Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

× If you are developing in .NET, but are using the OPC-UA (OPC Unified Architecture), please post in the QuickOPC-UA category instead.

Connection to same machine with 5.62 possible but with 5.71 I get "Acces Denied"

More
29 Nov 2023 19:32 #12420 by support
Thank you/

FYI, the underlying function returning RPC_E_TOO_LATE is : learn.microsoft.com/en-us/windows/win32/api/combaseapi/nf-combaseapi-coinitializesecurity .

This article actually hints at 4th possibility: If the COM security is not initialized (in the host) by calling this function explicitly, but rather implicitly (e.g. by the fact that *any* COM call is made before we get chance to call the function), it might be possible to choose the right values in the registry (AppID key).

Regards

Please Log in or Create an account to join the conversation.

More
29 Nov 2023 09:53 #12419 by mut9bu
Thank you so much for your great support and also patience!!! Perhaps we couldn't fix the problem %100 but now I have a full understanding why we have the problem,
and also the all possible alternatives how we can get arround it. Yes I will evaluate your 3 suggestions and try to find the best solution.

With this topic I have learnt a lot of details reg. OPC DA & DCOM settings and the security mechanism (I hope this will be also for the other followers a good reference).
Additionally: You have really a great documentation that discribes everything in detail. I have made once more the experience that the after-sale support is as important as the product itself.

Thank you so much again :-)
The following user(s) said Thank You: support

Please Log in or Create an account to join the conversation.

More
28 Nov 2023 15:59 #12416 by support
Hello,
thanks for all the additional information.

My understanding is that at least in one of your tests, you have following situation:
- The console app works, and does not generate the error in the event log, and
- With the same settings (bitness, user account), and same initialization code, the Web app does *not* work, and it generates the error in the event log you listed.

This is "good news" in the sense that it tell us quite well what is happening. But it is bad news, because there is practically no resolution.

What is happening: The Web hosting infrastructure initializes the COM security settings to something that we do not like. You then set the desired properties in our objects, and we attempt to initialize the COM security, but it cannot be done more than once in a process lifetime.

What can be done: Very little, as far as I can tell. Ideas that come to mind:
- Find some way to configure the IIS to *not* initialize COM security, or to initialize it the way we want it. I have no idea how to do it, and it is quite likely that it is not possible.
- Use a different Web server that would allow to do that.
- Move all COM (OPC Classic) access to a separate process, and communicate with it from your Web app. Of course this is lots of extra programming.

Best regards

Please Log in or Create an account to join the conversation.

More
28 Nov 2023 10:41 #12413 by mut9bu
Hello, i think I have good news :-)

I get still the same Errors when running the code in the real web application, but I have at least new inputs for evaluating the "Acces denied" issue.

First of all the 3 points you mentioned in your last answer:

1) different User account test consol app VS real web app:
a) The test console app is of course executed with my personel username that has admin rights
b) The web app (manges full with IIS) has in default the appl. pool account. I have changed this in IIS appl.pool advanced settings to LocalService, LocalSystem, NetworkService, and even to custom, my own username with which the test console app was running fine.
--> in each cases I got the same Errors when trying to browse servers and nodes
2) over the appl. pool I have also set for testing allow 32 bit exec. to true (default =false) --> again same errors.
3) For this topic I have nothing to add.
But now the good news*******************************************************************************

When I look to the eventlog I see that always the same Error is logged (independent how the user account for the web app is set)

OPCLabs-ComInterOp:

COM security initialization (process "w3wp" Id 14364, application domain "WebApplication7" Id 1) for requestor 'ComSecurityInitializingEasyDAClient' failed; the initialization object was: TurnOffCallSecurity=True.
CoInitializeSecurity failure (0x80010119): Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.
+ This error (RPC_E_TOO_LATE) is not uncommon in hosted .NET applications. Depending on various factors, it might be possible to prevent it, or safely ignore it (if COM works as intended). Consult the product documentation.
+ Current thread name: ".NET ThreadPool Worker", from thread pool: yes, managed thread Id: 8, apartment state: MTA.

Reminding: I am using following parameters an these really at the top of my code:
ComManagement.Instance.Configuration.InstantiationParameters.OverrideDefaultSecurity = false;
ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity = true;
ComManagement.Instance.Configuration.SecurityParameters.TurnOffCallSecurity = true;

I hope that this can help us forward... :-)

Please Log in or Create an account to join the conversation.

More
22 Nov 2023 14:40 #12411 by support
Hello.
I think this is a progress, at least somewhat. It tells us that it is possible to make it work under .NET 6+ with QuickOPC 5.71 (even though you have it in the console app only, now).

If other things are the same, I can see three possible reasons for the different behavior of the code under the Web app:

1) The different user account - as you suggested, OR
2) Process bitness (32/64), OR
3) Still different COM security settings: This can happen if the hosting process sets the COM security "for you".

Regarding 1):
The account under which the Web runs depends greatly on the hosting environment, and I am not an expert in it. However, it is something that you should be able to find out from the documentation/ Googling etc. You need to know whether the app is "self-hosted", hosted under "full" IIS, or IIS Express, or some other Web server. From my times when I was involved with IIS, I remember that each application was assigned to an AppPool, and each AppPool was essentially a separate process, and you could set the identity (user) of each AppPool.

Regarding 2)
This is similar to 1): For example, in IIS, it is possible to view/set whether the AppPool is 32 or 64 bits.

Regarding 3):
Please gather the Windows Event log events (at the time of starting) from your current console app, and from your current Web app, and post them here, that would hopefully allow me to determine what is happening with COM security settings in these two cases.

Best regards

Please Log in or Create an account to join the conversation.

More
22 Nov 2023 13:44 #12410 by mut9bu
Hello again
I have just tested the same code this time with a minized C# console app on .NET6. (Not web app)
Again after some trials I could browse servers , browse nodes and read OPC values with just following parameters:

ComManagement.Instance.Configuration.InstantiationParameters.OverrideDefaultSecurity = false;
ComManagement.Instance.Configuration.SecurityParameters.UseCustomSecurity = true;
ComManagement.Instance.Configuration.SecurityParameters.TurnOffCallSecurity = true;

On the real web app I get with this parameters again the same errors when browsing nodes (see below)

I agree that the problem could be the different user account on the web app.
Is the user account on the minimized .NET6 consol app "SYSTEM" ?
Is there a way to connect in the web app with the same user account on the console app?


Error for Browsing Nodes*********
Browse_node_Error The COM server does not support the interface 'OpcRcw.Da.IOPCServer'.

This problem could be caused by:
- incorrectly installed proxy/stubs.
- problems with the DCOM security settings.
- a personal firewall (sometimes activated by default).

+ The client method called (or event/callback invoked) was 'BrowseNodes'. 11/22/2023 4:36:37 PM

Please Log in or Create an account to join the conversation.

More
20 Nov 2023 15:41 #12383 by support
Hello,
no need to apologize!

I do not know yet what is the cause for "The COM server does not support the interface 'OpcRcw.Da.IOPCServer'". But I want to get there. And the first thing I would recommend is to try it out in your test application, BUT under .NET 6+. Can you do that? By this test, I want to know whether the fact the you have an application running under Web server makes a difference from the console app, if everything else appears to be the same. The reason for this is that running under the Web server frequently differs in several aspects (such as the user account under which it is running, which in turn may affect COM security).

Best regards

Please Log in or Create an account to join the conversation.

More
20 Nov 2023 15:37 #12382 by mut9bu
First of all thank you for your patient. I don't want to take your time, sorry in advance.
The first point I have understood .NET Framework and .NET use different implementations and cannot be compared in this manner.

But in my real application in .NET7: How can I overcome then the Error
"The COM server does not support the interface 'OpcRcw.Da.IOPCServer'"
in this case? Why do I get this Error? This is the point i didn't understood.

Please Log in or Create an account to join the conversation.

More
20 Nov 2023 14:16 - 20 Nov 2023 14:16 #12381 by support
Hello
thank you.

If you want to get any close with your "test" application to your real one, you either need to build the test app for .NET 6+ (recommended), OR you need to set InstanceParameters.EnableNativeClient to false, on your EasyDAClient object.

Currently your test app is internally using a low-level OPC implementation that is completely different from the real one. See opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ultiple%20Implementations.html .


Best regards
Last edit: 20 Nov 2023 14:16 by support.

Please Log in or Create an account to join the conversation.

More
20 Nov 2023 14:00 #12380 by mut9bu
Hello

For(1)*************************
In the minimized test console app (1) we have .NET Framework 4.7.2. Here we have set Target platform in Visual Studip as "Any CPU" .As our server where the runtime is working is 64bit we can say that is working as 64-bit. (In the consul app there is also a checkbox like "Prefer 32-bit". We have tested with checked and unchecked. In both cases browsing branches and reading items worked fine.


For(2)*************************
In the real app we have .NET7. Here also we have set Target platform in Visual Studip 2022 as "Any CPU" .As our server (the same server like (1) where the runtime is working is 64bit we can say that is working also as 64-bit. But for Blazor server side there is no option box for "prefer 32-bit".

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.068 seconds