OI Server Diagnostics not Appearing on Remote Nodes
Within the Operations Control Management Console (OCMC, previously called the SMC or System Management Console), you are able to connect to a remote node within the Operations Interface Server Manager section and access the configuration of the OI Servers installed and running there. However, it is possible to encounter an issue where the diagnostics of the remote OI Servers does not appear within the OCMC. The root cause of this behavior is DCOM authentication hardening settings that are part of newer versions of Windows.
This tech note will provide steps with some recommendations to resolve the issue.
NOTE: These changes will revert modern OS and System Platform default security settings back to older OS and System Platform default settings by enabling the ANONYMOUS LOGON identifier, allowing access to DCOM without providing credentials. It is strongly recommended that you test this in a lab environment and conduct a risk analysis before considering implementation in a production environment.
- Operations Interface Servers
Add Anonymous_Logon to the Local Computer
- Open Component Services from command line by running DCOMCNFG or search in Windows for Component Services.
- Expand the tree to find My Computer.
- Right click on My Computer and select Properties.
- Go to the COM Security tab. In the Access Permissions section, press the Edit Default button.
- In the Access Permissions window, press the Add button.
- In the user selection window, type in first few letters of Anonymous_Logon, then use Check Names button to validate.
- Click OK to confirm.
- After the Anonymous Logon access type is added, grant both Local and Remote Access permissions.
- Press OK to finish.
- Repeat these steps on the remote computer.
After all steps are completed on both the local and remote computers, open the local Operations Control Management Console (OCMC), attach to the remote computer, and activate the OI servers in the OCMC (if not already activated). You should now be able to access the remote OI Server Diagnostics.
In some cases, the Diagnostics will still not open and pop-up warnings for Access Denied can appear. If so, continue to the next steps.
Enable Local Security Policy Network Access
Complete the following steps on both the local computer, and on the remote computers running OI Servers.
- Search for Local Security Policy in Windows and open the utility.
- Expand Local Policies – Security Options
- Select Security Options and find the entry Network Access: Let Everyone permissions apply to anonymous users.
- If this entry is set to Disabled, enable this option by double clicking or right-click Properties, select Enable and then Apply.
After making these changes, the OI Server Diagnostics on the remote node should be available in the OCMC on the local computer.
All Industrial Software Solutions Tech Notes are provided "as is" without warranty of any kind.