0x80040202 DCOM Error

Symptom

When an OPC client application is unable to receive callbacks from an OPC server, users will notice at least two symptoms:

  • The OPC client application fails to create an OPC group.
  • The OPC client application is not able to show data updates. Consequently, data values remain unchanged.

 

Cause

0x80040202 is an error that appears in the OPC client application when it fails to receive a callback from the OPC server.

 

Firewall Repair Procedure

If the OPC client computer is behind a firewall (hardware or software), callbacks may fail to arrive at their destination. While the OPC client will be able to make outgoing OPC calls, callbacks from the OPC server may be blocked by the firewall. To correct the problem, you need to turn off the firewall.

 

If the computer resides on a safe network, there is usually little potential damage as long as the firewall is turned off for a short period of time. Check with the Network Administrator to ensure it is safe to temporarily turn off the firewall.

 

To turn off the Windows Firewall, do the following:

  1. In the Windows search box on the taskbar, enter Windows Defender Firewall.
  1. Press ENTER.
  1. Select Turn Windows Firewall on or off.
  • The Customize Settings window displays.
  1. Select Turn off Windows Firewall (not recommended).
  1. Click OK.

 

Once the communication works, ensure that you turn the Firewall back on.

 

Authentication Failure Repair Procedure

Once a callback reaches the OPC client computer, the operating system will attempt to authenticate the arriving user name and password combination with its existing list. Windows will reject this combination for various reasons as described in the following procedures.

 

User Name and Password Combination

It is imperative that both the user name and password are recognized on both the OPC client and server computers. In the case of callbacks, it is possible that the user name and passwords on one computer do not match the other computer. You must carefully ensure that all combinations match on both computers.

 

Guest Only

The default setting in Windows XP and later when using workgroups is to force local users to authenticate as guest. This is also known as Simple File Sharing. This default setting does not allow you the necessary authentication level for working. You must turn this option off as follows:

  1. In the Windows search box on the taskbar, enter Local Security Policy.
  1. Press ENTER.
    NOTE: You can also open the window by starting the Run dialog box, entering secpol.msc, and clicking OK.
  • The Local Security Policy window
  1. Under Security Settings, expand Local Policies, and then select the Security Options folder.
  1. Search for the Network access: Sharing and security model for local accounts option and set to Classic - local users authenticate as themselves.

 

OPC Server Identity Issues

Callbacks take the identity of the OPC server. This identity is governed by the OPC server identity setting and the OPC client computer does not recognize this specific user account (in case the OPC server identity is set as This user), or the launching user (in case the OPC server identity is set as Launching user).

In this case, you must add the user account of this person to the OPC client computer. It is also possible that this user account does not have access rights to the OPC client computer, or that their user account is explicitly denied access in the access control list (ACL) of the system-wide DCOM settings.

 

Access Control List Issues and COM Security Repair Procedure

Once Windows authenticates the user account that initiated the callback, it will check the access rights of the user account in the OPC client access control list (ACL). In this case, since we are working with a callback, Windows refers to the security limits settings for the DCOM access permissions.

 

Configuring System-wide DCOM Settings

The system-wide DCOM settings changes affect all the Windows applications that use DCOM, including the OPC application. To make the necessary changes, see the following procedure. Note that even though you have to perform these steps on the OPC server computer, these steps may also be required also on the OPC client computer.

  1. Click the Windows Start button, and select Run.
  1. In the Run dialog box, type DCOMCNFG to display the Component Services window and initiate the DCOM configuration process. Then click OK.
  1. In the Component Services window, under Console Root, expand Component Services, and then expand the Computers folder.
  • My Computer is in the Computers folder.
  1. Right-click My Computer and select Properties.
  1. In the My Computer Properties dialog box, select the COM Security tab.
  1. In the Access Permissions section, click Edit Limits.
  1. Add Anonymous Logon and enable Local and Remote Access.
  1. Add Everyone and enable Local and Remote Access.
  1. Click OK.