Knowledge Base Articles

Connecting Remotely to DeltaV v7.2 and Later Through OPC

Article ID: AP-0500-0023

Publish Date: 16 Sep 2020
Article Status: Approved
Article Type: General Product Technical Information
Required Action: Information Only

Recent Article Revision History:

Revision/Publish Description of Revision
16 Sep 2020 Reviewed and determined applicable for DeltaV v14.FP1.
(See end of article for a complete revision history listing.)

Affected Products:
Product Line Category Device Version
DeltaV Workstation Software VE2223 OPC Remote Services v7.x, v8.x,
v9.x, v10.x,
v11.x,
v12.x,
v13.x, v14.x
1 Introduction
This Knowledge Base Article, AP-0500-0023, provides information to customers who want to connect remotely to OPC in
DeltaV v7.2 and later. To communicate with a DeltaV v7.2 system or later using OPC from a non-DeltaV machine running
Windows NT or later operating system, the client machine must be installed with an application called OPCRemote.
Furthermore, you must add user accounts to the DeltaV system and to the remote machine where you will run the OPC
client. The user may need to verify the DCOM settings with those presented in this KBA.

2 Installing the OPCRemote Software on the Remote Client Machine

To ensure that the remote client has the correct OPCRemote file version required to communicate with the DeltaV OPC
server, insert the appropriate disk depending on the DeltaV version you have and perform the following steps:
1. To start the installation procedure, click Start | Run then type Explorer. Browse to the DV_EXTRAS\OPCREMOTE
folder on the CD and double-click OPCRemote.exe.

Note: The disk location of this folder varies depending on the DeltaV version.
For DeltaV v7.3 and v7.4, it is found in DeltaV CD 2. Users will find two instances of OPCRemote in the
DV_EXTRAS folder. OPCRemote is intended for Windows XP and higher operating systems while the
OPCRemoteForWinNT is for Windows NT and Windows 2000.
For DeltaV v7.4.1, v7.4.2, v8.4, v8.4.1, v8.4.2, it is found in DeltaV CD 4.
For DeltaV v9.3 up to v11.3.1, it is in DeltaV DVD 1.
For DeltaV v12.3 to v13.3.1, it is in DeltaV DVD 2.
For DeltaV v14.3, it is in DeltaV DVD 1.
For DeltaV v14.LTS and later, it is in DeltaV DVD 4.

2. During the installation, the user will see the following message:
“If you are going to connect to a DeltaV OPC Server, enter the name of the DeltaV workstation. Otherwise, enter
the name of the computer on which you are installing this software: “

3. Enter the node name of the computer that will be the OPC server machine (e.g., a DeltaV Application Station or
ProfessionalPLUS Station).

Note: If you encounter the error messages shown below when you install OPCRemote, simply ignore the
messages and continue with the installation. The error messages will occur because the DeltaV and
DVBHisAdmin groups do not exist on the non-DeltaV node.

Page 2 of 16
The password for the DeltaVAdmin account on the client machine must match the password on the server
machine for unsolicited callbacks to work properly. This is because the DeltaV OPC server is running as
DeltaVAdmin on the server machine and the DeltaVAdmin account is automatically created by the DeltaV
OPCRemote installation. The DeltaV Server Password Utility is automatically run when OPCRemote is installed
on the remote machine to synchronize the password of the DeltaVAdmin account on the server machine and
client machine. If the DeltaVAdmin account password is changed in the server machine, it must also be changed
on the client machine. On the client machine, go to C:\Program Files\FRS\OPCRemote folder and run
ServPwd.exe (DeltaV Server Password Utility) to re-synchronize the DeltaV Admin account password to the
server machine.
• DeltaV v7.2 DeltaV Server Password Utility

Page 3 of 16
 • DeltaV v7.3 (and later) DeltaV Server Password Utility: the “Set Password to Default” button is available
for the reset of the DeltaVAdmin password to the original password

Important: If you are upgrading a DeltaV system, it is necessary to remove OPCRemote from the
OPCRemote machine and then reinstall OPCRemote on the remote client machine from the disk that comes
with the newer version of DeltaV.

3 Configuring User Accounts for the DeltaV OPC Server Machine and the
Remote OPC Client
OPC uses Microsoft DCOM technology to allow a client to connect to a server running across a network that uses TCP/IP.
Any two machines configured for DCOM communications can be setup to run as a DeltaV OPC client and server.
Remote OPC Client Machine User Setup
The OPC client application runs using a valid Windows account and DeltaV account on the server machine. The server is
set up differently depending on whether the computers are in a workgroup or domain. The following sections describe the
various setup options. The term ‘opcuser’ is used as an example user account name.

3.1 Both OPC Client machine and DeltaV OPC Server Machine are in a Workgroup

The opcuser account runs as a local user if both the OPC client machine and DeltaV OPC server machine are in a
workgroup.

Page 4 of 16
To set up the opcuser on the DeltaV OPC server machine:
1. Use the DeltaV User Manager on the DeltaV OPC server machine to create a user account (opcuser account)
and assign it the same password as that of the OPC client machine.
2. Make ‘opcuser’ both an Operating System Account and a DeltaV Database Account.

3. Grant proper DeltaV groups (at least OPERATE group) and DeltaV locks (at least Control key) to ‘opcuser’.
4. Download the DeltaV machine.

3.2 The OPC Client Machine is in a Domain and the DeltaV OPC Server Machine is in a
workgroup

The opcuser account runs as a Domain User in Domain A and the DeltaV OPC Server machine is in a Workgroup.

Page 5 of 16
To set up the user on the DeltaV OPC server machine:
1. Use the DeltaV User Manager on the DeltaV OPC server machine to create a user account (for example,
‘opcuser’) and assign it the same password as that of the domain user account used on the OPC client machine.
2. Make ‘opcuser’ both an Operating System Account and a DeltaV Database Account.

3. Grant proper DeltaV groups (at least OPERATE group) and DeltaV locks (at least Control key) to ‘opcuser’.
4. Download the DeltaV machine.

3.3 The OPC client machine is in a workgroup and the DeltaV OPC server machine is in a
domain.

The opcuser account runs as Local User (in a workgroup) and the DeltaV OPC server machine is in a Domain
(Domain A).
To set up the user on the DeltaV OPC Server Machine:

Page 6 of 16
 1. Open DeltaV User Manager to create a user account with the same name and password as the local user
account (opcuser account) of the OPC client machine.
2. Make ‘opcuser’ both an Operating System Account and a DeltaV Database Account.

Note: Starting in DeltaV v10.3, the computer/domain selection must be set to ‘<unspecified>’ for the opcuser
account so that OPC communication will work.

3. Grant proper DeltaV groups (at least OPERATE Group) and DeltaV locks (at least Control key) to this user.
4. Create a local user on the DeltaV Application Station that has exactly the same user name and password as the
elected opcuser via Local Users and Computers on Windows Operating System.

Note: This is applicable to a member server, i.e. not a domain controller.

5. Download the DeltaV machine.

Alternatively, use ‘Windows User Manager’ application to perform the following tasks on the DeltaV OPC Server
Machine:
1. Create a local user account (opcuser account).
2. Assign it the same password as that of the OPC client machine.
3. Add it to the local DeltaV group.
4. Open DeltaV User Manager and create a DeltaV Database account with the same name as the local user account
(opcuser account).
5. Grant proper DeltaV groups (at least OPERATE Group) and DeltaV locks (at least Control key) to this user.
6. Download the DeltaV machine.

Page 7 of 16
3.4 The OPC Client Machine is in Domain A and the DeltaV OPC Server Machine is in
Domain B - Domain A has a Trust Relationship With Domain B

Scenario 1:
The opcuser account runs as Domain A User and the DeltaV OPC Server is in Domain B, and Domain B trusts
Domain A.
Since a two-way trust exists between the two domains, use either Windows User Manager in the DeltaV OPC
Server machine to create a local user account or Active Directory Users and Computers to add the OPC client’s
opcuser account (Domain A) to the DeltaV OPC Server (Domain B) machine. In addition, be sure to do the
following:
1. Use Active Directory Users and Computers to add Domain A\opcuser to the DeltaV group of the DeltaV domain;
or use Windows User Manager to add the local user account to the local DeltaV group.
2. Use the DeltaV User Manager to create opcuser as a DeltaV Database account.
3. Grant proper DeltaV groups (at least OPERATE Group) and DeltaV locks (at least Control key) to this user.
4. Download the DeltaV machine.
Another way to set up the opcuser account on the DeltaV OPC Server domain would be to do the following:
1. Open DeltaV User Manager on the DeltaV OPC Server machine to create a user account with the same name
and password as the domain user account (opcuser account) as that of the OPC client machine.
2. Make ‘opcuser’ both an Operating System Account and a DeltaV Database Account.

Note: Starting in DeltaV v10.3, the computer/domain selection must be set to ‘<unspecified>’ for the opcuser
account so that OPC communication will work.

Page 8 of 16
 3. Grant proper DeltaV groups (at least OPERATE Group) and DeltaV locks (at least Control key) to ‘opcuser’.
4. Download the DeltaV machine.
Scenario 2:
The Client Runs as Domain A User and the Server is in Domain B, and Domain B does not trust Domain A.
To set up the user on the DeltaV OPC Server Machine set-up as a domain member, use ‘Windows User Manager’
to do the following:
1. Create a local user account (opcuser account).
2. Assign it the same password as the OPC client machine.
3. Make the opcuser account a member of a DeltaV group.
4. Create a DeltaV Database account with the same name as the local user account (opcuser account).
5. Grant proper DeltaV groups (at least OPERATE Group) and DeltaV locks (at least Control key) to the opcuser
account.
6. Download the DeltaV machine.
Another way to set up the opcuser account on the DeltaV OPC Server machine set-up as either a domain member
or domain controller would be to do the following:
1. Open DeltaV User Manager on the DeltaV OPC Server machine to create a user account with the same name
and password as the domain user account (opcuser account) as that of the OPC client machine.
2. Make ‘opcuser’ both an Operating System Account and a DeltaV Database Account.

Note: Starting in DeltaV v10.3, the computer/domain selection must be set to ‘<unspecified>’ for the opcuser
account so that OPC communication will work.

Page 9 of 16
 3. Grant proper DeltaV groups (at least OPERATE Group) and DeltaV locks (at least Control key) to ‘opcuser’.
4. Download the DeltaV machine.

Note: The one-way trust configuration will not work if the OPC client machine is also a domain controller and
the OPC Server machine is not a domain controller. In this case, it is required that a two-way trust be
established for OPC communication to work.

4 DCOM Setup
Distributed Component Object Model (DCOM) is an application level protocol for object-oriented remote procedure calls.
This is useful for distributed, component-based systems of all types. Furthermore, it is useful to OPC in that it allows a
client to connect to a server running across a network that uses TCP/IP.
To use DCOM, do the following steps:
1. Connect two machines on a network with TCP/IP network protocol.
2. Enable DCOM on both machines (normally DCOM is enabled automatically during the operating system
installation).
3. Set the DCOM security to allow the client to connect to the server application.
Windows provides a utility called dcomcnfg.exe. This utility provides a user interface where the necessary DCOM
registry settings could be configured.

4.1 Enabling DCOM on the PC

If DCOM is not enabled, you can enable it by doing the following steps on both the server and client machines:
1. Go to Start | Run. Type in dcomcnfg.exe and then press ENTER.

Page 10 of 16
 2. When the Component Services window appears, right-click on My Computer icon and then Select the Default
Properties tab.

3. Select the checkbox “Enable Distributed COM on this computer”.

4. Changing this value requires a reboot.
The EnableDCOM registry key is set to ‘Y’ when this box is checked. If DCOM is not enabled, then all cross-machine
calls are rejected (the caller, typically, gets an RPC_S_SERVER_UNAVAILABLE return code).

4.2 Setting the Location of the OPC Data Server

On the server machine, the DeltaV OPC Data Server application must be set to run on the local machine.
1. Go to Start | Run. Type in dcomcnfg.exe and then press ENTER.
2. Select the entry ‘FrsOpcDv’ from the applications list and select the Properties button.

3. Select the Location tab.

4. Select the ‘Run application on this computer’ checkbox.

Page 11 of 16
On the client machine, the DeltaV OPC Data Server application must be set to run on the server machine. This is set up
automatically when DeltaV OPC Remote is installed. This can be verified by following these steps:
1. Go to Start | Run. Type in dcomcnfg.exe and then press ENTER.
2. Select the entry ‘DeltaV OPC Server’ from the applications list and select the Properties button.
3. Select the Location tab.
4. Select the checkbox “Run application on the following computer”.
5. Type in the name of the server machine.

4.3 Setting DCOM Properties

On both the server and client machines, the DeltaV OPC Data Server application must have the correct properties.
1. Go to Start | Run. Type in dcomcnfg.exe and then press ENTER.
2. When the Component Services window appears, right-click on My Computer icon and then Select the Default
Properties tab to view the default DCOM Communication Properties.

Page 12 of 16
 3. The Default Authentication Level should be set to ‘Connect’.
4. The Default Impersonation Level should be set to ‘Identify’.
Once access is permitted, COM will check security for each call. There are two categories, AuthenticationLevel and
ImpersonationLevel.
The Authentication Level dictates how secure the communication is between the client and the server. The negotiated
authentication level is the highest for client and server. It cannot be RPC_C_AUTHN_LEVEL_NONE if the caller wants to
know who the caller is.
The Impersonation Level indicates the degree of authority that is granted to the calling application or server for it to use
the identity of the client.

4.4 Setting DCOM Security

On the client machine, COM security needs to be modified to make callbacks work.

Note: Clients that call the CoInitializeSecurity() function to determine the security settings to be used by the
application DO NOT require this change.

1. Go to Start | Run. Type in dcomcnfg.exe and then press ENTER.

2. When the Component Services window appears, right-click on My Computer icon and then Select the Default
COM Security tab to view the default COM Security.

Page 13 of 16
 3. Edit the Default Access Permissions by selecting the ‘Edit Default’ button.
4. Add the DeltaVAdmin user in the list of users with local and remote access permissions.

4.5 Access and Launch Permissions

In order for DeltaV OPC Server service to run, the DCOM access and launch permissions must have been set on the
server machine. This is set up automatically when DeltaV software is installed. This can be verified by following these
steps:
1. Go to Start | Run, type in dcomcnfg.exe and then press ENTER.
2. Select the entry ‘FrsOpcDv’ from the applications list and select the Properties button.
3. Select the Security tab.
4. The Access permissions should include the accounts that need to connect to the DeltaV OPC Server. The
SYSTEM account is the only account with Launch permission. The System account will also have Access
permission.
The accounts that need to connect are the ones that will actually be running the client application. If these are not Domain
accounts, then the username and password must match on both the server and client machines for Windows to recognize
the users as the same account. The username must also be a DeltaV System user on the server machine (defined by
running DeltaV User Manager).

Note: Once the server is running, ‘launch permission’ setting is not used. The only user that launches the
server is SYSTEM. Any other client accessing the server bypasses launch permissions and requires Access
permission only.
The elected common OPCUSER does not need to be added to the DCOM object properties. Running
workstation configuration should revert all DeltaV-related DCOM object properties to the recommended
settings.

Additionally, the Identity tab, which tells COM how to launch the server, should be properly set up. There are three
options in this tab:
• Interactive User - Server is launched as user who is currently logged on the machine. If nobody is logged on,
launch fails.
• Launching User - Server is launched with account running the client application on the other machine.

Page 14 of 16
 • This User - DCOM logs on the specific user in the background and starts server using caller's token. This is the
setting needed for the DeltaV OPC Data Server. This option should be selected and DeltaVAdmin should be
the user name.

5 Checking the User Accounts

Log into both machines to verify the above account name and password using the new account.

5.1 DeltaV OPC Server

1. On the DeltaV machine (ProfessionalPLUS or Application workstation), log into the system and log into DeltaV as
well.
Start | DeltaV | Engineering | Flexlock | Select the new account and login.

2. Use OPCWatchit on the DeltaV machine and verify that you can browse to a diagnostic parameter and read the
value:
Start | Run | OPCWatchit | click ‘BrowsePath’ | browse to ‘Diagnostics/AppStationNodeName/FREMEM.CV’
(where the AppStationNodeName is replaced by the name of the relevant DeltaV computer name)

If you get a value returned in the value box and a ‘Get item succeeded: 0’ in the status box, then your OPC server is
working.
If the browse does not work, try clicking on the TypePath button and enter the following:
AppStationNodeName/FREMEM.CV

5.2 OPC Remote Client Machine

1. Log on to the remote OPC client machine using the new account created.
2. Attempt to browse to and read a parameter from the DeltaV application.

Page 15 of 16
 Note: It may take a minute or so for the OPCWatchit to make the initial connection.

3. Click Start | Programs | OPCRemote | OPCWatchit | Click ‘BrowsePath’ |

4. Browse to ‘Diagnostics/AppStationNodeName/FREMEM.CV’
If value is returned in the value box and a ‘Get item succeeded: 0’ is displayed in the status box, then your
OPCWatchit has succeeded in connecting to the remote DeltaV OPC server.
If the browse button does not work, try clicking on the TypePath button, then type in the following:
AppStationNodeName/FREMEM.CV

Contact Information
Services are delivered through our global services network. To contact your Emerson local service provider, click Contact
Us. To contact the Global Service Center, click Technical Support.

Related products and services: DeltaV DCS | Lifecycle Services

Complete Article Revision History:

Revision/Publish Description of Revision
16 Sep 2020 Reviewed and determined applicable for DeltaV v14.FP1.
30 Aug 2019 Reviewed and determined applicable for DeltaV v14.3.1
07 May 2018 Reviewed and determined applicable for DeltaV v14.3
19 Dec 2016 Reviewed and determined applicable for DeltaV v13.3.1; Updated DVD 2 as Disk location of
OPC remote software for DeltaV v12.3 and later.
02 Nov 2015 Reviewed and determined applicable for v13.3
28 May 2013 Added procedures regarding creation of Local Account for Item 2.3 and reiterated that there
is no need to add any other user to the properties of the FRSOPCDV DCOM object.
05 May 2010 Included information about DCOM changes needed for clients not using CoInitializeSecurity
and about setting up users starting with DeltaV v10.3
26 Aug 2005 Original release of article

©Emerson Automation Solutions 2009-2020. All rights reserved. For Emerson Automation Solutions trademarks and service marks, click this link to
see trademarks. All other marks are properties of their respective owners. The contents of this publication are presented for informational purposes
only, and while diligent effort has been made to ensure their accuracy, they are not to be construed as warrantees or guarantees, express or implied,
regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are
available on request. We reserve the right to modify or improve the design or specification of such products at any time without notice.

View Emerson Products and Services: Click This Link

Page 16 of 16