OPC DCOM Anxieties

Motorjunkie

Member
M
Join Date
Sep 2022
Location
Alabama
Posts
6
Hey all,

Here at the facility where I work there seems to be a lot of anxiety and confusion about this upcoming microsoft DCOM update and what exactly it will affect and or break. I've tried to wrap my head around all this, but my inexperience with OPC and Windows is catching up to me.

As far as I know, really the only thing OT that should be affected is anything that uses OPC DA across different machines, correct? Like for instance, RSLinx should still be able to communicate to controllers, but not serve as an OPC Server across machines. Since all we use is RSLinx for OPC connection, I presume then that the only solution is to have RSLinx be running as an OPC DA server on the same machine as the DA clients that need it to avoid DCOM altogether?

I suppose my question could be broadly summarized as this: What's everyone's solution to this DCOM business? OPC DA tunnellers? UA to DA converters? No one at my site seems to have a concrete answer.

Thanks
 
My understanding is that DCOM is still used even if it's local, but could be wrong.

The best solution is to migrate everything to OPC UA, which has been out for over a decade. It's better in basically every way, except that because Rockwell didn't push it very hard, no one switched.

A lot of vendors more or less stopped supporting OPC DA years ago.

Realistically, I think what most people are doing is just not install the relevant windows update. This is obviously a terrible solution, but it's minimal work and free, so sounds great to most factories running on duct tape and gumption despite huge profits
 
It seems like the short term solution for us will be to just not install the updates, but I am also not a fan of this solution. It'll only work until one of our servers craps out and we have to buy something new.

I'm with you on migrating to UA, but my problem is that we have a wide range of different plc and dcs systems (Rockwell, Honeywell, Yokogawa, Bailey, etc) and eventually they are all talking OPC DA (PI ICU) to our PI historian.

Just wondering out of ignorance here, but are there some good universal software solutions to start migrating to UA? Something like Cogent Datahub?
 
Here is my understanding. DCOM is not going away. Microsoft already hardened the DCOM component a couple years ago, and at that time released the hardened version DCOM in a routine Windows update. However, that update allowed the installed base DCOM users to bypass or work-around the cyber-hardening by disabling the hardened version with a registry key entry.

The registry key is: RequireIntegrityActivationAuthenticationLevel
path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat

A registry key value of 1 means that “hardening is enabled”. A registry key value of 0 disables the hardened OPC version.

If the current version is running with registry at a value of 1 under the hardened version of the registry, then the forthcoming Windows update will not have an effect.

The upcoming March 2023 Windows update change is that the registry key bypass/work-around will be eliminated or ignored or disabled which will force the use of the hardened DCOM version.
 
mk42 said:
My understanding is that DCOM is still used even if it's local, but could be wrong.

The best solution is to migrate everything to OPC UA, which has been out for over a decade. It's better in basically every way, except that because Rockwell didn't push it very hard, no one switched.

A lot of vendors more or less stopped supporting OPC DA years ago.

Realistically, I think what most people are doing is just not install the relevant windows update. This is obviously a terrible solution, but it's minimal work and free, so sounds great to most factories running on duct tape and gumption despite huge profits
Click to expand...

This is spot on. Local OPC DA is not impacted. If you must do remote OPC DA, you should contact the vendors for the client and server to see if there are patches. These can be patched to support the new hardened communication requirement.

Also, to be clear, this is DCOM hardening, not OPC hardening. OPC DA is impacted because it relies on DCOM. There are other technologies that also use DCOM which will be affected. AVEVA System Platform deployments when using a galaxy is one example.
 
Last edited:

Similar Topics

I
Citect Scada as OPC Client and #DCOM Error
Hi All, I have National Instrument OPC Server and Citect scada as Client. The Problem is, when One Probe fails in the field then Citect Scada...
Replies
3
Views
7,195
widelto
widelto
monkeyhead
Remote OPC (a.k.a. DCOM hell)
I'm setting up a SCADA, and I've got all my local OPC comms working just fine, but there are a couple stand alone systems that I only have access...
2
Replies
19
Views
13,024
mk42
M
C
OPC - DCOM Settings
Hi I an trying to establish an OPC link between 2 PC's with Kepware as the Server and GE Cimplicity HMI as the client. From Cimplicity I can...
Replies
9
Views
4,944
Fred_Loveless
F
R
S7 OPC VB & DCOM
Hi everyone, This is my first time in this forum so please be gentle. Sorry if this is rather long. My company’s plant has about 12 PLCs...
Replies
6
Views
6,735
Ray4242
R
H
OPC server and DCOM
can some one tell me what is an OPC server and how distributed communication play a role in this thanks
Replies
2
Views
2,814
Pierre
Pierre
Back
Top Bottom