XML-DA configuration

Table of contents
1 Introduction .................................................................................................................................................... 2
2 Security considerations................................................................................................................................... 3
3 Before you begin ............................................................................................................................................ 5
4 Configuring XML-DA ................................................................................................................................... 6
4.1 Installing Internet Information Server (IIS)............................................................................................ 6
4.2 Installing Microsoft .NET framework v1.1 ............................................................................................ 7
4.2.1 Adding ASP.NET support to a new installation of Internet Information Server ............................ 7
4.3 Updating system components................................................................................................................. 8
4.4 Installing the XML-DA wrapper ............................................................................................................ 8
4.5 Configuring the XML-DA wrapper...................................................................................................... 11
4.6 Configuring Internet Information Server (IIS) ..................................................................................... 13
4.7 COM configuration .............................................................................................................................. 17
4.7.1 COM configuration on Windows XP Service pack 2................................................................... 17
4.7.2 COM configuration on Windows 2000 ........................................................................................ 27
4.8 Configuring the Windows firewall ....................................................................................................... 34
5 Testing XML-DA......................................................................................................................................... 37
6 Programming with XML-DA ....................................................................................................................... 41
6.1 Using XML-DA from JavaScript ......................................................................................................... 42
6.1.1 Using the ‘XMLHttpRequest’ object to call web services ........................................................... 43
6.1.2 Updating parts of the web page dynamically ............................................................................... 45
6.1.3 Sample application structure ........................................................................................................ 46
7 Troubleshooting ........................................................................................................................................... 48
7.1 Problems and solutions......................................................................................................................... 48
7.2 Using event viewer for troubleshooting ............................................................................................... 50

© Mitsubishi Electric 1
MX OPC Server XML-DA configuration

1 Introduction
The XML-DA web service wrapper for OPC servers provides an interface to OPC
servers using modern web technologies such as SOAP and XML. These
technologies make it easier to access OPC data on other operating systems which
have limited support for Windows or COM. The implementation as a ‘wrapper’ means
that existing OPC servers can be enabled for web service access without any
modifications to the software.

When connecting to the MX OPC server from a client application (such as a SCADA
package or a Visual Basic program), it is not normally necessary to use XML-DA.
Often the server and client components will be on the same computer anyway, or
there will be a better way to pass the data from the OPC server across the network,
such as using an Ethernet connection to the PLC, or passing the data between
computers using a SCADA package’s own built-in networking. However, there are
some situations where XML-DA (like DCOM) is a suitable way to pass data from the
OPC server between PCs, such as reading data from a Visual Basic or Visual C#
program on another computer when there is only a single serial link connection
available to the PLC. XML-DA is easier to configure than DOM, and unlike DCOM it
can be used to pass data across firewalls which use network address translation
(NAT). However, it is more difficult to restrict user access to an XML-DA server.

This document will explain how to configure XML-DA with MX OPC Server on
Windows 2000 or Windows XP (Professional or above) service pack 2. It is assumed
that you are familiar with some COM and OPC terminology, and with the use of
Internet Explorer and Microsoft Windows.

© Mitsubishi Electric 2
MX OPC Server XML-DA configuration

2 Security considerations
Unlike DCOM, XML-DA relies on the security settings on the server PC only. This
means that it does not have the same issues when connecting between domains, or
between computers running different operating systems. The disadvantage is that it is
harder to check user credentials before allowing access to the OPC server.
XML-DA can be used to read data over an internet connection or across a network.
Any computer which can reach the server PC using TCP/IP can connect to XML-DA if
the firewall is set up to permit this. However, it is still not advisable to allow external
internet traffic to access the XML-DA port on the server PC, as any newly-discovered
vulnerability in either Internet Information Server (IIS) or XML-DA itself could allow an
attacker to remotely control the server computer. Instead, if you need to connect to
OPC-DA from another site using an internet connection, the safest way is to set up a
virtual private network (VPN) to pass encrypted TCP/IP traffic between the two sites,
and use this protected connection to connect to the XML-DA server.
Before setting up XML-DA in a corporate environment, you will need to discuss the
changes to the security configuration with your network administrator or IT
department, to make sure that the settings are consistent with your company’s
security policy.
In these instructions it is assumed that XML-DA and the web server will be installed
on the same computer as the OPC server. If this is not the case and DCOM is used
to connect from the OPC XML-DA wrapper to the server, you will need to set up
DCOM security to allow a connection to the OPC server – see Appendix C of the
MX OPC server documentation for instructions on how to do this. This will also affect
your choice of the user account which is used to access the OPC server.

Some typical security options for XML-DA are shown in the table on the following
page.

© Mitsubishi Electric 3
MX OPC Server XML-DA configuration

Option Notes
1. Fixed user name and password in the Web.config file within the virtual
directory
This method accesses the OPC server under an account with a fixed
username and password, which are entered in plain text in the ‘Web.config’
file in the wrapper directory (described in more detail later in section 4.5 on
page 11). This is easy to set up, but means that the plain text password can
be read by anyone with local access to the computer. With some extra
configuration, the password can be hidden in a partially encrypted form in
the registry, but it is still recoverable in a readable form by a determined
attacker.
The user account selected for this must have sufficient COM or DCOM
access rights to use the OPC server. You may also find that the policy
settings on the computer prevent you from using an account with a blank
password.
If you are using this option, it may be sensible to create a new user account
especially for this purpose and assign it COM access rights to the
MX OPC server (described later in section 4.7 on page 17). You may also
wish to prevent the account being used to log on locally (i.e. when the
computer is started). To do this on a PC which is not in a domain, select
‘Start -> Run’, type ‘gpedit.msc’, then click ‘OK’ to start the group policy
editor. In the tree view, browse to ‘Local computer policy ->
Computer configuration -> Windows settings -> Security settings ->
Local policies -> User rights assignment’, and in the ‘Policy’ list in the right-
hand pane, double click on ‘Deny logon locally’. Use the dialog that appears
to add the new user account name to the list.

2. Give OPC server access rights to the ASPNET user

By default, the web service will run under an account created by Internet
Information server called ‘ASPNET’. This account can be given COM access
rights to the MX OPC server, which removes the need to use a separate
account and plain text password.
If you have already configured DCOM (described in Appendix C of the
MX OPC Server help files) and have assigned OPC access rights to a new
group, you may be able to add the ASPNET account to this group.
Alternatively, you can assign MX OPC server access rights to the ASPNET
user independently (described later).
The main risk with this option is that a badly-secured ASP.NET application
running as the ASPNET user in the same instance of Internet Information
Server may be easier for an attacker to exploit if it has the additional access
rights needed by COM or DCOM.

© Mitsubishi Electric 4
MX OPC Server XML-DA configuration

3 Before you begin

Before you start to modify the PC configuration, please ensure that:
• The server (and optionally, client) PCs are up to date with service packs and
security fixes (currently service pack 4 for Windows 2000, and service pack 2 for
Windows XP). Applying the latest security fixes will reduce the risks introduced
when the security configuration is changed.
• You are logged on to the PC(s) using a local administrator account
• If you have not already installed Internet Information Server (IIS), you have your
original operating system installation media available as you may be prompted for
additional files.
• If you will be testing the XML-DA connection from another PC or using DCOM,
that there is a working TCP/IP network connection between the client and server
PCs. One way to test this is by using the ‘ping’ command:
1) From the ‘Start’ menu, select ‘run’
2) Enter ‘cmd’ in the ‘open’ box then click ‘OK’
3) In the command window that appears, enter ‘ping <otherpc>’, where
<otherpc> is the name of the other computer e.g.
‘ping SCADAserver’. A computer’s network name can normally be
found by right-clicking on ‘My computer’, selecting ‘properties’ then
clicking on the ‘Computer name’ tab. If in doubt, ask your network
administrator for assistance.
4) After pressing return, you should normally see a message such as
‘Pinging <address> with 32 bytes of data’ (where <address> is the IP
address such of the other PC, for example 192.168.200.100) followed by
four response messages from the other computer. If no address is
shown, there may be a problem in finding the other computer by name –
ask your network administrator to check the PCs settings. If the address
is found but there are no responses, this may mean that the connection
is not working, or it can sometimes indicate that a third-party firewall on
one of the computers is preventing the ping request from being sent or
the ping response from being received.
• If you are developing the client application yourself, make sure that you have
applied the most recent service packs to your development environment.
• If you need to modify the DCOM or COM settings, make a note of the previous
settings in case the changes have to be reversed. Some of the changes will
affect all applications using DCOM on the computer, not just the MX OPC server,
and this could stop other applications (such as other OPC server) from working.

© Mitsubishi Electric 5
MX OPC Server XML-DA configuration

4 Configuring XML-DA
These instructions will use example pictures from Windows XP Service pack 2, but
the same steps are needed for Windows 2000 configuration.
Where there are significant differences between the two operating systems, this will
be made clear in the directions.
NOTE: If you install Internet Information Server (IIS) after the .NET framework,
ASP.NET pages will not work correctly. Follow the instructions in section 4.2.1 on
page 7 to fix this. If you have not yet installed either package, install IIS first to
prevent the issue from occurring.

4.1 Installing Internet Information Server (IIS)

XML-DA requires Microsoft Internet Information Server (IIS) to operate. Although this
is supplied with Windows 2000 and XP Professional Editions, it is not always installed
by default. IIS is not supported for use with Windows XP Home edition.
To find out whether or not IIS is installed, select ‘Start -> [Settings] -> Control panel ->
Add or remove programs’. In the left side of the window that appears, select the third
item ‘Add / remove windows components’. The window should look similar to the
picture below:

© Mitsubishi Electric 6
MX OPC Server XML-DA configuration

Find ‘Internet Information Services (IIS)’ in the list. If the box to the left is ticked, it has
already been installed, in which case you can click ‘Cancel’ and go on to the next
section. Otherwise, click on the empty box next to ‘Internet Information Services (IIS)’
to select it for installation. Select ‘Details’ if you want to modify the parts of Internet
Information Server that are installed (although the defaults are acceptable for
XML-DA). When you are ready, click ‘Next’ and Internet Information Server will be
installed. You may be prompted for the original operating system CD or DVD media if
there are any files required that are not already on the computer.

4.2 Installing Microsoft .NET framework v1.1

The XML-DA wrapper web service requires Microsoft .NET framework v1.1 to run. To
determine whether or not this is installed on your computer, select
‘Start ->Control panel -> Add/remove programs’ and see if
‘Microsoft .NET framework v1.1’ appears in the list. If the .NET framework was
already installed before you installed IIS, you may need to follow the instructions in
the next section before ASP.NET pages will work correctly.
If the .NET framework v1.1 was not installed, download the installer from the
Microsoft web site at www.microsoft.com/downloads. By searching for
“.NET framework 1.1” you should be able to find the two items:
• .NET framework v1.1 redistributable package (filename ‘dotnetfx.exe’)
• .NET framework v1.1 service pack 1 (filename ‘NDP1.1sp1-KB867460-X86.exe’)
Download both of these, and install the redistributable package first, followed by the
service pack. After installing both these items, there will be some remaining security
fixes, which can be installed through Windows update (see the next section).

4.2.1 Adding ASP.NET support to a new installation of Internet Information

Server
If Internet Information Server was installed after the .NET framework, you will need to
register ASP.NET with Internet information server using the ‘aspnet_regiis.exe’ file
located in the .NET framework directory. Select ‘Start -> Run’ and enter the following
carefully before clicking ‘OK’:
%WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i
If you will also be using ASP.NET from other versions of the .NET framework later,
you may wish to register those versions as well. For example, to register the current
.NET 2.0 framework, the command to use is:
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i

© Mitsubishi Electric 7
MX OPC Server XML-DA configuration

4.3 Updating system components

If you installed Internet Information Server (IIS) or the Microsoft .NET framework in
the previous steps, it is advisable to update your computer to ensure that it has the
latest security patches, as there may have been security fixes developed since the
installation media were created. If the computer has an internet connection, the
easiest way to do this is to use Windows Update.
A) If your Computer is configured for automatic Windows updates
If you already have automatic updates enabled, you can trigger an update by
selecting ‘Start->Run’ and entering ‘wuauclt /DETECTNOW’. Depending on how the
automatic updates are configured, you will either be prompted to install the new
updates and to restart the computer afterwards, or the installation may be performed
the next time you restart the computer.

B) If your computer is not configured for automatic Windows updates

To update the computer manually, start Internet explorer and select ‘Tools ->
Windows Update’, then follow the prompts and select any patches related to Internet
Information Server for installation. You may need to restart your computer after the
patches are installed.

For the .NET 1.1 framework in particular, you may find that you have to repeat this
step until no more updates are found – the updates are not included in a single
package.

4.4 Installing the XML-DA wrapper

To install the wrapper web service, run the supplied installer
‘XMLDAwrapperSetup.msi’.
If you see the message below, the .NET framework v1.1 has not been correctly
installed - see section 4.2 on page 7 for instructions on how to do this.

Once the .NET framework v1.1 is installed, the installer will go on to the ‘Welcome’
page (below). Click ‘Next’ to continue.

© Mitsubishi Electric 8
MX OPC Server XML-DA configuration

You will now be prompted for the location where the wrapper should be installed. For
this example, the wrapper will be installed to ‘C:\MELSEC\XMLDA’ (see picture
below). You may optionally select ‘Everyone’ to allow other users to access the files.
Select ‘Next’ to continue.

© Mitsubishi Electric 9
MX OPC Server XML-DA configuration

At the ‘Confirm installation’ prompt, select ‘Next’.

When installation is complete, you will see the dialog below and the readme file will
be displayed. Click ‘Close’.

© Mitsubishi Electric 10
MX OPC Server XML-DA configuration

4.5 Configuring the XML-DA wrapper

The next step is to set up a web service for MX OPC server 5.
Browse to the directory where the wrapper was installed (in the above example, this
was ‘C:\Melsec\XMLDA’). The directory contents should be similar to the following
example:

Take a copy of the file ‘OPC_XML-DA_WrapperService.asmx’, and rename this copy

as ‘Mitsubishi.MXOPC.5.asmx’ – this is the ‘ProgID’ (human-readable name) of the
MX OPC server version 5. Other OPC servers can be added in the same way by
using the ‘ProgID’ of the server with the ‘.asmx’ extension. If no config file is supplied,
the name of the file is used to find the OPC server to read from, which is assumed to
be on the local PC.

An alternative method of configuration is demonstrated by the

‘MYSERVER.OpcDa20Server.asmx’ and ‘MYSERVER.OpcDa20Server.config’ files.
In this case, a ‘.config’ file is supplied containing the PC and OPC server names in
the ‘Node’ and ‘ProgID’ entries respectively. This requires that DCOM is configured
correctly to allow connections to the PC where the OPC server is running – see the
MX OPC Server help files Appendix C for instructions on how to do this.

© Mitsubishi Electric 11
MX OPC Server XML-DA configuration

The ‘Web.config’ file is a text file can be edited with e.g. ‘Notepad’ (Select Start ->
Run and enter ‘notepad.exe’ then click OK and browse to the file) to configure the
account that is used to access the OPC server. Find the lines shown below in the file:
<!-- INDENTITY
This section allows the web service to impersonate a specific Windows user account that
determines what privileges the web service has. This is important for the XML-DA sample
web service since it must be able to launch as access local COM servers. The two sample
COM servers included with the distribution are configured to allow 'Everyone' access which
means that no special web service configuration is required. Changes to this section are
required before the XML-DA sample server can connect to other COM servers.

There are two possibilities for determining identity: the web service can use an account
that is explicitly specified in this file or it can use the account identified by IIS
integrated windows authentication, If the later approach is used then there must be no entry
in this file for 'userName/password' and the virtual directory for the webservice must
have anonymous access must be disabled (which forces the client to explicitly login).
-->

<!-- <identity impersonate="true" userName="[username]" password="[password]"/> -->

Whether this needs to be changed or not depends on your chosen security option
from the table in section 2 on page 3. By default, the last line of the section above is
commented out (with ‘<!—‘ and ‘-->’ markers at the start and end of the line. With this
line disabled, Internet information server will run the web service using its built-in
‘ASPNET’ account. This is the correct method if you are using security option 2
(‘assign rights to the ASPNET user), in which case you can go on to the next section.
The alternative is to select a fixed user name and password for the account to use –
this is the correct method for security option 1 (‘fixed user name and password in
web.config’). To do this, copy the line and paste a copy of it on the line below.
Remove the ‘<--‘ and ‘-->’ comment markers at the start and end of the new line, and
set a username and password. The resulting lines for username ‘xmluser’ and
password ‘opensesame’ would look like this:

<!-- <identity impersonate="true" userName="[username]" password="[password]"/> -->

<identity impersonate="true" userName="xmluser" password="opensesame"/>

WARNING: Do not re-use a password that you use on other systems and wish to
keep secret, as it is stored in readable text form and can be seen by
any other user with access to the computer.
After modifying the file, save the changes and close notepad.

© Mitsubishi Electric 12
MX OPC Server XML-DA configuration

4.6 Configuring Internet Information Server (IIS)

To use XML-DA, a new ‘Virtual directory’ must be configured in IIS. First, run the IIS
configuration tool from:
Start -> [Settings] -> Control Panel -> [Performance and Maintenance ->]
Administrative Tools -> Internet Information Services [XP] or Internet services
manager [Win2K]
The ‘Settings’ part is only needed on Windows 2000, and the ‘Performance and
maintenance’ part will only be present on XP if control panel is set up to display in
‘Category view’ instead of ‘Classic view’.
The configuration window should be similar to the picture below.

© Mitsubishi Electric 13
MX OPC Server XML-DA configuration

Expand the tree control in the left-hand pane until ‘Default web site’ is shown, then
right click on ‘Default web site’ and select ‘New->Virtual directory’ from the context
menu.

The ‘Virtual directory creation wizard’ will be shown (see below). Select ‘Next’.

© Mitsubishi Electric 14
MX OPC Server XML-DA configuration

You will be prompted for the ‘alias’ name of the new virtual directory. This is the name
that will be used to refer to the directory as part of the URL entered in the address bar
in the web browser, for example http://computername/alias/...
In this example, we will use the name ‘xmlda’ as shown in the picture below.

After entering the name, click ‘Next’. You will be prompted for the directory where the
content is stored. Browse to the directory where you installed the OPC wrapper (see
section 4.4 on page 8), then click ‘Next’.

© Mitsubishi Electric 15
MX OPC Server XML-DA configuration

The permissions screen will now be shown.

Ensure that ‘Read’, ‘Run scripts (such as asp)’ and ‘Execute (such as ISAPI
applications or CGI’ are all selected, then click ‘Next’.

Select ‘Finish’ to exit the wizard.

© Mitsubishi Electric 16
MX OPC Server XML-DA configuration

4.7 COM configuration

If the user account you selected to run the OPC server has already been configured
to have the correct COM access rights for MX OPC server (for example, through
previously configuring a working DCOM connection with the same account), you can
move on to the next section. Otherwise, you will need to configure COM security
access for the user account (either the fixed user name and password you chose, or
the ASPNET account).
This section will describe how to do this. The instructions are different for
Windows XP service pack 2 and Windows 2000, so follow the instructions in the
section for your operating system.

4.7.1 COM configuration on Windows XP Service pack 2

From the ‘Start’ menu, select ‘Run’ to show the window below.

Enter ‘dcomcnfg’ and click ‘OK’ to start the DCOM configuration utility.

© Mitsubishi Electric 17
MX OPC Server XML-DA configuration

In the first window that appears (see example below), click on the
‘Component services’ and ‘Computers’ items in the left hand pane to expand them,
so that ‘My Computer’ is shown.

© Mitsubishi Electric 18
MX OPC Server XML-DA configuration

Right click on ‘My computer’ and select ‘Properties’ from the pop-up menu. In the
next window, click on the ‘COM security’ tab and a window similar to the one below
will be shown:

The ‘Limits’ on this page will override the COM security settings for individual
components, and from XP service pack 2 onwards the default settings are too
restrictive to allow OPC communications to work. The restrictions must be relaxed
before using DCOM to access an OPC server remotely.

© Mitsubishi Electric 19
MX OPC Server XML-DA configuration

In the ‘Access permissions’ section, click ‘Edit limits’ to display the window below.

In the example above, DCOM can be used by all users (the ‘Everyone’ group) – if
‘Everyone’ has at least ‘Local access’ rights, you do not need to change these
settings further. Otherwise, add the account(s) to be enabled (e.g. ASPNET) to this
list with the ‘add’ button, and make sure that at least ‘Local access’ is enabled.
NOTE: Although using XML-DA with an OPC server on the same PC as IIS does not
require ‘Remote access’ to be enabled, DCOM does require remote access. If you
have already configured DCOM you may find that ‘Remote access’ is already
enabled for some or all users – there is no need to remove it.

© Mitsubishi Electric 20
MX OPC Server XML-DA configuration

Click ‘OK’ to save the changes, then on the ‘COM security’ screen click the ‘Edit
limits’ button in the ‘Launch and Activation Permissions’ section to show the window
below:

Ensure that all the ‘Allow’ checkboxes are set for the ‘Local launch’ and ‘Local
activation’ permissions of the user account that will be accessing the server (e.g.
ASPNET). If the ‘Everyone’ group already has permissions (which is the case in the
above picture), it should not be necessary to add the new user account separately.
As before, there is no need to remove the ‘Remote’ permissions if they have already
been set (for example as part of DCOM configuration).

Click ‘OK’ to return to the ‘COM security’ window. The ‘Edit defaults’ settings for
‘Access permissions’ and ‘Launch permissions’ on this page are used to set the
default permissions for COM applications. If you are not too concerned with security
(for example, if your computer(s) are running on an isolated network with no internet
connection), one alternative at this point is to give the new user (e.g. ASPNET)
default access and launch/activate permissions to all COM objects using these
dialogs. However, it is preferable to set permissions for just the objects that the user
needs, which we will do in the rest of this section.

© Mitsubishi Electric 21
MX OPC Server XML-DA configuration

Click ‘OK’ to return to the ‘Component Services’ dialog. You will need to configure the
security on the MX OPC server and MX Runtime services. To do this, double-click on
the ‘DCOM config’ entry, and find ‘MXOPC’ and ‘MXRuntime’ in the list, as shown in
the picture below.
NOTE: As XML-DA does not support enumerating OPC servers, you do not need to
set permissions for ‘OPCenum’.

This step will need to be repeated for ‘MXOPC’ and ‘MXRuntime’ in turn – ‘MXOPC’
will be used for this example. Right click on the ‘MXOPC’ icon and select ‘properties’.
The window below should appear.

© Mitsubishi Electric 22
MX OPC Server XML-DA configuration

Switch to the ‘Security tab’.

The ‘Launch and activation permissions’ and ‘Access permissions’ can be left as
‘Default’ to use the default COM security settings configured earlier. However, for
better security, they can be customized to control which users can start and use each
server. To do this, select ‘customise’ for each option and select ‘Edit’.

© Mitsubishi Electric 23
MX OPC Server XML-DA configuration

A sample ‘Launch and activation permissions’ edit window is shown below, in which a
named user ‘OPClink’ has been added. As with the ‘edit defaults’ settings, the ‘allow’
check boxes for ‘Local launch’ and ‘Local activation’ must be set to allow use of the
server with XML-DA. DCOM (if previously configured) also uses the ‘Remote’
permissions.

© Mitsubishi Electric 24
MX OPC Server XML-DA configuration

The ‘Access permissions’ configuration screen is shown below, with a named user
‘OPClink’ added. Only ‘Local access’ is needed for XML-DA usage.

© Mitsubishi Electric 25
MX OPC Server XML-DA configuration

After changing the settings on the security tab (if required), select the ‘Identity’ tab. In
the sample screen below, the server has been configured to run as a named user.

The options on this screen are:

• The interactive user – the user who is currently logged on to the machine. This
can cause problems if a remote user is using XML-DA with no-one logged on to
the PC, as there is no guarantee of which user (if any) will be logged on when the
server is accessed from another computer.
• The launching user – the user who accessed the server, causing it to be started.
• A named user – the server runs as a specified user, whose name and password
are provided. This option allows the server to be configured independently of the
user that started the server and the user that is logged on, and works well for
unattended computers.
• The system account, when the server is configured to run as a service.

Press ‘OK’ to return to the ‘Component settings’ page, which can then be closed.

© Mitsubishi Electric 26
MX OPC Server XML-DA configuration

4.7.2 COM configuration on Windows 2000

From the ‘Start’ menu, select ‘Run’ to show the window below.

Enter ‘dcomcnfg’ and click ‘OK’ to start the DCOM configuration utility.
In the sample screen below, the ‘MXOPC’ service is visible.

© Mitsubishi Electric 27
MX OPC Server XML-DA configuration

Click on the ‘Default security’ tab to show the window below. The settings on this
page determine the default access rights that each user is granted to COM objects.

The ‘Edit default access permissions’ and ‘Edit default launch permissions’ items on
this page are used to set the default permissions for COM applications. If you are not
too concerned with security (for example, if your computer(s) are running on an
isolated network with no internet connection), one alternative at this point is to give
the new user (e.g. ASPNET) default access and launch/activate permissions to all
COM objects using these dialogs. However, it is preferable to set permissions for just
the objects that the user needs, which we will do in the rest of this section.

© Mitsubishi Electric 28
MX OPC Server XML-DA configuration

Return to the ‘Applications’ tab (below) and find the entry ‘MXOPC’ in the list.

© Mitsubishi Electric 29
MX OPC Server XML-DA configuration

Select ‘MXOPC’ in the list and click ‘Properties’. In the ‘Security’ tab (see picture
below), the ‘Launch permissions’ and ‘Access permissions’ can both be left as ‘Use
default’ to use the default security settings, or for improved security they can be
customized to control which users can start and use each server. To do this, select
‘Use custom access permissions’ or ‘Use custom launch permissions’, then click the
‘Edit’ button.

NOTE: The configuration permissions do not normally need to be changed.

© Mitsubishi Electric 30
MX OPC Server XML-DA configuration

The standard ‘Edit’ dialog is shown below, with access enabled for just the
Administrators group.

To add a user, select ‘Add’ to show the dialog below.

© Mitsubishi Electric 31
MX OPC Server XML-DA configuration

Click ‘Show users’ to show individual users, then select the user name in the list and
click ‘Add’. In the example below, the ‘ASPNET’ user has been selected.

Select ‘OK’ to return to the permissions dialog, then ‘OK’ again to return to the
‘MXOPC properties’ dialog.

© Mitsubishi Electric 32
MX OPC Server XML-DA configuration

Once you have added the new user to the ‘custom access’ and ‘custom launch’
permissions settings, switch to the ‘Identity’ tab.

The options on this screen are:

• The interactive user – the user who is currently logged on to the machine. This
can cause problems with DCOM, as there is no guarantee of which user (if any)
will be logged on.
• The launching user – the user who accessed the server, causing it to be started.
• A named user – the server runs as a specified user, whose name and password
are provided. This option allows the server to be configured independently of the
user that started the server and the user that is logged on, and works well for
unattended computers.
• The system account, when the server is configured to run as a service.

Click ‘OK’ to return to the ‘Distributed COM configuration properties’ page. After
changing the properties of any other DCOM objects required (such as ‘MXOPC’ and
‘MXRuntime’) in the same way, this dialog can then be closed.

© Mitsubishi Electric 33
MX OPC Server XML-DA configuration

4.8 Configuring the Windows firewall

If you are using the Windows firewall provided with Windows XP service pack 2, you
may need to configure it to allow TCP/IP network traffic to reach the XML-DA server
in Internet Information Server (IIS). If you are using a third party software firewall,
please refer to the manual to find out how to make the equivalent configuration
changes. If XML-DA does not work when your third-party firewall is enabled, but
works when it is switched off, the problem is likely to be with the firewall configuration.
NOTE: Windows 2000 does not include a firewall by default, but if you have installed
a third-party software firewall, you will need to enable the same applications and
ports as required by the XP firewall. Please refer to your firewall manual for
instructions on how to do this.

From the ‘Start’ menu, open ‘Control panel’. If you are using ‘Classic view’, the
‘Windows firewall’ icon will already appear in the list, otherwise in ‘Category view’ it
will be under the ‘Network and internet connections’ category. Double-click the icon to
view the firewall settings screen (shown below).

© Mitsubishi Electric 34
MX OPC Server XML-DA configuration

Click on the ‘Exceptions’ tab, and a screen similar to the one below will be shown.

Click the ‘Add port…’ button, and enter the details below to allow other applications to
connect to the HTTP port. If you have configured your web server on a port other
than the usual ‘80’, use the alternative port number instead and give it a different
name.

Click ‘OK’ to return to the previous screen, where ‘HTTP’ will have been added to the
exceptions list.

© Mitsubishi Electric 35
MX OPC Server XML-DA configuration

If you are connecting to XML-DA remotely from a Windows XP service pack 2 PC,
you may also need to add your client program(s) to the exceptions list on the remote
PC. Start by clicking on the ‘Add program…’ button on the exceptions screen. In the
window that appears, use the ‘Browse’ button and find the EXE file for your client
application. The screen should now look like the one below (where ‘MXOPC.exe’ has
just been added):

Click ‘OK’ to return to the exceptions screen, where the client program should now
appear in the list.
When all client applications have been added, click ‘OK’ on the exceptions screen to
finish.

© Mitsubishi Electric 36
MX OPC Server XML-DA configuration

5 Testing XML-DA
After all the software has been installed and configured, you can test the server by
going to any browser and entering the URL of the XML-DA web service. This will be
in the form:
http://<computername>/<virtualdirectory>/<servicename>.asmx
where
• <computername> is the PC name or address. ‘localhost’ can be used as a
shorthand for the local PC
• <virtualdirectory> is the IIS directory linked to the web service – ‘xmlda’ in the
examples
• <servicename> is the web service file – ‘Mitsubishi.MXOPC.5.asm’ in the
examples
So for the example configuration in these instructions, the URL would be:
http://localhost/xmlda/Mitsubishi.MXOPC.5.asmx

Depending on your firewall settings, the service can be accessed from other PCs by
substituting the server computer name or address in place of ‘localhost’.
Note: If your IIS installation does not use the default web port (80), you will need to
alter the URL to include the port number, separated from the computer name by a
colon (:) character. For example, if IIS is configured for port 8080:
http://localhost:8080/xmlda/Mitsubishi.MXOPC.5.asmx

© Mitsubishi Electric 37
MX OPC Server XML-DA configuration

If the web server configuration is correct, you should see a page similar to this:

This demonstrates that the server is configured and listening, but does not
necessarily prove that it can be used to read data, as the connection from IIS to the
OPC server is not checked at this stage.
To prove that the OPC connection also works, you will need to connect to the server
using an XML-DA client. The Javascript sample code can be used for this purpose.
Find the file ‘js_sample.htm’ from the ‘Javascript’ directory under ‘XML-DA’ on the
CD, and copy this into the directory where you installed the XML-DA wrapper
(‘C:\MELSOFT\xmlda’ in the examples). If your wrapper service file was not called
‘Mitsubishi.MXOPC.5.asmx’ (as in the example), use notepad to find this text in the
‘js_sample.htm’ file, and modify it to match the name that you used.
Now replace the ‘Mitsubishi.MXOPC5.asmx’ part of the test URL in Internet Explorer
with ‘js_sample.htm’, e.g.:
http://localhost/xmlda/js_sample.htm

© Mitsubishi Electric 38
MX OPC Server XML-DA configuration

The javascript example page should appear, similar to the picture below.

If you are able to use the ‘Get’ [status], ‘Browse’ and ‘Read’ buttons on the example
page, the XML-DA web service is working correctly. If there are errors reported, the
service may need further configuration. The example picture below shows an error
caused by incorrect DCOM permissions.

© Mitsubishi Electric 39
MX OPC Server XML-DA configuration

After fixing the permissions, the example can be used as normal (see picture below
where Tag002 is about to be written).

© Mitsubishi Electric 40
MX OPC Server XML-DA configuration

6 Programming with XML-DA

XML-DA is well-suited to modern development tools which provide support for web
services. From Visual Studio 2003 onwards, the development environment will
automatically generate most of the code needed to access a web service.
XML-DA offers a cut-down version of the features available in OPC. The operations
supported are:

Operation Description and notes

GetStatus() Determine the status of the OPC server.
Browse() Read the tag hierarchy. It will only read one level at a
time, so it must be called repeatedly to read the full
hierarchy.
GetProperties() Get the properties of an item.
Read() Read the values of one or more tags.
Write() Write new values to one or more tags.
Subscribe() Applications can ‘subscribe’ to receive information
about one or more groups of tags, then regularly poll
SubscriptionPolledRefresh()
the server to see which of the tags have changed. This
SubscriptionCancel() is a more efficient way to poll for data with XML-DA
than making repeated calls to Read().

© Mitsubishi Electric 41
MX OPC Server XML-DA configuration

6.1 Using XML-DA from JavaScript

As XML-DA will respond to standard ‘http’ requests, it can be used directly from
client-side JavaScript through the ‘XMLHttpRequest’ object. This allows operations to
be performed on the OPC database and the results displayed without having to
reload the whole web page, using techniques often called ‘AJAX’ (Asynchronous
Javascript And XML).

An example web page ‘js_sample.htm’ is provided under the ‘XML-DA’ directory on

the OPC server CD. The features of this example are:
• Read server status using ‘GetServerStatus()’
• Browse tags hierarchically using multiple ‘Browse()’ calls.
• Read tag values using ‘Read()’ and display them.
• Write a new value to a selected tag using ‘Write()’.
• Subscribe to data with ‘Subscribe()’, and display changed values in real time
without reloading the page using ‘SubscriptionPolledRefresh()’. Unsubscribe with
‘SubscriptionCancel ()’.

The example code has been tested with Internet Explorer only, but should be
possible to convert to other browsers. It is mainly intended to show the use of
asynchronous javascript to make calls to XML-DA and parse key parts of the result
data. It does not cover the use of all the many different parameters available in the
XML-DA specification.

© Mitsubishi Electric 42
MX OPC Server XML-DA configuration

6.1.1 Using the ‘XMLHttpRequest’ object to call web services

To call a method in a web service, there are two separate stages. Firstly, the request
is created and sent, then once the result has been received a separate function will
be called asynchronously to process the result.
To initiate a web service call, the general structure of the code is shown below. The
format of the SOAP request message depends on the web service to be called – the
test page for the web service will often show a list of methods and a sample of the
request format for each one.

var reqObj; /* Declare object to use for request, at global level */

/* ... within a function */

function (...etc...)
{
/* ... other code ... */
reqObj = new XMLHttpRequest;
reqObj.open("POST", strSvrName);
reqObj.setRequestHeader("SOAPAction",
"http://opcfoundation.org/webservices/XMLDA/1.0/methodname");
reqObj.setRequestHeader("Content-Type", "text/xml; charset=utf-8");

/* Must set a function to be called when results are ready */

reqObj.onreadystatechange = resultfunctionname;

// Prepare request message

var strReq = '<?xml version="1.0" encoding="utf-8"?>'
+ '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
+ '<soap:Body>'
+ 'data here depends on the parameters to the method'
+ '</soap:Body>'
+ '</soap:Envelope>';

reqObj.send(strReq); /* Transmit request */

/* ... other code ... */

} /* ... end of function ... */

© Mitsubishi Electric 43
MX OPC Server XML-DA configuration

Once the request has been processed by the server, the data will be returned
through a call to the function specified in the ‘onreadystatechange’ element of the
request structure. The code to process these typically takes the form below, with a
check to see if the call has completed (as the function will also be called for other
changes in request state such as ‘transmitting’, ‘waiting for response’ etc.). If so, the
result code can be checked to see if the request succeeded. Finally, the XML data in
the ‘.responseXML’ element of the request object can be processed to find the
results. The ‘.responseText’ element shows the text of the returned message, which
can be useful for debugging.

/* Function called when soap result is returned */

function resultfunctionname()
{
/* Check if status is 'result received' */
if (reqObj.readyState == 4)
{
/* Check success */
if (reqObj.status == 200)
{
/* Successful call, can process response message */
/* ... code to process XML results goes here ... */
/* ... ‘reqObj.responseXML’ contains the response message ... */
}
else
{
/* Error, show details in status bar */
window.status = "GetStatus() failed error " + reqObj.status
+ " (" + reqObj.statusText + ")";
}

/* Display results */
document.getElementById("StatusResult").innerHTML = strOut;

} /* End if result available */

} /* End function GetServerStatusResult() */

The ‘responseXML’ element of the request object will contain the XML message
returned from the server. The exact message format depends on the method called,
and there will be an example of this in the test page of the web service itself. The
relevant data can be extracted by traversing the hierarchy of XML data. Some
examples are shown below for the ‘GetStatus()’ and ‘Read()’ methods.

/* Example of extracting data from the ‘GetStatus()’ method */

var resResponse =reqObj.responseXML.getElementsByTagName("GetStatusResponse");
var resStatus = resResponse[0].getElementsByTagName("GetStatusResult")[0]
.getAttribute("ServerState");
var resVendor = resResponse[0].getElementsByTagName("VendorInfo")[0].text;

© Mitsubishi Electric 44
MX OPC Server XML-DA configuration

/* Example of extracting data from the ‘Read()’ method */

var resResp = reqObj.responseXML.getElementsByTagName("ReadResponse");
var resList = resResp[0].getElementsByTagName("RItemList");
/* Check for 'no items' (subscription polling may return this) */
if (resList.length > 0)
{
var resElems = resList[0].getElementsByTagName("Items");
for (i = 0; i < resElems.length; i++)
{
/* Recover client item handle */
var strHandle = resElems[i].getAttribute("ClientItemHandle");
var resVal = resElems[i].getElementsByTagName("Value");

/* Get type/value (value may have several nodes, combine as list) */

var datavalue = "";
for (l = 0; l < resVal[0].childNodes.length; l++)
{
if (datavalue != "")
{
datavalue += ", ";
}
datavalue += resVal[0].childNodes.item(l).text;
}

var datatype = resVal[0].getAttribute("xsi:type");

/* ... do something with datatype and datavalue here ... */

} /* End for (items read) */

6.1.2 Updating parts of the web page dynamically

One simple way to update part of a web page without reloading is to use a ‘<div>’
tag, which has an ‘innerHTML’ property that can be dynamically replaced with new
HTML content to update the page. This is the method used in the example code.

In the definition of the web page, each ‘<div>’ tag can be given an ID:
<div id="Result">&nbsp;</div>

In script, the content can then be replaced with code such as:
document.getElementById("Result").innerHTML = "<p>Ready</p>";

© Mitsubishi Electric 45
MX OPC Server XML-DA configuration

6.1.3 Sample application structure

As the sample application is already available as a whole on the CD, the code will not
be duplicated here. Instead, this section will summarize the structure of the sample
application and how it works.

Feature Function / Variable Description

Shared arrTagList Stores a list of tags returned by hierarchical
code browsing, for use by other operations.
MakeTag() Creates a tag object for addition to arrTagList.
GetStatus GetServerStatus() Reads OPC server status with GetStatus().
GetServerStatus Result function for the GetStatus() operation.
Result() Processes the result message and displays
key data.
Browsing arrBrowseQueue Since XML-DA browsing only returns one level
at a time, a single browse call cannot fetch the
whole tag hierarchy. To get round this, a
queue of browse requests is defined. When an
item with child nodes is found by a Browse()
call, it is pushed on the queue. After all items
are processed, another Browse() call is made
for the next item in the queue. When the
queue is empty, there are no more nodes to
‘expand’ (browse).
MakeBrowse Create an object to add to the browse queue.
Request()
StartBrowse() Initiates a browse of the whole tag hierarchy
by adding the top-level (empty ItemPath) item
to the queue and calling StartBrowseSub().
StartBrowseSub() If there is anything in the browse queue, it
removes the next item from the queue and
initiates a Browse() call to process it. When
the queue is empty, the browse operation is
treated as complete.
BrowseResult() Called when a Browse() request returns data.
Items with child nodes are added to the
hierarchy ‘tree’ using placeholder ‘<div>’ tags
that can be filled in later, and pushed onto the
browse queue. Details of readable items are
added to the arrTagList array for use by other
calls. When all items have been processed,
‘StartBrowseSub()’ is called to process
anything left in the queue. Items are given
additional script code to call ‘StartWrite()’
when they are clicked.

© Mitsubishi Electric 46
MX OPC Server XML-DA configuration

Feature Function / Variable Description

Reading ProcessRead Updates the hierarchy ‘tree’ with data received
Data() from a Read() or SubscriptionPolledRefresh()
operation, by replacing the contents of the
‘<div>’ placeholder for the value of the tag,
located using its stored id.
ReadResult() Deals with the return message from a Read()
call by passing it to ProcessReadData().
StartRead() Initiates a ‘Read()’ call using the tag list
provided by the Browse() operation.
Writing StartWrite() Prompts the user for the value to write, then
looks up the data type for the tag in arrTagList
if there has been a previous ‘Read()’ or
‘SubscriptionPolledRefresh()’ call. Starts a
write operation using the data and type
(defaulting to ‘short’ if the type is not known).
WriteResult() Processes the return message from a ‘Write()’
call, checking for write errors.
Subscribing strSvrSub Stores the ‘subscription handle’ returned by
the server, which is needed to read or cancel
the subscribed data.
StartSubscribe() Calls the ‘Subscribe()’ method to subscribe to
updates for the tag list returned by the
‘Browse()’ operation.
SubscribeResult() Called with the result from ‘Subscribe()’.
Checks for errors then stores the returned
subscription handle. Sets up the browse timer
if successful.
SubscribeTimer() Called on a timer after subscribing, to initiate
SubscriptionPolledRefresh() calls regularly.
SubscribePoll Called when a SubscriptionPolledRefresh()
Result() call returns data, and processes it with the
ProcessReadData() function to display the
new values in the hierarchy ‘tree’.
CancelSubscribe() Cancels the current subscription using the
SubscribeCancel() call and stops the timer.
SubscribeCancel Called with the result of a SubscribeCancel()
Result() operation. Displays a confirmation message.

© Mitsubishi Electric 47
MX OPC Server XML-DA configuration

7 Troubleshooting

7.1 Problems and solutions

This section will describe possible solutions to some of the problems that may occur
when configuring XML-DA.

Problem: When connecting to the XML-DA server from a web browser, IIS reports
error 500.
Solution: 1) Check that the virtual directory is set up correctly and points to the
location where the web service wrapper was installed.
2) Check the ‘virtual directory’ properties in IIS to make sure that the
correct user access has been configured for the directory. To do this,
go to ‘Start -> [Settings] -> Control Panel ->
[Performance and maintenance] -> Administrative Tools ->
Internet Information Services [XP] or Internet services manager
[Win2K]’. Expand the tree in the left hand pane to find the name of
your computer, then ‘Web sites’ and then the default web site (or the
site in which XML-DA is configured, if this is different). Expand the
web site entry, then find the virtual directory which was configured
earlier (‘xmlda’ in the example). Right click on this and select
‘Properties’, then switch to the ‘Directory security’ tab. In the
‘Anonymous access and authentication control’ frame, click ‘Edit’. The
setting in this dialog is usually ‘Anonymous access’ with the default
IIS user name ‘IUSR_(COMPUTER)’.

Problem: When attempting to open a .asmx page, the page is not shown and
instead there is a prompt to open or save the .asmx file.
Solution: ASP.NET may not be correctly registered with Internet Information
Server. Follow the instruction in section 4.2.1 on page 7 to fix this.

Problem: Although the test web page shows correctly from Internet Explorer, the
XML-DA service still does not work from client applications.
Solution: 1) Make sure that the user account used for the web service has
sufficient access rights to start and use the OPC server. Check the
event log for error messages (see next section). If you are using
XP service pack 2, make sure that the DCOM ‘Edit limits’ settings are
not overriding the account settings.
2) Check that the web service .asmx file matches the ‘progID’ of the
server (i.e. ‘Mitsubishi.MXOPC.5’ or ‘Mitsubishi.MXOPC’) if no config
file is used. If there is a .config file to match the .asmx file, check that
its settings refer to the correct computer name and ‘progID’.

© Mitsubishi Electric 48
MX OPC Server XML-DA configuration

Problem: XML-DA connection works on the local PC, but not from another PC.
Solution: 1) Check that there is a working network connection between the PCs.
2) Check the firewall settings to make sure that the port number you are
using for the server (the default is 80 ‘HTTP’) is not being blocked,
either on the server PC or the client PC.

Problem: Reading items returns error ‘E_UNKNOWNITEMPATH’.

Solution: Ensure that the ‘ItemPath’ parameter is set to “” (empty string) if not
used. It can no longer be left to take the default value.

Problem: Other general issues

Solution: Try restarting Internet Information Server. To do this, run the IIS
configuration tool from:
Start -> [Settings] -> Control Panel ->
[Performance and Maintenance ->] Administrative Tools ->
Internet Information Services [XP] or Internet services manager
[Win2K]
The ‘Settings’ part is only needed on Windows 2000, and the
‘Performance and Maintenance’ part will only be present on XP if
control panel is set up to display in ‘Category view’ instead of
‘Classic view’.
In the dialog that appears, find your computer name in the list, then right
click on it and select ‘Restart IIS…’ (on Windows 2000) or ‘All tasks ->
Restart IIS’ (on XP, as in the picture below).

If restarting IIS does not solve the problem, try restarting your
computer.

© Mitsubishi Electric 49
MX OPC Server XML-DA configuration

7.2 Using event viewer for troubleshooting

When XML-DA is not working as expected, it is often possible to get additional
diagnostic information from the Windows event logs. To start the event viewer, select
‘Start->Run’ and enter ‘eventvwr’ before clicking ‘OK’. Check each of the available
logs (Application, Security, etc.) for error or warning messages that occurred around
the time that XML-DA or DCOM access was being attempted.
Some example errors are shown in the table below.
Source Description Notes
DCOM The machine-default permission Messages similar to this suggest that the
settings do not grant Local Activation web service may be running as a user
permission for the COM Server without sufficient COM access rights to
application with CLSID (CLSID) to the start or access the OPC server.
user (USER). This security
permission can be modified using the Either use a different user account, or
Component Services administrative assign OPC rights to the account as
tool. described in section 4.7 on page 17

DCOM DCOM was unable to communicate
with the computer (COMPUTER)
using any of the configured protocols.
W3SVC The server was unable to logon the
Windows NT account '(ACCOUNT)'
due to the following error: Logon
failure: user account restriction.
Possible reasons are blank
passwords not allowed, logon hour
restrictions, or a policy restriction has
been enforced. The data is the error
code.
If you are using a remote DCOM
connection, the target computer could not
be accessed. There may be a problem
with the DCOM or security configuration,
or a problem with the network connection
or routing between the two computers. It
may just be that the computer name has
been mistyped.
Also remember that DCOM cannot cross
network address translation (NAT)
boundaries and can be stopped by
certain network switches and routers.
IIS could not use the specified account
due to policy restrictions (e.g. ‘Accounts:
Limit local account use of blank
passwords to console logon only’).
Find the affected policy and either comply
with it (in the above example, set a
non-blank password) or if it is permitted
by your security standards and
reasonable to do so, relax the policy
using the Group policy editor
(gpedit.msc).

© Mitsubishi Electric 50