Policy.
- Click the Windows Start button, and then select Run. In the Run dialog box, type secpol.msc, and click OK.
- Under Security Settings, expand Local Policies, and then select the Security Options folder.
- Search for the Network access: Sharing and security model for local accounts option and set to Classic - local users authenticate as themselves.
OPC Server Identity Issues
Callbacks take the identity of the OPC server. This identity is governed by the OPC server identity setting and the OPC client computer does not recognize this specific user account (in case the OPC server identity is set as This user), or the launching user (in case the OPC server identity is set as Launching user).
In this case, you must add the user account of this person to the OPC client computer. It is also possible that this user account does not have access rights to the OPC client computer, or that their user account is explicitly denied access in the access control list (ACL) of the system-wide DCOM settings.
Access Control List Issues and COM Security Repair Procedure
Once Windows authenticates the user account that initiated the callback, it will check the access rights of the user account in the OPC client access control list (ACL). In this case, since we are working with a callback, Windows refers to the security limits settings for the DCOM access permissions.
Configuring System-wide DCOM Settings
The system-wide DCOM settings changes affect all the Windows applications that use DCOM, including the OPC application. To make the necessary changes, see the following procedure. Note that even though you have to perform these steps on the OPC server computer, these steps may also be required also on the OPC client computer.
- Click the Windows Start button, and select Run.
- In the Run dialog box, type DCOMCNFG to display the Component Services window and initiate the DCOM configuration process. Then click OK.
- In the Component Services window, under Console Root, expand Component Services, and then expand the Computers folder.
- My Computer is in the Computers folder.
- Right-click My Computer and select Properties.
- In the My Computer Properties dialog box, select the COM Security tab.
- In the Access Permissions section, click Edit Limits.
- Add Anonymous Logon and enable Local and Remote Access.
- Add Everyone and enable Local and Remote Access.
- Click OK.
Symptom
0x80070002 File not found
is a DCOM error that occurs when DCOM is unable to find the OPC server file.
Cause
The most common cause is that the OPC server is no longer in the same directory as it originally was.
Repair Procedure
To repair this error, check that the OPC server file is present in the project folder (for example, [Installation Drive]:\[Installation Folder]\GMSMainProject\bin). If not, reinstall Desigo CC.
Symptom
0x80070003 Directory not found
is a DCOM error that occurs when the users try to connect to the OPC server but DCOM uses the wrong name for the OPC server folder (directory).
Cause
This typically happens when you move an OPC server to a different folder, or if you rename one of the folders in the OPC server path.
Repair Procedure
- To repair this error, do one of the following:
- Verify that the OPC server file is present in the project folder (for example, [Installation Drive]:\[Installation Folder]\GMSMainProject\bin). If not, reinstall Desigo CC.
- Rename the folder with the correct folder name.
Symptom
0x80070005
is a DCOM error that appears in the OPC client application when it succeeds in launching an OPC server or OpcEnum, but fails to receive a reply from either of the applications.
Cause
This error may occur in different conditions:
- On the OPC server computer, the OPC client user account does not have the correct access control list (ACL) permissions in the system-wide DCOM settings, Access Permissions, and Edit Default.
- On the OPC client computer, the OPC server user account does not have the correct access control list (ACL) permissions in the system-wide DCOM settings, Access Permissions, and Edit Limits.
- On the OPC client computer, the DCOM default impersonation level is set to Anonymous instead of Identify, and the Anonymous Logon access control entry (ACE) does not exist in the OPC client computer, access control list (ACL) permissions in the system-wide DCOM settings, Access Permissions, and Edit Limits.
This error occurs when DCOM communication is stopped by the access control list (ACL) of either the OPC client computer or OPC server computer.
Repair Procedure
To fix this error, proceed as indicated in the following procedures.
Modify the Access Control List (ACL) for the OPC Server Computer
The system-wide changes affect all the Windows applications that use DCOM, including the OPC application. To make the necessary changes on the OPC server computer, proceed as follows:
- Click the Windows Start button, and select Run.
- In the Run dialog box, type DCOMCNFG to display the Component Services window and initiate the DCOM configuration process. Then click OK.
- In the Component Services window, under Console Root, expand Component Services, and then expand the Computers folder.
- My Computer is in the Computers folder.
- Right-click My Computer and select Properties.
- In the My Computer Properties dialog box, select the COM Security tab.
- In the Access Permissions section, click Edit Default.
- Add Everyone and enable Local and Remote Access.
- Click OK.
Modify the Access Control List (ACL) for the OPC Client Computer
The system-wide changes affect all the Windows applications that use DCOM, including the OPC application. To make the necessary changes on the OPC client computer, proceed as follows:
- Click the Windows Start button, and select Run.
- In the Run dialog box, type DCOMCNFG to display the Component Services window and initiate the DCOM configuration process. Then click OK.
- In the Component Services window, under Console Root, expand Component Services, and then expand the Computers folder.
- My Computer is in the Computers folder.
- Right-click My Computer and select Properties.
- In the My Computer Properties dialog box, select the COM Security tab.
- In the Access Permissions section, click Edit Default.
- Add Everyone and enable Local and Remote Access.
- Click OK.
- Select the Default Property tab.
- From the Default Impersonation Level drop-down list, select Identify.
- Click Apply.
Symptom
0x800706BA
is a DCOM error that displays on the OPC client application when the OPC client determines that its connection to the OPC server is alive, but it is not.
When this error occurs, users will notice one or more of the following symptoms:
- The OPC client application fails to create an OPC group.
- The OPC client application is not able to show data updates. Consequently, data values remain unchanged.
- The OPC server shows as running on the OPC server computer, but the OPC client application is not able to connect to the OPC server.
Cause
This error can occur in different conditions including:
- The OPC client application launched the OPC server successfully, but due to a lack of permissions (DCOM or otherwise), the OPC client cannot access the OPC server for data. In this case, the OPC server may actually be running, but is not accessible to the OPC client.
- The OPC server was initially running, but access was terminated. For example, the server was shut down.
- The OPC client computer is trying to create a group, but the firewall is on for the OPC client computer.
In 0x800706BA DCOM error, the OPC server suddenly becomes unavailable to the OPC client (or simply disconnected from the OPC client application). This can happen due to any of the following factors:
- OPC server has shut down without informing the OPC client application. This shutdown might be due to a user ending the OPC server Windows process (using Task Manager), or a crash on the OPC server.
- OPC server becomes physically disconnected from the OPC client application. For example, someone disconnects a network cable, or a network device (such as, a hub, switch, router, and so on) fails.
- The OPC client application is suddenly not able to receive callbacks from the OPC server due to a change in its own Windows configuration. For example, someone may turn on the Windows Firewall, enables Simple File Sharing, or changes the Security Limits of the DCOM access permissions.
Repair Procedure
In the case of DCOM error 0x800706BA, first you must check if the OPC server is still running. If the OPC server has shut down, analyze the Trace Viewer logs to find the cause of the unexpected shutdown.
Next, reconnect the OPC client to the server to automatically restart the OPC server. Once the OPC server is connected, ensure that the OPC client application is able to retrieve data using a synchronous method. Specifically, you should attempt to issue a Synchronous Cache Read, or a Synchronous Device Read. As each OPC client application performs these operations in a different way, check with your OPC client application vendor to find out how to perform these types of reads.
- If the synchronous read operation fails, you must modify the DCOM permissions on the OPC server as described in Add Correct Access Permissions on the OPC Server Computer, below.
- If the synchronous read returns results successfully but you still receive the same DCOM error 0x800706BA, you must turn off Windows firewall as described in Turn off Windows Firewall, below.
Add Correct Access Permissions on the OPC Server Computer
Windows uses the COM Security tab to set the system-wide Access Control List (ACL) for all objects.
To add the correct permissions, proceed as follows:
- Click the Windows Start button, and select Run.
- In the Run dialog box, type DCOMCNFG to display the Component Services window and initiate the DCOM configuration process. Then click OK.
- In the Component Services window, under Console Root, expand Component Services, and then expand the Computers folder.
- My Computer is in the Computers folder.
- Right-click My Computer and select Properties.
- In the My Computer Properties dialog box, select the COM Security tab.
- In the Access Permissions section, click Edit Default.
- Add Everyone and select the Local and Remote Access options.
- In the Access Permissions section, click Edit Limits.
- Add Anonymous Logon and Everyone to the list of Group or user names. Then enable Local and Remote Access options.
- In the Launch and Activation Permissions section, click Edit Default.
- Add Everyone to the list of Group or user names. Then enable the Local and Remote Launch and Activation options.
- In the Launch and Activation Permissions section, click Edit Limits.
- Add Everyone to the list of Group or user names. Then enable Local and Remote Launch and Activation options.
- Click OK.
Turn off Windows Firewall
If the OPC client computer is behind a firewall (hardware or software), callbacks may fail to arrive at their destination. While the OPC client will be able to make outgoing OPC calls, callbacks from the OPC server may be blocked by the firewall. To correct the problem, you need to turn off the firewall.
If the computer resides on a safe network, there is usually little potential damage as long as the firewall is turned off for a short period of time. Check with the Network Administrator to ensure it is safe to temporarily turn off the firewall.
To turn off the Windows Firewall, do the following:
- Click the Windows Start button, and then select Control Panel.
- In the Control Panel window, select Windows Firewall.
- In the Control Panel Home, click Turn Windows Firewall on or off.
- In the Customize Settings window, select Turn off Windows Firewall (not recommended).
Once the communication works, ensure that you turn the firewall back on.
Add Correct Access Permissions on the OPC Client Computer
To add the correct permissions, proceed as follows:
- Click the Windows Start button, and select Run.
- In the Run dialog box, type DCOMCNFG to display the Component Services window and initiate the DCOM configuration process. Then click OK.
- In the Component Services window, under Console Root, expand Component Services, and then expand the Computers folder.
- My Computer is in the Computers folder.
- Right-click My Computer and select Properties.
- In the My Computer Properties dialog box, select the COM Security tab.
- In the Access Permissions section, click Edit Limits.
- Add Everyone to the list of Group or user names. Then enable the Local and Remote Access options.
- Click OK.
Symptom
When an OPC client application is unable to find the OPC server, users receive an error informing that the OPC client application cannot obtain the Class ID (CLSID) of the OPC server. Depending on the software product in use, this error may appear in different formats as follows:
CLSID not found in Registry
OPC Server CLSID not found in Registry
Cannot browse for OPC Servers on remote machine
Unable to connect to the data source, COM error
Failed to initialize Server Object. Invalid Class String
Failed to obtain a valid CLSID for server [OPC Server name]
DCOM error for CLSID 13486D44-4821-11D2-A494-3CB306C100000
Unable to find any OpcEnum server on; CLSID returns 800706BA
Cause
This error displays in the OPC client application when it fails to find the OPC server. The two most common causes are the following:
- Failure to find the OPC server in the Windows registry
- Failure to connect to OPCENUM.EXE
The inability to establish the first connection with an OPC server is both the first and most common error encountered when using OPC. When an OPC client application tries to connect to an OPC server, the OPC client application must be able to identify the correct application (OPC server) to which it will connect. Each OPC server is identified by a Class ID (CLSID).
Most of the OPC client applications attempt to display a list of available OPC servers on the target computer. This process is called browsing, and is the process whereby the OPC client application is able to view the OPC servers installed on the remote computer.
When the OPC client performs a browse, it actually connects to a copy of OpcEnum, which resides on the remote computer, and retrieves the list of available OPC servers. This list includes the ProgID (human friendly name) and the CLSID (the numerical identification) of each OPC server.
The OpcEnum is used to browse for OPC servers that are located on the same computer as OpcEnum.
At this point, the OPC client does not actually connect to the OPC servers directly. Consequently, the retrieval of the list is independent of the state of each OPC server and whether or not it is operational.
If for any reason the OPC client application is unable to find the CLSID, it will not be able to connect to the OPC server and use any of the messages previously described (see Symptom, above).
User Authentication Issues Repair Procedure
It can happen that you are not authenticated on the remote computer. If Windows does not recognize your user account, it will reject your entry immediately without attempting a connection to the OPC server. Such scenario may occur in at least a couple of circumstances.
- The user account does not exist on the remote machine.
- If you are attempting entry from a Windows domain to another, then you must either establish a domain trust, or add your user account to both the Windows domains.
- If you are using a workgroup, you must add the user account to the remote computer. Ensure that you use the same spelling for the user name. Also ensure that you use the same spelling and capitalization for the password. Finally, ensure that each user account has a password. The remote authentication requires you to have a user name and a password. If the user account does not have a password, the authentication will fail. Note that if you are using a single Windows domain, this problem will not occur.
- Simple File Sharing is turned on.
Simple File Sharing strips the username and password from requests coming in from remote computers. As a result, users will not be able to authenticate properly.
To turn off Simple File Sharing, do the following:
- Open the Local Security Policy window, in one of the following ways:
- Click the Windows Start button, and then select Control Panel. In the Control Panel window, select Administrative Tools, and then select Local Security Policy.
- Click the Windows Start button, and then select Run. In the Run dialog box, type secpol.msc, and click OK.
- Under Security Settings, expand Local Policies, and then select the Security Options folder.
- Search for the Network access: Sharing and security model for local accounts option and set to Classic - local users authenticate as themselves.
OpcEnum is not Installed Repair Procedure
The OPC Foundation is responsible for creating and maintaining OpcEnum. OpcEnum is typically installed when you install an OPC client or OPC server. However, this is not always the case: it is possible that a computer does not have a local copy of OpcEnum installed.
OpcEnum is only able to browse for OPC servers on the machine on which it is running. Therefore, OpcEnum cannot perform a browse on remote computers. So, even if a copy of OpcEnum is present on your computer, you will not be able to browse the remote computer.
Use Windows Explorer to determine if OpcEnum is installed on the computer you want to browse. The file name is OpcEnum.exe. If OpcEnum is not installed, you need to install it. OpcEnum is available as a free application from the OPC Foundation (https://www.opcfoundation.org).
OpcEnum is Disabled Repair Procedure
Even if OpcEnum is installed on the remote computer, it must be able to start, otherwise the communication will fail. If Startup Type for OpcEnum is set to Disabled, Windows will not be able to start OpcEnum. You must enable OpcEnum.
To check the startup type for OpcEnum, proceed as follows:
- Click the Windows Start button, and then select Control Panel.
- In the Control Panel window, select Administrative Tools, and then double-click Computer Management.
- The Computer Management window for the local computer displays. Computer Management (Local) displays as the root of the console tree.
- In the console tree, expand Services and Applications, and click the Services container.
- In the right window pane, search for OpcEnum.
- If OpcEnum is not in the list, this means that it is not installed. In this case, see OpcEnum is not Installed Repair Procedure, above.
- If the Startup Type for OpcEnum is already set to either Manual or Automatic, see Anonymous Logon Access not Given Repair Procedure, below.
- If the Startup Type is set to Disabled, the OpcEnum is indeed disabled and you must enable it.
- To enable OpcEnum, do the following:
a. Right-click OpcEnum and select the Properties option.
b. In the Startup Type drop-down list, select Manual.
Even though it is also possible to select the Automatic setting, it is recommended to select Manual so that OpcEnum will be executed only when required.
Now that the startup type for OpcEnum is properly set, try to browse the remote computer again. If it still does not work, see the next procedure.
Anonymous Logon Access not Given Repair Procedure
By default, OpcEnum requires anonymous logon access on the OPC server computer to work properly. If you do not provide this access, no one will be able to connect to OpcEnum and browse the computer. It may happen that this access was overlooked during the setup. This means that you must add the anonymous logon access control entry (ACE) as follows:
- Click the Windows Start button, and select Run.
- In the Run dialog box, type DCOMCNFG to display the Component Services window and initiate the DCOM configuration process. Then click OK.
- In the Component Services window, under Console Root, expand Component Services, and then expand the Computers folder.
- My Computer is in the Computers folder.
- Right-click My Computer and select Properties.
- In the My Computer Properties dialog box, select the COM Security tab.
- In the Access Permissions section, click Edit Limits.
- Add Anonymous Logon and enable Local and Remote Access.
- Click OK.