Why do I get an error "Error occurred whilst querying interface IID_IOPCDataCallback." when I try to add a group to my OPC client using the ADDGROUP command?

5 views (last 30 days)
When I try to connect to my server, I get a warning message stating:
Warning: Shutdown callback will not work for this server: Access is denied.
Check DCOM permissions on this server.
I can connect to the server okay. When I now try to add a group to the server, I get an error: ERROR: ??? Error occurred whilst querying interface IID_IOPCDataCallback.

Accepted Answer

MathWorks Support Team
MathWorks Support Team on 19 Apr 2019
Edited: MathWorks Support Team on 18 Apr 2019
This enhancement has been incorporated in Release 14 Service Pack 3 (R14SP3). For previous product releases, read below for any possible workarounds:
Both of these issues are related to incorrect DCOM settings on the client machine (the machine running MATLAB), or on the machine hosting the OPC server.
OPC relies on DCOM in order to communicate between the client and the server. However, this communication takes place in both directions. That is, not only does the client send messages to the server, but the server will also send messages back to the client. The messages that a server sends back to the client are involved with Shutdown events (the first warning you receive when you try to connect), Data Change events, and asynchronous read or write requests. All asynchronous read and write requests, as well as Data Change events, are handled through a single message handler: An OPCDataCallback interface.
The OPC Toolbox 2.0 and earlier will error if the OPCDataCallback interface cannot be established, because, beside synchronous READ and WRITE operations, no OPC Toolbox functionality will work. Future versions of the OPC Toolbox may enable synchronous reading and writing of data if the OPCDataCallback link cannot be established.
Irrespective of whether the ADDGROUP command warns or errors, you should change your DCOM settings (probably on the client machine, but occasionally on the server machine) in order to fix this issue.
FULL EXPLANATION OF DCOM ISSUE:
In order for any DCOM message to be successfully negotiated, the "client" (the message requester) and the "server" (the message recipient and responder) need to negotiate whether they can communicate with each other or not. This negotiation is handled through the DCOM security protocols.
In the case of the OPC Data Access specification, both the OPC Data Access Client (the OPC Toolbox) and the OPC server initiate message requests, and, as a result, both the client and the server seem to behave as "clients". The OPC Data Access Client (the OPC Toolbox in this case) initiates the request in the case of connection, group and item addition, synchronous reads, and property changes. The OPC Server initiates the request to the client about shutdown events, asynchronous operations being completed, and Data Change events.
Typically, DCOM security between the client and the OPC Server is not an issue, since OPC Servers are set up with specific DCOM permissions. However, since the OPC Toolbox (like almost all OPC Data Access Clients) is not configured as a specific DCOM service, the OPC Server has to rely on other security settings in order to negotiate security for the DCOM transaction originating at the OPC Server, and destined for the OPC Client. Thus, when the OPC Server negotiates security with the client, DCOM uses the Default DCOM Security Settings for the client machine.
The error above means that the OPC Toolbox has successfully negotiated with the OPC Server to perform DCOM transactions, but the OPC Server is having difficulty negotiating with the client's computer to transact with the OPC Toolbox. To fix the problem you need to ensure that:
The OPC Server's identity is known and valid on the client (OPC Toolbox) computer.
The OPC Server's identity has DCOM Access permissions on the client machine.
If any of the above two points is not true for your server and client computer, you will receive the error and/or warning shown above.
To find out the OPC Server's identity, you need to check which user the OPC Server service or application runs as. If the OPC Server is installed as a service, you can find the information from the Services settings in the Adminstrative Tools (for Windows XP).
Ensuring that the OPC Server's identity is known and valid on the client computer depends on a number of possibilities:
If the OPC Server identity is a domain user, and both the client and server are on the same domain, the OPC Server identity will be known and valid on the client.
If the OPC Server identity is a local user on the server machine, then you must have the same user name and password on both the client (OPT Toolbox) and OPC server machines.
If either or both of the OPC server machine and the OPC Toolbox machine are not on a domain, then you must have the same user name and password on both the client (OPC Toolbox) and OPC server machines.
The following guidelines describe a mechanism for ensuring that an OPC server and client can communicate freely over a secure network:
Do use a domain.
Set the authentication level to connect (or higher) on the server machines.
Create a Group (in the domain), which will be allowed to launch and access the OPC objects.
Use DCOMCNFG to include this group in the Access Control Lists for launch and access permissions for each OPC object.
Ensure your operators are members of this group.
This should allow different users to be logged onto various client machines. It should also allow callbacks to function as the client machine can authenticate the server machine.
BUT WHY DO OTHER CLIENTS CONNECT TO MY SERVER JUST FINE?
It is possible for an application to bypass security settings defined on a machine, and define their own security settings for DCOM. In effect, by disabling any security settings, this may allow any DCOM process to call back into the client. Since MATLAB is capable of performing user-defined callbacks in response to the DCOM messages, this would be an extremely unsafe implementation. The OPC Toolbox expressly relies on the client machines' DCOM settings when connecting to an OPC Server.
IS THERE A REFERENCE ON HOW TO CONFIGURE DCOM FOR OPC?
The following might be helpful:
"OPC DCOM White Paper" by Richard C. Harrison

More Answers (0)

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!