8 Replies Latest reply on Jun 30, 2016 9:10 AM by jyi

    PI OPC HDA Browsing Error

    00112709

      Dear All,

       

      If somebody know my issue, please give me a hand...

       

      We would like to retrieve PI data via OPC HDA server.

      PI OPC HDA Tool could connect to PI server via SDK,

      however error occurred while browsing  item.

      The error code is "80040005".

       

      Test environment is as follows;

      1. PC1(WORKGROUP) : PI Server

      2. PC2 (Office Domain)  : OPC HDA Server + PI OPC HDA Tool

       

      If the network of PC2 changed from office domain to workgroup,

      PI OPC HDA Tool could browse.

      However this network is not good in terms of development environment.

       

      Thus, we would like to PC2 which joined office domain and browse item.

      What setting is needed more??

       

      Best Regards,

        • Re: PI OPC HDA Browsing Error
          bpayne

          Hello Mitsutoshi,

           

          DCOM errors can be one of the most difficult issues to resolve sometimes because you have so many variables related to security. One thing I always try is set up an identical local admin user on both server/client machines and runas this user and see if this allows a connection and read/writes. Here is a recent link that may be helpful as well: DCOM Security and Configuration

          1 of 1 people found this helpful
            • Re: PI OPC HDA Browsing Error
              00112709

              Dear Mr.Butch,

               

              Thank you for your reply.

               

              I think DCOM configuration is not related to this issue.

              DCOM configuration is necessary when OPC server and OPC client exists separately,

              but in my case, OPC server and OPC client exists on same PC.

               

              Best Regards,

                • Re: PI OPC HDA Browsing Error
                  gregor

                  Hello Mitsutoshi,

                   

                  OPC Server and client are on the same box but remote to the PI Data Archive and we must assume a Windows Integrated Security not being an authentication option. Please make sure you have a trust in place that allows PI OPC HDA Server to connect with an identity having read access.

                    • Re: PI OPC HDA Browsing Error
                      00112709

                      Hello Gregor,

                       

                      I appreciate your support.

                       

                      Your suggestion means that we should check trust setting again??

                       

                      We tried 2 pattern trust configuration.

                      1. Specified IP address and netmask

                      2. Specified PC name, domain, IP address and netmask

                      OPC HDA server could not browse items of PI server

                      although OPC HDA could connect to PI server by SDK in both cases.

                       

                      We think that  setting does not affect Windows authentication according to above result.

                       

                      Best  Regards,

                      • Re: PI OPC HDA Browsing Error
                        00112709

                        Dear Gregor,

                         

                        We have two additional question.

                         

                        1. >a Windows Integrated Security not being an authentication option

                            We use  PI user for trust.

                            Is Windows authentication related to this case even if we use PI user ?

                         

                        2.>an identity having read access

                           Where we can configure read access?

                           Security tab of each PI Point?

                          • Re: PI OPC HDA Browsing Error
                            gregor

                            Hello Mitsutoshi,

                             

                            Windows Integrated Security is only available if all machines involved into the communication are member of a domain or if in a cross domain environment, a domain trust allows authentication based on a Windows Principal. As soon as one of the machines involved is member of a workgroup, like in your case, the option to authenticate based on Windows Integrated Security is non existent.

                             

                            Please allow me to suggest you the learning video titled Windows Integrated Security (WIS) and our Security Recommendations. v2010 and PI Data Archive 2016 Security Configuration Guide.

                             

                            To add on what Siddhartha says, try creating a trust with just one limitation e.g. the OPC Server hosts IP address and grant piadmin user rights but just to see if PI Security is indeed the issue. Piadmin is the superuser for the PI Data Archive with unlimited access to all databases and objects. Using piadmin with trusts or mappings is "bad" practice and we strongly recommend against doing this. Please note that within the Security Settings, trusting piadmin user can be disable.

                             

                            Check with the PI Message log / PI Network Manager Statistics what credentials are used with the PI OPC HDA connection. PIWorld identity usually provides read access to the point configuration and point data but not to all items within Database Security and I believe that's what is causing your issue. Unless you plan writing to OPC items, read access should be just fine.

                    • Re: PI OPC HDA Browsing Error
                      srjhunjhunwala

                      Hello Mitsutoshi,

                       

                      How you have configured cross domain security I mean by having same local account and password on both the machines or Trust, this seems to be a security issue so test with a open trust and then configure accordingly.

                      • Re: PI OPC HDA Browsing Error
                        jyi

                        Hello,

                         

                        Without looking at PIPC Log and/or Windows Event log, we cannot fully rule out any possibilities.

                        More information is needed as the error code, "80040005", in my understanding is very generic.

                         

                        Read/Write of tags in bulk can be done using PI Builder.