OPC Classic - Microsoft DCOM Hardening Changes

In DCOM hardening changes have been introduced by Microsoft to resolve secure vulnerabilities (see CVE-2021-26414). These changes will have an impact on client and server applications that use DCOM or RPC. For more information, see the Microsoft documentation: KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414).

To allow all the OPC components to work with hardening changes, DCOM configuration of the environment as well as of the various Desigo CC OPC DA components must be carried out.

NOTE: These configuration changes must be applied only if the interaction between applications is to be carried out between remote machines.

For the communication between OPC DA components to be established, all the OPC components must be able to support the hardening changes in DCOM.

The configuration required by third-party OPC DA components will vary based on the OPC DA component in use. For instructions, see the documentation of your third-party OPC DA component.

Please be aware that starting from Desigo CC software V5.1, the OPC DA discovery feature—by default—behaves like the hardening changes were enabled. To guarantee the correct operation of the OPC DA discovery functionality check that if the registry key RequireIntegrityActivationAuthenticationLevel is present it is set to 1.

Prerequisites

Overview

1
2
3

Set Windows Security Options
Modify OPC DA Server DCOM Settings
Modify the Registry Key