OPC DA Data Source

[EulertronikTw]

Hi. I was trying to create data points with OPC DA in scadabr and after talking with Fabio Durao, he suggested installing scada-lts. I did it, but the problem I got was the same as scadabr. So I will describe the issue hoping you could help me to solve it.

First of all, I tested the OPC DA Server with Matrikon Explorer and I could read/write tags without problems. The client and the server are on the same computer.

So I created a new Data Source with OPC DA. First thing I noticed is that OPC DA Properties ask for “Domain”, “User” and “Password” when Matrikon doesn't need that information.

I leave the domain in blank because the computer is in a workgroup. When I save it I obtained in the item server “Access is denied, please check whether the [domain-username-password] are correct … [0x00000005]”

Of course I disable the firewall and change COM security settings that everybody recommends to do.

With Matrikon Explorer I can access to all tags list and read them without problems:

I wish you could help me. I can do the test you need to find the solution. Thank in advance,

Juan

[Limraj]

Hi @EulertronikTw,

1. I take it you can't leave these fields blank?
2. Isn't there some global setting in 'Matrikon Explorer'? What do you need to enter there to connect to the server?
3. Could you configure the server to require this data? Perhaps the solution to your problem would be not to require and not to set these data when trying to connect to the server.

Regards, Kamil Jarmusik

[odenisnobre]

Try this setting to see if it has any effect:

[EulertronikTw]

HI Kmail

1. Exact. I can't leave User and Password fields in blank.
2. There isn't global setting in Matrikon Explorer. Matrikon explorer detects OPC DA server and just with double click I can connect to it
3. No I can't configure OPC DA Server, and I can't leave them in blank

Thanks in advance

Juan

[odenisnobre]

Other settings that can be checked:

[odenisnobre]

From what I understand from the image, your OPC server is Citect and not Matrikon. In this case Matrikon OPC Explorer is being a client.

[odenisnobre]

Another thing, is Scada-LTS running on the same machine where you are using Matrikon OPC Explorer?

[EulertronikTw]

• I'm trying to read values from Vijeo Citect OPC DA Server. I test the connection with Matrikon and it works. I can't do the same with scada-lts as client.
• Matrikon Explorer, Scada-Lts and Viejo Citect are in the same computer

Thanks

[EulertronikTw]

Other settings that can be checked:

Thanks, no diference

[EulertronikTw]

Try this setting to see if it has any effect:

thanks, but make no difference

[odenisnobre]

• I'm trying to read values from Vijeo Citect OPC DA Server. I test the connection with Matrikon and it works. I can't do the same with scada-lts as client.
• Matrikon Explorer, Scada-Lts and Viejo Citect are in the same computer

Thanks

Is the OPC Server service running with any user? Does the user trying to connect have access to communicate with the server?

[Limraj]

@odenisnobre, Thanks for these tips. Based on this, we can conclude that this should work. :) @EulertronikTw, I will prepare a version of the application in which you will not be required to provide these data, and they will not be set when you try to connect.

[EulertronikTw]

@odenisnobre, Thanks for these tips. :) @EulertronikTw, I will prepare a version of the application in which you will not be required to provide these data, and they will not be set when you try to connect.

Excellent. I will be waiting for your news. I thank you and everyone who quickly responded to my concern.

[Limraj]

Hi @EulertronikTw, I prepared versions without username/passowrd validation, additionally I corrected error messages. If you are using docekra this image pr-2501: https://github.com/SCADA-LTS/Scada-LTS/pull/2501 docker-compose-tutorial

If you don't use docker-compose, it will provide you with a fix later.

Regards, Kamil Jarmusik

[EulertronikTw]

Hi @EulertronikTw, I prepared versions without username/passowrd validation, additionally I corrected error messages. If you are using docekra this image pr-2501: #2501 docker-compose-tutorial

If you don't use docker-compose, it will provide you with a fix later.

Regards, Kamil Jarmusik

Hi Kamil, I don't use docker, but I will try it. Thanks!

Juan

[Limraj]

@EulertronikTw from you can dowload zip with war. You need to unpack the zip and move the wara to webapps. However, I have doubts whether our library allows connection without username/password authorization.

If I don't set the username and password, before the initialization of the connection, I get an error that these fields should be set. There is still a chance that if you set these fields empty, then if the server does not require authorization, it will work. You can test this.

[Limraj]

@EulertronikTw Have you been able to test it?

[EulertronikTw]

@EulertronikTw Have you been able to test it?

Hi Kamil. Sorry for de delay. I tested it this weekend but without good results. Beside this, another person do some test for me and found that the problem is with Windows 10. He installed all (opc server Citect and scada-lts) in windows 7 and all work as expected. Now I'm installing docker to continue doing some test. I will write to you again. Thanks!

[Limraj]

Hi @EulertronikTw, On windows 7, the older version also works, in the sense that you set the username/password, although the server does not require it?

[EulertronikTw]

Hi @EulertronikTw, On windows 7, the older version also works, in the sense that you set the username/password, although the server does not require it?

Exactly. Now I need to know if the problem on Windows 10 is on the server or the client scada lts side.

[Limraj]

@EulertronikTw Where did you download the server from? Maybe there will be something on the owner website, do they have support for windows 10, or people have reported something. You might also try on a different server.

[EulertronikTw]

@EulertronikTw Where did you download the server from? Maybe there will be something on the owner website, do they have support for windows 10, or people have reported something. You might also try on a different server.

Yes, I Will try with an opc server simulator. Thanks

[Limraj]

@EulertronikTw Sorry, I was tired yesterday,

1. I understand that you have jave, tomcat, and opc da server in one version on windows 7 and windows 10, except that windows 10 does not work, but on windows 7 it works even on the old version of Scada-LTS ? (You can connect to server OPC DA from Scada-LTS)
2. Are you having issues with the Data Source list on your old code? https://github.com/SCADA-LTS/Scada-LTS/issues/2499
3. In addition on windows 7 and 10, do you have another external client that can connect to this server on both systems?

Tips:

1. Check what protocol version is used in servers on windows 7 and 10, and compare it with the protocol versions supported by clients that can connect to these servers;
2. Update jave 11 to the latest possible version;
3. Update tomcat 9 to the latest possible version;
4. Update OPC server to the latest possible version;
5. If that doesn't help, it could be that the libraries in Scada-LTS are using native code which doesn't work in Windows 10. We can try porting the custom library code to Scada-LTS, it's just a few classes and update the deprecated libraries from org.openscada (We are using version 0.5.0 and the last stable one is 1.5.0). We also plan to implement plc4x and OPC UA, but that's in the future;

Regards, Kamil Jarmusik

[Limraj]

Hi @EulertronikTw Okay, if there is a possibility to configure without authorization data, then these fields should not be required. The messages have also been improved, so either way, we will carry these fixes to the next version.

The question is how are your tests progressing, are we doing something more with it?

[EulertronikTw]

Hi Kamil! I did some test this weekend. I installed scadlts on Win7 Virtual machine with the same results as Win10 (no communication between SCADA-LTS and Citect as OPC DA Server)

I also searched information about OPC DA version of Vijeo Citect. From the help, versions supported are v1.0a and v2.0:

When I test communication using Matrikon Explorer, it call CtOPC32.dll:

Seeing details of CtOPC32.dll, it supported OPC DA 2.0:

I also installed OPC Server Simulator from Matrikon and I could comunicate with SCADA-LTS without any problems:

Communication between Matrikon Explorer an Vijeo Citect 7.20 as OPC Server works perfectly but I don't know why.

Probably the problem is in the versions of OPC DA as you said. Which version of OPC DA use SCADA-LTS?

Thanks in advance,

Juan

[Limraj]

1. And could you try to force an older version of the protocol on your server, ie v1.0a? If it could be done and it works, that would be proof that protocol versions are involved.
2. Why are you entering your credentials?

edit:

3. You can also try to force a newer version of the protocol on the simulator;

[EulertronikTw]

Hi again.

1. And could you try to force an older version of the protocol on your server, ie v1.0a? If it could be done and it works, that would be proof that protocol versions are involved. No, I can't
2. Why are you entering your credentials? Because I need to enter them even to communicate with matrikon server simulator. Matrikon OPC Client don't ask for that information but may be take it from somewhere else edit: 3. You can also try to force a newer version of the protocol on the simulator; No, I can't do that either

[Limraj]

Because I need to enter them even to communicate with matrikon server simulator. Matrikon OPC Client don't ask for that information but may be take it from somewhere else" You wrote at the beginning that you have a server that does not require authorization? Maybe I misunderstood something.

Edit: So, after all, these authorization data were get? Does this mean we are restoring validation for these fields?

[EulertronikTw]

Because I need to enter them even to communicate with matrikon server simulator. Matrikon OPC Client don't ask for that information but may be take it from somewhere else" You wrote at the beginning that you have a server that does not require authorization? Maybe I misunderstood something.

Edit: So, after all, these authorization data were get? Does this mean we are restoring validation for these fields?

Yes Kamil You are right. I thought that they were not necessary because the matrikon opc client did not ask for it and that is why I suggested that test.

[Limraj]

Unfortunately, the openscada.org site is no longer there, but I found something like this in archive.org, it seems that after v1.0 of the openscada library, it supports OPC DA 2.0. Tomorrow will prepare little program java with the current version of this library, whose sole purpose is to connect to server and report success or failure, to see if this update makes sense.

openscada.org from archive.org

Thanks for your activity, what you reported is important.

[EulertronikTw]

Unfortunately, the openscada.org site is no longer there, but I found something like this in archive.org, it seems that after v1.0 of the openscada library, it supports OPC DA 2.0. Tomorrow will prepare little program java with the current version of this library, whose sole purpose is to connect to server and report success or failure, to see if this update makes sense.

openscada.org from archive.org

Thanks for your activity, what you reported is important.

I thank you. I really hope to be able to use SCADA-LTS in my projects, and of course I am available to continue testing.

[Limraj]

Hi @EulertronikTw, is this little program to check the connection to the server: opc-da-1.0.0.jar

Use:

1. Help: java -jar opc-da-1.0.0.jar -H

2. Example (you can enter the domain -d and the server name -s, if you do not enter the server name it will try to search and it's best to leave it like that): java -jar opc-da-1.0.0.jar -h localhost -u Muleto1 -p abc

Regards, Kamil Jarmusik

[EulertronikTw]

Hi Kamil. I did 3 test:

1 - without server name without server.txt

2 - with citect server name with Citect server.txt

3 - with Matrikon server name with matrikon server.txt

I hope the information will be usefull. Ask me for more test if you need. Thanks

Juan

[Limraj]

Looks like he get the server list, so there is some progress: INFO: Found servers: [Matrikon.OPC.Sniffer.1, Citect.OPC.1, Citect.OPCRemote.1, Matrikon.OPC.Simulation.1]

But you can see that later on initialization something doesn't work, I'll have to take a closer look at it. Matrikon is only simulator server?

[EulertronikTw]

Yes. I can list the servers. But I can't list tags in vijeo citect servers.

[EulertronikTw]

Yes. I can list the servers. But I can't list tags in vijeo citect servers.

[Limraj]

Hi @EulertronikTw, So after entering the authorization data, you have a list of servers, but it does not read the tags on the old version of the application? So there would be no progress...

Now you need to focus on why it doesn't read these tags..

1. Do you have any errors on this page?
2. Do you have access to the tomcat/logs so I can send them to me?

Regards, Kamil Jarmusik

[EulertronikTw]

Hi!

Hi @EulertronikTw, So after entering the authorization data, you have a list of servers, but it does not read the tags on the old version of the application? So there would be no progress...

Now you need to focus on why it doesn't read these tags..

1. Do you have any errors on this page? Yes, there 3 differents errors that repeat in differents test a - abr 13 07:24: 'OPCTestCitect': OPCTestCitect: Invalid data type 0. Cannot instantiate MangoValue b - abr 13 07:24: 'OPCTestCitect': OPCTestCitect: [OPC] READ OPC ITEMS MAP Failed! c - abr 13 12:20: 'OPCTestCitect': OPCTestCitect: d - abr 13 12:24: 'OPCTestLocal': OPCTestLocal: Error while terminating data source: The client may not have been properly initialized.

2. Do you have access to the tomcat/logs so I can send them to me?} **Tell me if they are the file logs what you need:

mango.log

localhost_access_log.2023-04-19.txt

scada-lts-stderr.2023-04-17.log

these are the log files modified today

Thanks,

Juan**

Regards, Kamil Jarmusik

[Limraj]

@EulertronikTw Thanks for these logs. We already know that regardless of the library version from openscada.org (utgard) we get the same error (80040154: Double check CLSID in registry, below HKEY_CLASSES_ROOT), I looked for the reason and came across something like this: https://copyprogramming.com/howto/utgard-access-denied

First, try running Scada with administrative privileges. Looks like a system configuration problem.

[EulertronikTw]

@EulertronikTw Thanks for these logs. We already know that regardless of the library version from openscada.org (utgard) we get the same error (80040154: Double check CLSID in registry, below HKEY_CLASSES_ROOT), I looked for the reason and came across something like this: https://copyprogramming.com/howto/utgard-access-denied

First, try running Scada with administrative privileges. Looks like a system configuration problem.

Sorry, I don't know how to run the scada lts with administrative tools. Could you tell me which files are necesary to set with administrative privileges. For example I set opcenum.exe and Scada-LTSw.exe to run with administarive privileges. Any other?

Thanks

[Limraj]

Unfortunately, now I do not have windows in front of me ... look on the net how to run applications with administrator privileges on windows. It's about starting tomcat with these permissions. Run this tool from tomcat, click stop and close, then try to run by right clicking the Scada-LTS shortcut, run as administrator.

[Limraj]

Hi @EulertronikTw, I understand it didn't help. I need to dig into this topic more, it is also possible to change the library. You could also try following the instructions in the link. However, requiring such registry operations from the user is not a very good solution. This should work "out of the box".

edit: It's certainly interesting that the simulator server works, only this particular one does not, but another client can connect to this server, so it's some system configuration, but related specifically to the library. Another possibility is that this client process has a special setting in system that allows it to run dll for 32 bit version... I need to find information on this...

https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/compatibility-limitations-32-bit-programs-64-bit-system

I'll be back when I know more. I can come back to that later.

It seems, however, that you can do it automatically by setting the appropriate flag in the library, I will prepare such a version of this small program and we'll see. https://github.com/skyghis/j-interop-ng/blob/jcifs-ng/j-interop/README.md#A6

[Limraj]

Okay @EulertronikTw, I set autoconfig, you can try again: opc-da-1.0.1.jar

[EulertronikTw]

Hi Kmail. Here you are the files:

with matrikon server v1.0.1.txt without server v1.0.1.txt with citect server v1.0.1.txt

Thanks

Juan

[Limraj]

Now we have something like this: org.jinterop.dcom.common.JIException: Access is denied, please check whether the [domain-username-password] are correct. Also, if not already done please check the GETTING STARTED and FAQ sections in readme.htm. They provide information on how to correctly configure the Windows machine for DCOM access, so as to avoid such exceptions. [0x00000005] -> from https://copyprogramming.com/howto/utgard-access-denied : 00000005: Login error (does the user has administrator rights!?) try: https://copyprogramming.com/howto/run-explorer-as-administrator-windows-7

[Limraj]

1. Open "Scada-LTS service manager" -> click stop and close;

2. Next open cmd as admin: https://quehow.com/wp-content/uploads/2014/12/how-to-login-as-administrator-in-windows-7-step-12.jpg and: https://quehow.com/wp-content/uploads/2014/12/how-to-login-as-administrator-in-windows-7-step-22.jpg

Next in cmd: cd "path_to_Scada-LTS_installation/tomcat/bin" catalina.bat start

3. Sorry in cmd: cd "path_to_opc_ds_1_0_1/" java -jar opc-da-1.0.1.jar -u user -p pass -s server -h host

[Limraj]

Hi @EulertronikTw, If I wrote something unclear, let me know. Generally, the idea is to run the opc-da application through cmd that has been run with administrator privileges, i.e. with the 'Run as administrator' function. If that doesn't work, maybe we'll get another error.

[EulertronikTw]

Hi @EulertronikTw, If I wrote something unclear, let me know. Generally, the idea is to run the opc-da application through cmd that has been run with administrator privileges, i.e. with the 'Run as administrator' function. If that doesn't work, maybe we'll get another error.

Hi Kamil. Yes, I know that. My doubt was how to run SCADA LTS as administaror, because the interface is a web page.

I already ran opc-da-1.0.1.jar as Administator. I ran from PowerShell because with cmd I can't copy all the results.

What I didn't do, was stop scada-lts manager previously. So I ran it again:

without server v1.0.1.txt

with matrikon server v1.0.1.txt

with citect server v1.0.1.txt

Tell me if these test are what you need. Thanks!

[Limraj]

Hi @EulertronikTw try:

1. Open regedit;
2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. create or modify 32-bit DWORD: LocalAccountTokenFilterPolicy
4. set the value to: 1
5. restart system, next run opc-da as administrator

[EulertronikTw]

Hi @EulertronikTw try:

1. Open regedit;
2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. create or modify 32-bit DWORD: LocalAccountTokenFilterPolicy
4. set the value to: 1
5. restart system, next run opc-da as administrator

Yes. I already did it too:

Citect.txt Matrikon.txt without server.txt

[Limraj]

If you are trying to solve a specific technical problem, you must keep certain settings permanently, e.g. you cannot change the system version. The first logs were for windows 7 and you should stick to that system. If you approach technical problems this way, you will not be able to solve any technical problem. Also let's go back to windows 7.