Help connecting 3rd party equipment to DeltaV OPC- Already tried OPC remote but didn't work

Hello everyone.

I'm reaching you with hopes you can help me understand and solve this problem. I will try to explain as detailed as possible the issue, so please bear with me the long long text, and please do ask for any missing information you consider important.

Context:

I'm trying to connect a 3rd party PC to a deltav network in order to perform closed loop control of some other equipment irrelevant to this discussion.

The network configuration is as follows:

A DeltaV pro plus workstation (named LAB_PP) is connected to a operator workstation (named LAB_PWS01) using the DeltaV primary and DeltaV secondary ethernet connections

A third PC (named PC3) outside of the DeltaV network is connected to an ABB FTIR sensor (A.K.A. IR sensor) through a 8-port network switch using an ethernet connection named "FTIR". This sensor has an OPC server to which the PC3 connects and exchanges data (IR spectra)

An ethernet cable coming from LAB_PP or LAB_PWS01 (using the Plant LAN ethernet connection) is connected to the 8 port switch where the IR sensor and PC3 are plugged in, and a new ethernet cable is connected between PC3 and the switch (using an ethernet connection named "Ethernet") to establish the link between PC3 and LAB_PP or LAB_PWS01.

All machines are under the same work group "WORKGROUP"

LAB_PWS01 and LAB_PP run on windows 7 x86, PC3 runs on windows 10 x64; All of the actions mentioned were performed under "Administrator" account for all the machines involved, except if stated otherwise.


Previous steps

On PC3

  • Classic OPC core components were installed on PC3 (opcfoundation.org/.../core-components)
  • OPC expert was used to try to connect to LAB_PWS01, unsuccessfully.
  • Followed the steps in the following guides to configure DCOM...
  • ... Still wasn't possible the connection with OPC expert.
  • Manually entered the OPC deltav server information (IP address, ProgID app ID) in OPC expert and found something like an OPC Xi .net server. Unfortunately, I can't remember if data could be accessed
  • Went to www again and found about DeltaV OPC Remote
  • Installed OPC remote from the DeltaV DVD
    • LAB_PWS01 was set as the name of the OPC server
    • OPC remote created for the first time the DeltaVAdmin account on PC3, default password was selected
  • Windows credentials of LAB_PWS01\Administrator user were created in PC3 at some point
  • After trying many things, OPC remote ping and OPC watchit were able to connect to LAB_PWS01
  • Manual configuration of OPC expert was needed to access OPC.DeltaV.1 server. Connection was possible and tags were found, but no data access. The error message suggested a licensing error on the server side.

On LAB_PP

  • Licensing was checked and it was found that PWS01 had no license to connect to OPC, or so I understood. It was then necessary to connect the PC3 with the LAB_PP.
  • The ethernet cable connected to Plant LAN on LAB_PWS01 was unplugged and plugged on Plant LAN port of LAB_PP

On PC3

  • Since OPC remote was configured to connect to LAB_PWS01, it was uninstalled and reinstalled to configure OPC server location to LAB_PP.
  • DCOM config was heavily revisited and changed for DeltaV OPC server and PC-wide; still no connection
  • User account DeltaVAdmin was deleted and OPC remote was reinstalled several times.
  • Windows credentials for LAB_PP\Administrator user were created on PC3 at some point

On LAB_PP

  • DCOM config was also visited several times and at some point I started checking FrsOpcDv, which is the OPC server of deltav according to (this site)

Eventually after messing a lot with the configuration, PC3 was able to connect with LAB_PP via OPC remote ping, OPC watchit and OPC expert, and for a very brief moment I was able to read data from some sensors online, but then all of it stopped working and never was able to reconnect. All I get now is a message telling "Failed to get OPC servers".


Many times, I restarted PC3, the LAB_PP, deleted DeltaVAdmin user account on PC3, reinstalled OPC remote on PC3, and kept messing with DCOM config for hours but never was able to get a connection.


Current status:


ProPlus DCOM configuration

I used OPC rescue to gather information; Attempting to connect to OPC.DeltaV.1 OPC server gave the following error

OPC rescue report:
Connect tab:
OPC Rescue could not establish a proper connection with "DeltaV OPC Server"

OPC server details:
- Name: DeltaV OPC Server
- ProgID: OPC.DeltaV.1
- Clsid (GUID): {C3B72AB1-6B33-11D0-9007-0020AFB6CF9F}

OPC Rescue was unable to connect to DeltaV OPC Server on INQU_LAB_PP (this computer).
The error code was "0x80070005".
Probable cause: INQU_LAB_PP (this computer) did not permit OPC Rescue (executing under the "Administrator" user account) to establish a connection.

Then OPC rescue lists some steps to fix the issue and says it attemprs to fix them by pressing the rescue button under the repair tab, but I don't want to mess with the pro plus DCOM user permissions at this level.


The OPC rescue reports for LAB_PP and PC3 can be found below. I also can provide the OPC expert logs if needed.

I thank you beforehand for taking the time to read this comprehensive post and I truly hope you can help me.

OPC Rescue Snapshot Report


This OPC Snapshot report provides a list of all settings relevant for

operation of OPC products on DESKTOP-H750JUT.



============================================================

1. OPC configuration: 0 critical errors and 6 warnings
     Configuration warnings
          OPC configuration warnings may stop OPC applications from connecting.
          When you activate OPC Rescue, you will receive a detailed report of each
          warning and automatic repair capabilities.
2. Security audit score: 71% with 9 potential security vulnerabilities
     Overview: This OPC Security Audit report provides a list any concerns that
     could compromise the security of industrial information.  This report
     includes the cause of the vulnerability, a description of vulnerability,
     and suggested action.
     Security Comment: Your security score is medium. OPC Rescue detected some
     security measures, but they do not provide adequate protection. 
     Unauthorized personnel can still access (and possibly change) Automation
     data with relative ease. Check for full details in the "Security Audit"
     section.
     Note: The full security audit report contains more information about each
     of the above vulnerabilities.  This information includes the cause,
     description, and suggested action.
     Activate this copy of OPC Rescue to receive the rest of this report.
3. General computer information
     Computer Name: DESKTOP-H750JUT
     Member of: The workgroup called "WORKGROUP"
     Interactive user: C.Velazquez
     Operating System
           Workstation (Edition: Enterprise)
          Version 6.2 Build 9200 .0
          64-bit operating system
          Windows was started on 19 March 2019 at 14:22 (30 minutes ago)
     Miscellaneous settings
          "Simple File Sharing": Off
          "Accounts: Administrator account status": Enabled
          "Accounts: Guest account status": Disabled
          "Interactive logon: Do not display last user name": Disabled
          "Network access: Let Everyone permissions apply to anonymous users":
          Disabled
          "Network access: Sharing and security model for local accounts": Classic
          "DCOM: Machine Access Restrictions in SDDL syntax": Not defined
          "DCOM: Machine Launch Restrictions in SDDL syntax": Not defined
          Data execution prevention (DEP)
               Status: OPC Rescue cannot determine DEP settings for 
               Application Exceptions: None
4. Windows firewall
     OPC Rescue does not support the firewall configuration for  yet
5. Computer-wide DCOM settings
     General tab
          The settings in this tab are not relevant for OPC
     Options tab
          The settings in this tab are not relevant for OPC
     Default Properties tab
          Enable Distributed COM on this computer: Checked
          Enable COM Internet Services on this computer: Unchecked
          Default Authentication Level: Connect
          Default Impersonation Level: Identify
          Provide additional security for reference tracking: Unchecked
     Default Protocols tab
          Connection-Oriented TCP/IP (Specific port ranges are not defined)
     MSDTC tab
          The settings in this tab are not relevant for OPC
     COM Security tab
          Launch and Activation Permissions
               Edit Limits (computer-wide launch and activation permissions)
                    Name: Everyone
                         local launch allowed
                         local activation allowed
                    Name: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES
                         local launch allowed
                         local activation allowed
                    Name: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES (all
                         permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: BUILTIN\Administrators (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: DESKTOP-H750JUT\DeltaVAdmin (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: BUILTIN\Performance Log Users (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: BUILTIN\Distributed COM Users (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
               Edit Default (default launch and activation permissions)
                    Name: Everyone
                         local launch allowed
                    Name: NT AUTHORITY\SYSTEM (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: BUILTIN\Administrators (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: DESKTOP-H750JUT\DeltaVAdmin (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: NT AUTHORITY\INTERACTIVE (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
          Access Permissions
               Edit Limits (computer-wide access permissions)
                    Name: Everyone (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES
                         local access allowed
                    Name: APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES
                         local access allowed
                    Name: DESKTOP-H750JUT\DeltaVAdmin (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: BUILTIN\Performance Log Users (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: BUILTIN\Distributed COM Users (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: ANONYMOUS LOGON
                         local access allowed
               Edit Default (default access permissions)
                    Name: DESKTOP-H750JUT\DeltaVAdmin (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: Everyone
                         local access allowed
                    Name: NT AUTHORITY\SELF (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: NT AUTHORITY\SYSTEM
                         local access allowed
                    Name: BUILTIN\Administrators (all permissions allowed)
                         local access allowed
                         remote access allowed
6. OPC client applications installed on this computer
     OPC Rescue does not have a record of OPC client applications on this
     computer
     Inform OPC Rescue about additional OPC client applications
          Select the Repair tab
          Click the Secure button
          Navigate to the OPC Port Selection dialog
          Click the Add Applications button
7. OPC servers installed on this computer
     OpcEnum (also known as "Opc ServerList Class")
          General Tab
               Application Name: OpcEnum
               Application ID: {13486D44-4821-11D2-A494-3CB306C10000}
               Application Type: Local Server
               Authentication Level: None
               Local Path: "C:\WINDOWS\SysWOW64\opcenum.exe"
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    Name: Everyone (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
               Access Permissions
                    Name: Everyone (all permissions allowed)
                         local access allowed
                         remote access allowed
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The launching user
     OPCSniffer Class
          OPC server overview
               Vendor: Vendor did not provide this information
               ProgID (version dependent): Matrikon.OPC.Sniffer.1
               ProgID (version independent): Matrikon.OPC.Sniffer
               This OPC server claims to support
                    OPC Data Access Servers Version 1.0
                    OPC Data Access Servers Version 2.0
                    OPC Historical Data Access Servers Version 1.0
          General Tab
               Application Name: OPCSniffer Class
               Application ID: {0FAAE42A-35AF-49d4-B7E5-D4D121F208F1}
               Application Type: Local Server
               Authentication Level: Default (which is set to 'Connect')
               Local Path: 
                    Warning! This registry key does not exist.
                    This could cause OPC connectivity problems.
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: A registry entry for this OPC server is
               missing, which may cause connectivity problems.  Possibly, the OPC server
               was uninstalled.  You may have to reinstall this OPC server, or contact the
               vendor of this OPC server vendor to ask for the reason this setting is
               disabled.
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    This application uses the "default launch and activation permissions" as
                    listed above, under: "Default launch and activation permissions"
               Access Permissions
                    This application uses the "default access permissions" as listed above,
                    under: "Default access permissions"
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The launching user
     DeltaV OPC Server
          OPC server overview
               Vendor: Emerson
               ProgID (version dependent): OPC.DeltaV.1
               ProgID (version independent): 
                    See comment below
                    This OPC server does not have a version independent program identifier
                    (this is not an error)
               This OPC server claims to support
                    OPC Data Access Servers Version 1.0
                    OPC Data Access Servers Version 2.0
          General Tab
               Application Name: DeltaV OPC Server
               Application ID: {C3B72AB1-6B33-11D0-9007-0020AFB6CF9F}
               Application Type: Local Server
               Authentication Level: Connect
               Local Path: 
                    Warning! This registry key does not exist.
                    This could cause OPC connectivity problems.
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: A registry entry for this OPC server is
               missing, which may cause connectivity problems.  Possibly, the OPC server
               was uninstalled.  You may have to reinstall this OPC server, or contact the
               vendor of this OPC server vendor to ask for the reason this setting is
               disabled.
               Run application on the following computer: INQU_LAB_PP
          Security Tab
               Launch and Activation Permissions
                    This application uses the "default launch and activation permissions" as
                    listed above, under: "Default launch and activation permissions"
               Access Permissions
                    This application uses the "default access permissions" as listed above,
                    under: "Default access permissions"
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The launching user
     FTSW100 OPC DA Server
          OPC server overview
               Vendor: Vendor did not provide this information
               ProgID (version dependent): ABB.Bomem.Data.OPC.3
               ProgID (version independent): ABB.Bomem.Data.OPC
               This OPC server claims to support
                    OPC Data Access Servers Version 2.0
          General Tab
               Application Name: FTSW100 OPC DA Server
               Application ID: {CA396CF6-7868-490D-BDF6-A9195CE05971}
               Application Type: Local Server
               Authentication Level: Default (which is set to 'Connect')
               Local Path: C:\Bomem\Enablir\dllreg\FtswOPC.exe
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    This application uses the "default launch and activation permissions" as
                    listed above, under: "Default launch and activation permissions"
               Access Permissions
                    This application uses the "default access permissions" as listed above,
                    under: "Default access permissions"
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The launching user
     DeltaV OPCAE Server
          OPC server overview
               Vendor: Vendor did not provide this information
               ProgID (version dependent): DeltaV.OPCEventServer.1
               ProgID (version independent): 
                    See comment below
                    This OPC server does not have a version independent program identifier
                    (this is not an error)
               This OPC server claims to support
                    OPC Alarm & Event Servers Version 1.0
          General Tab
               Application Name: DeltaV OPCAE Server
               Application ID: {DD99BFB8-3571-11D3-848E-00C04F99022F}
               Application Type: Local Server
               Authentication Level: Connect
               Local Path: 
                    Warning! This registry key does not exist.
                    This could cause OPC connectivity problems.
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: A registry entry for this OPC server is
               missing, which may cause connectivity problems.  Possibly, the OPC server
               was uninstalled.  You may have to reinstall this OPC server, or contact the
               vendor of this OPC server vendor to ask for the reason this setting is
               disabled.
               Run application on the following computer: INQU_LAB_PP
          Security Tab
               Launch and Activation Permissions
                    This application uses the "default launch and activation permissions" as
                    listed above, under: "Default launch and activation permissions"
               Access Permissions
                    This application uses the "default access permissions" as listed above,
                    under: "Default access permissions"
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The launching user
8. OPC Rescue information
     User information
          Name: Your name
          Company: Your company name
          Email: Your email address
          Phone: Your phone number
          Snapshot date: 19 March 2019
          Snapshot time: 2:52:39 PM  (SA Western Standard Time)
     Version 3.6.1303.7
     Executable date is 26 November 2013
     This copy of OPC Rescue has not been activated
     Download from www.OpcRescue.com

============================================================

End of OPC Snapshot report
OPC Rescue Snapshot Report


This OPC Snapshot report provides a list of all settings relevant for

operation of OPC products on INQU_LAB_PP.



============================================================

1. OPC configuration: 1 critical error and 4 warnings
     Configuration errors
          OPC configuration errors stop OPC applications from connecting.
          When you activate OPC Rescue, you will receive a detailed report of each
          error and automatic repair capabilities.
     Configuration warnings
          OPC configuration warnings may stop OPC applications from connecting.
          When you activate OPC Rescue, you will receive a detailed report of each
          warning and automatic repair capabilities.
2. Security audit score: 65% with 9 potential security vulnerabilities
     Overview: This OPC Security Audit report provides a list any concerns that
     could compromise the security of industrial information.  This report
     includes the cause of the vulnerability, a description of vulnerability,
     and suggested action.
     Security Comment: Your security score is very low. This could compromise
     Operations because too many people can access (and possibly change)
     Automation data. Take corrective action immediately. Check for full details
     in the "Security Audit" section.
     Note: The full security audit report contains more information about each
     of the above vulnerabilities.  This information includes the cause,
     description, and suggested action.
     Activate this copy of OPC Rescue to receive the rest of this report.
3. General computer information
     Computer Name: INQU_LAB_PP
     Member of: The workgroup called "WORKGROUP"
     Interactive user: Administrator
     Operating System
          Windows 7 Workstation (Edition: Professional)
          Version 6.1 Build 7601 Service Pack 1.0
          32-bit operating system
          Windows was started on 19 March 2019 at 10:03 (4 hours and 13 minutes ago)
     Miscellaneous settings
          "Simple File Sharing": Off
          "Accounts: Administrator account status": Enabled
          "Accounts: Guest account status": Disabled
          "Interactive logon: Do not display last user name": Disabled
          "Network access: Let Everyone permissions apply to anonymous users":
          Disabled
          "Network access: Sharing and security model for local accounts": Classic
          "DCOM: Machine Access Restrictions in SDDL syntax": Not defined
          "DCOM: Machine Launch Restrictions in SDDL syntax": Not defined
          Data execution prevention (DEP)
               Status: DEP is on for essential Windows programs and services only
               Application Exceptions: None
4. Windows firewall
     Profile: Public is active
     Firewall Status: Disabled
5. Computer-wide DCOM settings
     General tab
          The settings in this tab are not relevant for OPC
     Options tab
          The settings in this tab are not relevant for OPC
     Default Properties tab
          Enable Distributed COM on this computer: Checked
          Enable COM Internet Services on this computer: Unchecked
          Default Authentication Level: Connect
          Default Impersonation Level: Identify
          Provide additional security for reference tracking: Unchecked
     Default Protocols tab
          Connection-Oriented TCP/IP (Specific port ranges are not defined)
     MSDTC tab
          The settings in this tab are not relevant for OPC
     COM Security tab
          Launch and Activation Permissions
               Edit Limits (computer-wide launch and activation permissions)
                    Name: Everyone (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\DeltaV (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\DVPEHAdmin (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\DVPEHUser (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\AMSDeviceManager (corruption warning!)
                         This access control entry is corrupt. OPC Rescue will automatically repair
                         this error when you click the Rescue button in the Repair tab.
                    Name: BUILTIN\Administrators (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: BUILTIN\Performance Log Users (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: BUILTIN\Distributed COM Users (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
               Edit Default (default launch and activation permissions)
                    Name: NT AUTHORITY\SYSTEM (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: BUILTIN\Administrators (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: Everyone (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
                    Name: NT AUTHORITY\INTERACTIVE (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
          Access Permissions
               Edit Limits (computer-wide access permissions)
                    Name: Everyone (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: INQU_LAB_PP\DeltaV (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: INQU_LAB_PP\DVPEHAdmin (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: INQU_LAB_PP\DVPEHUser (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: INQU_LAB_PP\AMSDeviceManager (corruption warning!)
                         This access control entry is corrupt. OPC Rescue will automatically repair
                         this error when you click the Rescue button in the Repair tab.
                    Name: BUILTIN\Performance Log Users (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: BUILTIN\Distributed COM Users (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: ANONYMOUS LOGON (all permissions allowed)
                         local access allowed
                         remote access allowed
               Edit Default (default access permissions)
                    Name: Everyone (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: NT AUTHORITY\SELF (all permissions allowed)
                         local access allowed
                         remote access allowed
                    Name: NT AUTHORITY\SYSTEM
                         local access allowed
                    Name: BUILTIN\Administrators (all permissions allowed)
                         local access allowed
                         remote access allowed
6. OPC client applications installed on this computer
     OPC Rescue does not have a record of OPC client applications on this
     computer
     Inform OPC Rescue about additional OPC client applications
          Select the Repair tab
          Click the Secure button
          Navigate to the OPC Port Selection dialog
          Click the Add Applications button
7. OPC servers installed on this computer
     OpcEnum (also known as "Opc ServerList Class")
          General Tab
               Application Name: OpcEnum
               Application ID: {13486D44-4821-11D2-A494-3CB306C10000}
               Application Type: Local Service
               Authentication Level: None
               Service Name: OpcEnum (which is set to Automatic)
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    Name: Everyone (all permissions allowed)
                         local launch allowed
                         remote launch allowed
                         local activation allowed
                         remote activation allowed
               Access Permissions
                    Name: Everyone (all permissions allowed)
                         local access allowed
                         remote access allowed
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The system account (services only)
     OPC Data Access 2.0 Server for iFix
          OPC server overview
               Vendor: Intellution Inc.
               ProgID (version dependent): Intellution.OPCiFIX.1
               ProgID (version independent): Intellution.OPCiFIX
               This OPC server claims to support
                    OPC Data Access Servers Version 2.0
          General Tab
               Application Name: OPC20iFIX
               Application ID: {3C570292-EB8E-11D4-83A4-00105A984CBD}
               Application Type: Local Server
               Authentication Level: Default (which is set to 'Connect')
               Local Path: "C:\DELTAV\IFIX\OPC20iFIX.exe"
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    This application uses the "default launch and activation permissions" as
                    listed above, under: "Default launch and activation permissions"
               Access Permissions
                    This application uses the "default access permissions" as listed above,
                    under: "Default access permissions"
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The launching user
     AMS OPC Server
          OPC server overview
               Vendor: Vendor did not provide this information
               ProgID (version dependent): AMS.OPCServer.1
               ProgID (version independent): AMS.OPCServer
               This OPC server claims to support
                    OPC Data Access Servers Version 1.0
                    OPC Data Access Servers Version 2.0
          General Tab
               Application Name: AMS OPC Server
               Application ID: {4C853380-83C4-11d2-9C40-006097BD9545}
               Application Type: Local Server
               Authentication Level: Default (which is set to 'Connect')
               Local Path: "C:\AMS\bin\Amsopc.exe"
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    Name: Everyone
               Access Permissions
                    Name: Everyone
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: This user (see below)
                    The user account is "AmsServiceUser"
     DeltaV OPC HDA Server
          OPC server overview
               Vendor: Vendor did not provide this information
               ProgID (version dependent): DeltaV.OPCHDAsvr.1
               ProgID (version independent): DeltaV.OPCHDAsvr
               This OPC server claims to support
                    OPC Historical Data Access Servers Version 1.0
          General Tab
               Application Name: DeltaV OPC HDA Server
               Application ID: {8351A72D-A1D8-4C9D-B390-97DB17FCD6E6}
               Application Type: Local Server
               Authentication Level: Default (which is set to 'Connect')
               Local Path: "C:\DeltaV\bin\DOPCHDA1.exe"
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    This application uses the "default launch and activation permissions" as
                    listed above, under: "Default launch and activation permissions"
               Access Permissions
                    This application uses the "default access permissions" as listed above,
                    under: "Default access permissions"
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: The interactive user
     DeltaV OPC Server
          OPC server overview
               Vendor: Fisher-Rosemount Systems Inc.
               ProgID (version dependent): OPC.DeltaV.1
               ProgID (version independent): 
                    See comment below
                    This OPC server does not have a version independent program identifier
                    (this is not an error)
               This OPC server claims to support
                    OPC Data Access Servers Version 1.0
                    OPC Data Access Servers Version 2.0
          General Tab
               Application Name: FrsOpcDv
               Application ID: {C3B72AB1-6B33-11d0-9007-0020AFB6CF9F}
               Application Type: Local Server
               Authentication Level: Default (which is set to 'Connect')
               Local Path: "C:\DeltaV\bin\FrsOpcDv.exe"
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    Name: NT AUTHORITY\SYSTEM
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\DeltaV
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\DeltaV Admins
                         local activation allowed
                         remote activation allowed
               Access Permissions
                    Name: NT AUTHORITY\SYSTEM
                    Name: INQU_LAB_PP\DeltaV
                    Name: INQU_LAB_PP\DeltaV Admins
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: This user (see below)
                    The user account is "DeltaVAdmin"
     DeltaV OPC Alarms and Events Server
          OPC server overview
               Vendor: Vendor did not provide this information
               ProgID (version dependent): DeltaV.OPCEventServer.1
               ProgID (version independent): DeltaV.OPCEventServer
               This OPC server claims to support
                    OPC Alarm & Event Servers Version 1.0
          General Tab
               Application Name: DvOPCAE
               Application ID: {DD99BFB8-3571-11D3-848E-00C04F99022F}
               Application Type: Local Server
               Authentication Level: Default (which is set to 'Connect')
               Local Path: "C:\DeltaV\bin\DvOPCAE.exe"
          Locations Tab
               Run application where data is located: Unchecked
               Run application on this computer: Checked
               Run application on the following computer: Unchecked
          Security Tab
               Launch and Activation Permissions
                    Name: NT AUTHORITY\SYSTEM
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\DeltaV
                         local activation allowed
                         remote activation allowed
                    Name: INQU_LAB_PP\DeltaV Admins
                         local activation allowed
                         remote activation allowed
               Access Permissions
                    Name: NT AUTHORITY\SYSTEM
                    Name: INQU_LAB_PP\DeltaV
                    Name: INQU_LAB_PP\DeltaV Admins
          Endpoints tab
               This application uses the default system protocols. See above in "DCOM
               Default Protocols"
          Identity Tab
               Identity is set to: This user (see below)
                    The user account is "DeltaVAdmin"
8. OPC Rescue information
     User information
          Name: Your name
          Company: Your company name
          Email: Your email address
          Phone: Your phone number
          Snapshot date: 19 March 2019
          Snapshot time: 2:16:32 PM  (SA Western Standard Time)
     Version 3.6.1303.7
     Executable date is 26 November 2013
     This copy of OPC Rescue has not been activated
     Download from www.OpcRescue.com

============================================================

End of OPC Snapshot report

  • I didn't actually read the entire text but in the case that you have an external OPC server trying to talk to the DeltaV OPC server you have to use some other software to do the mapping. I have two such instances of this and ended up using Matrikon DM to do so, although DeltaV may have an offering on that end as well.
  • I didn't actually read the entire text but in the case that you have an external OPC server trying to talk to the DeltaV OPC server you have to use some other software to do the mapping. I have two such instances of this and ended up using Matrikon DM to do so, although DeltaV may have an offering on that end as well.
  • In reply to harnettw:

    Hello harnettw, thanks for your reply.
    Would you be so kind to explain further what you mean?
    In any case, my issue is precisely to establish the connection to deltav in the first place. Once I can ping and "see" the deltaV OPC server I can continue with what you mentioned.
    Yesterday I was saturated with all the things i had read, tomorrow I'll work on it and try again to see what happens.
  • We have used Cogent DataHub OPCBridge. cogentdatahub.com/.../
     
    Worked better than Matrikon DM.
     

    Bob Lenich

  • In reply to Bob Lenich:

    Hi Bob,

    Why wasn't OPC Mirror used instead of Matrikon DM or Cogent DataHub?

    Do you remember why DataHub was selected over DataManger in that particular instance?

    Hi harnettw,

    Have you reached out to the vendors of the OPC servers and clients you are using? I find that when working through OPC DA issues, it is best to get the software suppliers involved as they with have access to deeper diagnostic utilities and should be able to pinpoint the issues.

    Also, why do you have two network cables between PC3 and the 8 port switch?

    You might try changing the Default Authentication and Impersonation levels to None.
  • In reply to Brian Hrankowsky:

    Hello Brian
    I think you might have referred to me instead of harnettw when asking about the two network cables. The reason for that is the connection from PC3 to the sensor.: I use a network adapter in PC3 to connect to the FTIR sensor and the other adapter to (try to) communicate with deltav.
    The overall goal is to close the moisture control loop using the FTIR and deltav, and for that is needed the PC3 in order to predict the %H2O with simca online.
    I hope this answers your question

    Edit:

    I forgot to comment about the authenitcation levels: According to deltav help, i understand the configuration should be left at "defalult" or "connect" in the DCOM config. Right now I can't remember exactly where i read that but i'm certain it was the recommended set up. Nevertheless, I'll try to change it to ses what happens.

    Also, the 8 port switch is simply for convenience and cable management reasons.

  • In reply to Julian Navas:

    Hi Julian,

    My confusion around the connection is that it sounds like you are saying you have two Ethernet cables from PC3 to the switch. this does not seem like it should be needed unless you are trying to do some kind of segregation using VLANs in the switch or the two connections are different VLANs. I am wondering if the computers (PC3 in particular) are "confused" as to what IP address to put into the DCOM packets and you are getting some kind of weird effect where the forward connection occurs, but the asynchrounous call back connection is trying to come back on a different NIC.
  • Julian, great work so far. You show great persistence.
    Let me state my understating. The FTIR device has an on-board Opc server. (Is it a opc-ua server? Modern devices with on board Opc servers are usually UA because there is no dependency on windows). If the device has an on board server, then the lab workstation is not part of the equation, unless your Opc bridging client resides there. Is Opc expert your bridging client? I assume you want to send data from the analyzer to deltav, and you use it to read from the FTIR opc ua server and write to the Deltav opc dcom da server.
    Your stated problem is connectivity of opc expert on a non deltav machine to a deltav opc server.
    Deltav opc remote was installed on non deltav machine as required. You have matching account on non deltav machine that runs opc expert as a service (?) who is also a deltav application user and has the control keys in the areas which you need to read and write to (assuming the Deltav parameters are locked by the control keys). The error from opc expert 0x80070005 indicates permissions issue, as returned by the server. Can you log into deltav as the opc expert service user and write the target values using opcwatchit?
  • In reply to Youssef.El-Bahtimy:

    Julian, I'm thinking about having momentary connection, which you stated. It's as if you had connection and then it was blocked by some security or network software. Switches often use Spanning Tree Protocol to prevent duplicate IP addresses. Windows 10 may also utilizes some security process that potentially catches communication it deems inappropriate. I like Brian Hrankowsky am targeting the use of two network cables going to the same switch.
    Have you tried using two different switches or separating the two ports with a VLAN? I agree this shouldn't be necessary, but given you had a connection and lost it, something is up.

    Another idea, I encountered is connecting a non-DeltaV machine to a DeltaV machine. Let me explain what I mean by an instance. I installed AMS Client on a non-DeltaV machine. I connected it to the AMS Server Plus (the ProPlus on the DeltaV domain) through the Plant LAN. I could not see DeltaV IO data (HART IO) from the AMS CLient machine. I found out that the non-DeltaV machine needed to be on a domain and a domain trust set up between the two before communications could work. I elected to make the non-DeltaV machine a maintenance station and join it to the DeltaV domain, issue solved. So here is how I see it apply here. Your non-DeltaV machine Win 10 is talking to a DeltaV machine Win 7, already concerning, so DeltaV may not like the relationship, i.e. not "trusted". An OPC Tunneller may overcome this issue. But I would see if installing the PC3 software on your LAB_PWS01 workstation and having it connect to the ABB FTIR sensor "magically" fixes the problem.

    Sal Salamone

  • In reply to Youssef.El-Bahtimy:

    Julian,

    Back to basics. prior to v14 of DeltaV, the OPC server is a classic OPC DA server. Emerson enhanced this with the OPC.XI, and later OPC.Net wrappers to make OPC DA more firewall friendly. you are not using a firewall between these various computers so a straight OPC DA client will work.

    Check your are licensed on PP for OPC DA server using OPCWatchit.
    Setup user with proper security in DeltaV and confirm read write working on module parameter.
    Use simple OPC test client on PC3 to confirm connectivity to DeltaV OPC DA server.
    Confirm any OPC error codes via Online search.

    More info for those with insomnia.....

    You are in a workgroup, which means usernames and passwords must be the same on different machines. When you load OPC Remote on the computer and provide it with the DeltaVAdmin account, the password must match the password for this account on the DeltaV workstation you are connecting to ( all DeltaV workstations on the same system need to have the same password for this account.)

    You also have use an account that has DeltaV user privilege to write data into DeltaV. If you get the Windows authentication right (same passwords on both machines), you also need the deltaV privilege to allow access to the data. You should not use the Administrator account, though for initial setup and troubleshooting, that is OK. You will want to create a DeltaV User with the right level of DeltaV Privilege and minimal Windows Access. Otherwise, you are exposing the DeltaV system to administrative access to this third party PC.

    As Youssef mentions, you need an OPC Client to read and write data to an OPC Server. You are using the PC3 to bridge the IR sensor OPC DA server to DeltaV OPC DA Server. You need the DeltaV OPC Server to be licensed before it can allow access. Do you have an OPC license for the Pro Plus? (I used to think the Pro Plus had a 250 tag OPC Sever license, but recently found this is not true. You need OPC server or EXCEL Add in licenses to unlick the OPC server on workstation other than the Application stations.)

    Using a simple OPC client, you should confirm that OPC Server can be accessed and data read/written. On the Pro Plus, logon as the DeltaV account to be used for OPC data transfer, and open OPCWatchit. It will automatically find the OPC.DeltaV.1 Server. Browse a path and confirm you can successfully read a value. This confirms your server is working and is licensed.

    On PC3, ensure you have the same user/password account defined. use a simple OPC client to find and connect to the DeltaV server. One of the companies I use now is Integration Objects. they have a free OPC DA test client. Or use one you are familiar with. in your case, you can use OPC Remote or directly connect to the DeltaV machine, but in either case, you need a valid user/password and if writing data to DeltaV, the destination module's plant area must be assigned to the DeltaV user, which we verified with OPCWatchit.

    Once you have connectivity with a simple OPC Client between PC3 and DeltaV PP, you can focus on the data broker client, knowing the OPC infrastructure is working. OPC error codes can be found online. Search "OPC Error Codes".

    Andre Dicaire