源自第三方OPC服务器(KepServer)的HMI标签在FactoryTalk View中显示为线框

Summary 总结

HMI tags originating from 3rd party OPC server are wireframing in FactoryTalk View 9.00.00 and later

源自第三方OPC服务器的HMI标签在FactoryTalk View 9.00.00及更新版本中显示为线框(不显示数据)。

Problem 问题

After an upgrade to FactoryTalk View V.9.00.00 or later, HMI tags originating from a 3rd party OPC server no longer work – the OPC server returns invalid data and the objects associated with the HMI tags are wireframed.

升级到FactoryTalk View V.9.00.00或更高版本后,来自第三方OPC服务器的HMI标签不再工作—OPC服务器返回无效数据,并且与HMI标签关联的对象显示为线框。

Environment 环境
  • FactoryTalk View Studio V.9.00.00 or laterFactoryTalk View Studio V.9.00.00或更高版本
  • 3rd party OPC server 第三方OPC服务器
Cause 导致

As a part of security enhancements in FactoryTalk View V.9.00.00 and later, a logon account for Rockwell Tag Server service (TagSrv.exe) has been changed from Local System to Local Service. This change limits access rights to potential hackers that may want to exploit product services for malicious security attacks. However, this change may also deny Tag Server access to 3rd party OPC servers that do not allow Launch, Activation and Access Permissions to the Local Service user in their default DCOM configuration.

作为FactoryTalk View V.9.00.00及以后版本的安全增强的一部分,Rockwell标签服务器服务(TagSrv.exe)的登录帐户已从 Local System 更改为 Local Service 。此更改限制了可能想利用产品服务进行恶意安全攻击的潜在黑客的访问权限。但是,此更改也可能拒绝标签服务器访问第三方OPC服务器,这些服务器在其默认DCOM配置中不允许本地服务用户的启动,激活和访问权限。

Solution 解决方案
Solution 1 解决方案1

The cause is that the security enhancements in FactoryTalk View SE version 9.00 – 11.00 affect the communications with third-party devices. To access the tag value, set the Distributed Component Object Model (DCOM) configuration for KEPServer Enterprise on the computers.

原因是FactoryTalk View SE版本9.00 – 11.00中的安全增强影响了与第三方设备的通信。要访问标签值,需要在计算机上设置KEPServer Enterprise的分布式组件对象模型(DCOM)配置。

To set DCOM configuration for KEPServer Enterprise:

设置KEPServer Enterprise的DCOM配置。

1.Open DCOM setting by typing DCOMCNFG in the Windows search and then clicking on DCOMCNFG.exe.

通过在Windows搜索中输入 DCOMCNFG 打开DCOM设置,然后单击DCOMCNFG.exe。

2.Select Component services->Computers->My Computer->DCOM Config->KEPServiceEnterprise 5.19.

选择“组件服务->计算机->我的计算机->DCOM配置->KEPServiceEnterprise 5.19”。

image

3.Configure KEPServer Enterprise setting. Right click KEPServerEnterprise5.19 item and click Properties, select Security tab page.

配置KEPServer企业设置。右键单击“KEPServerEnterprise5.19”项,单击“属性”,选择“安全”页签。

image

4.Change Launch and Activation Permissions. Click Edit button with Customize of Launch and Activation Permissions, click Add button and add LOCAL SERVICE into list, check Local Launch and Local Activation with Allow.

更改启动和激活权限。点击编辑按钮,自定义启动和激活权限,点击添加按钮,将LOCAL SERVICE添加到列表中,检查本地启动本地激活允许状态。

image

5.Change Access Permissions.

修改访问权限。

image

6.Click Edit button with Customize of Access Permissions, click Add button and add LOCAL SERVICE into list, check Local Access and Remote Access with Allow.

点击编辑按钮,自定义访问权限,点击添加按钮,将LOCAL SERVICE添加到列表中,检查本地访问远程访问允许状态。

image

7.Restart the computer.

重新启动计算机。

The article refers to KEPServer Enterprise but the same method can be applied to any other 3rd party OPC server (i.e. in the first step, instead of KEPServer, locate your respective OPC server DCOM configuration and then configure Launch, Activation and Access Permissions per steps 3 – 5).

这篇文章指的是KEPServer Enterprise,但同样的方法也可以应用于任何其他第三方OPC服务器(即,在第一步中,找到您各自的OPC服务器DCOM配置,然后根据步骤3-5配置启动、激活和访问权限,而不是KEPServer)。

Solution 2 解决方案2

Solution 1 may not work for older 3rd party OPC servers designed to run on legacy Windows operating systems because of the way DCOM is used and implemented in these OPC servers. Due to dependency on obsolete Win32 components, the changes made to DCOM settings may have no effect on the OPC server’s access and launch permissions.

由于DCOM在这些OPC服务器中使用和实现的方式,解决方案1可能不适用于设计在传统Windows操作系统上运行的旧的第三方OPC服务器。由于依赖于过时的Win32组件,对DCOM设置的更改可能对OPC服务器的访问和启动权限没有影响。

In these situations, a user access level change must be made inside the Rockwell Tag Server service itself per the following steps:

在这些情况下,必须按照以下步骤在Rockwell Tag Server服务内部更改用户访问级别:

1.From the Start Menu -> Run launch services.msc console.

从开始菜单->运行启动服务。msc控制台。

2.In the service list, locate Rockwell Tag Server service and double click on it.

在服务列表中,找到Rockwell Tag Server服务并双击它。

3.Under the Log On tab select the Local System account radio button:

在“登录”选项卡下选择“本地系统帐户”单选按钮:

image

4.Click OK to close the dialog.

单击OK关闭对话框。

5.Reboot.

重新启动电脑。

您可能还喜欢...

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据