Foxboro™ DCS

Control Core Services v9.6 Software

Installation Guide

*B0700TK* *C*

B0700TK, Rev C

October 2022

https://www.se.com
Legal Information
The Schneider Electric brand and any trademarks of Schneider Electric SE and its
subsidiaries referred to in this guide are the property of Schneider Electric SE or its
subsidiaries. All other brands may be trademarks of their respective owners.
This guide and its content are protected under applicable copyright laws and furnished
for informational use only. No part of this guide may be reproduced or transmitted in
any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), for any purpose, without the prior written permission of Schneider Electric.
Schneider Electric does not grant any right or license for commercial use of the guide
or its content, except for a non-exclusive and personal license to consult it on an "as is"
basis. Schneider Electric products and equipment should be installed, operated,
serviced, and maintained only by qualified personnel.
As standards, specifications, and designs change from time to time, information
contained in this guide may be subject to change without notice.
To the extent permitted by applicable law, no responsibility or liability is assumed by
Schneider Electric and its subsidiaries for any errors or omissions in the informational
content of this material or consequences arising out of or resulting from the use of the
information contained herein.

This document contains standardized industry terms that some customers might find
insensitive or offensive. These terms do not reflect the official policy or position of
Schneider Electric.
 Control Core Services v9.6 Software Installation Guide

Table of Contents
Preface .............................................................................................................10
Revision Information.......................................................................................10
Related Documents........................................................................................10
Schneider Electric Products Mentioned in this Document .................................. 11
Global Customer Support ...............................................................................12
We Welcome Your Comments.........................................................................12
Chapter 1: Planning Your Installation ..........................................................13
Available Starting Points for Preparing Your Existing Station for the Control
Core Services v9.6 Installation ........................................................................13
Starting Points For Existing On-Control Network Domain Controllers............13
Starting Point For Existing Off-Control Network Domain Controllers..............14
Starting Point For Existing Domain Clients or Enterprise Edition
Stations ...................................................................................................14
Current Software Installation Concepts ............................................................14
Overview of Supported Software Installations...................................................15
Using this Installation Guide............................................................................16
Determining Hardware Requirements ..............................................................16
Pre-Installation System Backup.......................................................................17
System Configuration and Creating Commit Installation Media ..........................18
Control Core Services v9.6 Documentation ......................................................19
Hardware and Software Specific Instruction Documents ..............................19
Workstation Specific Operating System Media .................................................19
Control Core Services v9.6 Media ...................................................................20
Pre-Installation Tasks .....................................................................................20
Chapter 2: Installing Local Edition Control Core Services v9.6 Day
0 ........................................................................................................................21
Preparing the Workstation or Server ................................................................21
Changing the Station Name ............................................................................22
Preparing Network Interface Cards (NICs) for Installation ..................................22
Exiting During Software Installation .................................................................23
Installing CCS Software ..................................................................................24
Installing the Control Core Services v9.6 Trailer Media (If Provided) .............33
Restarting Your System ............................................................................34
Installing Optional Software ............................................................................34
Setting Date and Time ....................................................................................34
Connecting Remote Desktop to Local Edition Clients ........................................34
Chapter 3: Installing Enterprise Edition Control Core Services v9.6
on Domain Controllers ...................................................................................36
Determining the Installation Scenario For Your CCS System .............................36
Installation Scenarios................................................................................39
Additional Scenarios .................................................................................41
Services Available from Schneider Electric .................................................41

B0700TK, Rev C 3
Control Core Services v9.6 Software Installation Guide

Chapter 4: Installing Enterprise Edition Control Core Services v9.6

on New Primary Domain Controllers on The Control Network ................42
Preparing the Server ......................................................................................42
Notes on Installing Control Core Services ........................................................43
Changing the Station Name ............................................................................44
Preparing Network Interface Cards (NICs) for Installation ..................................44
Installing Control Core Services Software ........................................................45
Restarting Your VM Server ........................................................................58
Primary Domain Controller Post-Installation Procedures ...................................59
Changing Passwords................................................................................59
Creating Users in Active Directory..............................................................59
Chapter 5: Installing Enterprise Edition Control Core Services v9.6
on New Secondary Domain Controllers on The Control
Network ............................................................................................................66
Preparing the SDC Server ..............................................................................66
Important Information on Installing Control Core Services..................................67
Changing the Station Name ............................................................................68
Preparing Network Interface Cards (NICs) for Installation ..................................68
Installing CCS Software on SDC Server...........................................................69
Installing the Control Core Services v9.6 Trailer Media (If Provided) .............84
Restarting Your VM Server..............................................................................85
Installing Additional Optional Software .............................................................85
Secondary Domain Controller Post-Installation Procedures ...............................85
Changing Passwords................................................................................85
Backing Up Active Directory ............................................................................86
Continuing Installation ....................................................................................86
Chapter 6: Installing Enterprise Edition Control Core Services v9.6
for New Off-Control Network Domain Controllers......................................87
Off-Control Network Primary Domain Controllers ..............................................87
Preparing the PDC Server.........................................................................88
Notes on Installing Control Core Services on PDC ......................................89
Installing CCS Software on PDC................................................................89
Installing Additional Optional Software ..................................................... 101
Primary Domain Controller Post-Installation Procedures............................ 102
Off-Control Network Secondary Domain Controllers........................................ 109
Preparing the SDC Server....................................................................... 110
Notes on Installing Control Core Services on SDC .................................... 111
Installing CCS Software on SDC.............................................................. 111
Installing Additional Optional Software ..................................................... 128
Secondary Domain Controller Post-Installation Procedures ....................... 129
Finishing Post-Installation ....................................................................... 131
Chapter 7: Installing Enterprise Edition Control Core Services v9.6
for Existing Off-Control Network Primary Domain Controllers ............... 132
Notes on Installing Control Core Services ...................................................... 132
Installing CCS Software for this Configuration ................................................ 133
Restarting Your VM Server............................................................................ 139

4 B0700TK, Rev C
 Control Core Services v9.6 Software Installation Guide

Primary Domain Controller Post-Installation Procedures ................................. 139

Creating Users in Active Directory............................................................ 139
Adding Foxboro Stations to Active Directory Post-Installation..................... 146
Tombstone Lifetime Attribute in Active Directory........................................ 148
Backing Up Active Directory .......................................................................... 148
Finishing Post-Installation ............................................................................. 148
Chapter 8: Installing Enterprise Edition Control Core Services v9.6
for Domain Clients ........................................................................................ 149
Preparing the Workstation or Server .............................................................. 149
Notes on Installing Control Core Services on Domain Clients........................... 150
Changing the Station Name .......................................................................... 150
Installing CCS Software for Domain Clients On-Control Network...................... 150
Installing CCS Software for Domain Clients Off-Control Network...................... 164
Completing the Domain Client Installation ...................................................... 180
Restarting Your Domain Client................................................................. 180
Installing Additional Optional Software ..................................................... 180
Setting Date and Time on Domain Client .................................................. 181
Finishing Post-Installation for Domain Clients ................................................. 181
Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 ................................................................................................................. 182
Updating the Commit Media.......................................................................... 182
Generating Reconcile Media ................................................................... 182
Upgrading Off-Control Network PDC or Existing Corporate PDC Running
CCS v9.4 to CCS v9.5 .................................................................................. 185
Upgrading Off-Control Network PDC or Existing Corporate PDC Running
CCS v9.5 to CCS v9.6 .................................................................................. 185
Performing Day 1 Operations for Off-Control Network PDC or Existing
Corporate PDC Running CCS v9.5 .......................................................... 186
Upgrading On-Control Network PDC Running CCS v9.4 to CCS v9.5............... 189
Upgrading On-Control Network PDC Running CCS v9.5 to CCS v9.6............... 189
Performing Day 1 Operations for On-Control Network PDC Running CCS
v9.5 ....................................................................................................... 190
Performing Release Update Operations for On-Control Network PDC
Running CCS v9.5.................................................................................. 195
Upgrading Domain Client, Local Edition and On-Control Network SDC
Workstations Running CCS v9.4 or v9.5 ........................................................ 198
Performing Day 1 Operations on Domain Client, Local Edition and On-
Control Network SDC Workstations Running CCS v9.4 or v9.5 .................. 198
Performing Release Update Operations on Domain Client, Local Edition
and On-Control Network SDC Workstations Running CCS v9.4 or
v9.5 ....................................................................................................... 204
Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing .................................................................................. 208
Updating the Commit Media.......................................................................... 208
Generating Reconcile Media ......................................................................... 208
Updating Off-Control Network PDC Running CCS v9.6 ................................... 210

B0700TK, Rev C 5
Control Core Services v9.6 Software Installation Guide

Performing Day 1 Operations for Off-Control Network PDC Running CCS

v9.6 ....................................................................................................... 211
Updating On-Control Network PDC/SDC Running CCS v9.6 ........................... 214
Performing Day 1 Operations for On-Control Network PDC Running CCS
v9.6 ....................................................................................................... 215
Performing Repair Operations for On-Control Network PDC Running
CCS v9.6 ............................................................................................... 218
Performing Day 1 Operations for On-Control Network SDC Running CCS
v9.6 ....................................................................................................... 220
Performing Repair Operations for On-Control Network SDC Running
CCS v9.6 ............................................................................................... 223
Updating an Existing Corporate PDC Running CCS v9.6................................. 225
Performing Day 1 Operations for an Existing Corporate PDC Running
CCS v9.6 ............................................................................................... 225
Updating Domain Clients or Local Edition Workstations Running CCS
v9.6............................................................................................................. 227
Performing Day 1 Operations on a Domain Client or Local Edition
Workstation Running CCS v9.6 ............................................................... 227
Performing Repair Operations on a Domain Client Running CCS
v9.6 ....................................................................................................... 232
Displaying the Correct Status ........................................................................ 236
Chapter 11: Post-Installation and Migration ............................................. 237
Restoring the CSA Database ........................................................................ 237
Configuring Display Color Settings ................................................................ 237
Updating FCP270s, ZCP270s, FCP280s, and ATS Images ............................. 237
Performing EEPROM Updates ...................................................................... 238
Backing Up Hard Disks ................................................................................. 238
Reconciling the Configuration........................................................................ 238
Alarm Manager Multi-Head Video Configurations............................................ 238
Other Migration Considerations ..................................................................... 239
Control Processor 270 and FCP280 Upgrade Recommendation ................ 239
Migrating a FCP270 or ZCP270 Control Database from a System with I/A
Series Software v8.6 or Earlier ................................................................ 239
Updating Sequence Block Code after Migration to a New Operating
System or NutCracker Version................................................................. 240
General Considerations .......................................................................... 242
HLBL Code ............................................................................................ 243
SFC Code.............................................................................................. 250
Migrating a Control Database to an FCP280, FCP270, or ZCP270................... 252
Validating FCM100E and FCM100Et Settings (ZCP270 Only).......................... 252
Appendix A: Startup Options ...................................................................... 253
Appendix B: Changing the Station Name ................................................. 254
Appendix C: Control Network Configurator .............................................. 256
Selecting NICs ............................................................................................. 256
Post Day 0 Operations.................................................................................. 258
Changing the IP Address of the Off-Control Network NIC................................. 259
Identifying Cable A and Cable B .................................................................... 259

6 B0700TK, Rev C
 Control Core Services v9.6 Software Installation Guide

Appendix D: Troubleshooting ..................................................................... 260

Setting Time Correctly Software Installation Cannot Continue After Reboot
(SDC or Domain Client) ................................................................................ 260
System Message During NIC Binding ............................................................ 261
Appendix E: SNMP Community String Configuration (SNMPv1
Only) ............................................................................................................... 263
Configuring the SNMP Service ...................................................................... 263
Configuring the Server Manager Configuration File ......................................... 264
Community String Recommendation.............................................................. 265
Appendix F: Telnet Installation.................................................................... 266
Installing Telnet on Workstations with Windows 10 Operating System .............. 266
Installing Telnet on Servers with Windows Server 2016 Standard Operating
System........................................................................................................ 266
Appendix G: Printer Sharing ....................................................................... 269
Turning On the Windows Firewall Service ...................................................... 269
Turning Off the Windows Firewall Service ...................................................... 269
Sharing a Printer .......................................................................................... 270
Connecting to a Shared Printer on Another Control Core Services
Station ........................................................................................................ 271
Appendix H: Installing Optional Software ................................................. 273
Appendix I: InBatch/Batch Management Installation on Windows 10
and Windows Server 2016 .......................................................................... 274
Additional Steps When Installing Batch Software on Foxboro DCS................... 274
Modifying Domain Policy for Enterprise Edition CCS v9.6................................ 275
Modifying Local Policies for Local Edition CCS v9.6 ........................................ 278
Appendix J: Files to Back Up or Restore .................................................. 282
Saving Files................................................................................................. 282
Files to Back Up or Restore for Day 0 Migration .............................................. 282
CNI Files................................................................................................ 282
Application Databases ............................................................................ 282
Display-Related Files.............................................................................. 283
System-Related Files.............................................................................. 284
Backing Up and Restoring Compound Summary Access (CSA) ................. 284
Appendix K: Control Core Services Local Account Management
Application ..................................................................................................... 287
Local Administrator Login on Windows 10 or Windows Server 2016
Stations....................................................................................................... 287
Renaming Account1 on Windows 10 or Windows Server 2016................... 287
Change Passwords ...................................................................................... 288
Renaming Accounts ..................................................................................... 292
Configuring SNMPv3 Key Field ..................................................................... 293
Storing the SNMPv3 Key......................................................................... 293
Mandatory System Restart............................................................................ 294
Appendix L: Day 0 Installation of Pre-CCS v9.5 Clients on a System
with a PDC Installed with Enterprise Edition CCS v9.5 or v9.6 ............. 295

B0700TK, Rev C 7
Control Core Services v9.6 Software Installation Guide

Day 0 Installation of Pre-Control Core Services v9.5 Clients ............................ 295

Post-Day 0 Installation of Pre-Control Core Services v9.5 Clients .................... 297
Appendix M: Linking Custom GPOs to Any of the Foxboro Control
Core Services or Control Software Specific OUs .................................... 299
Custom GPO Linking Order Examples ........................................................... 300
Example 1 - Correct (Most Common) ....................................................... 300
Example 2 - Correct................................................................................ 301
Example 3 - Correct................................................................................ 301
Example 4 - Incorrect.............................................................................. 302
Example 5 - Correct (Example of a Scenario where CCS v9.4 PDC
having Custom GPOs is Upgraded to CCS v9.5)....................................... 302
Appendix N: Security by Local Group Policies ......................................... 304
Importing Windows 10 Local Group Policy Settings......................................... 304
Importing Windows Server 2016 Local Group Policy Settings to H90 or
VM .............................................................................................................. 304
Importing Windows Server 2016 Local Group Policy Settings to V91
Host ............................................................................................................ 305
Glossary ......................................................................................................... 306

8 B0700TK, Rev C
Important Safety Instructions Control Core Services v9.6 Software Installation Guide

Important Safety Instructions

Read these instructions carefully and look at the equipment to become familiar with it
before trying to install, operate, service, or maintain it. The following safety messages
might appear throughout this manual or on the equipment to warn of potential hazards
or to call attention to information that clarifies or simplifies a procedure.

The addition of this symbol to a “Danger” or “Warning” safety message

indicates that an electrical hazard exists that results in personal injury if
the instructions are not followed.

This safety alert symbol that lets you know about potential personal
injury hazards. Obey all safety messages with this symbol to avoid
possible injury or death.

DANGER
DANGER indicates a hazardous situation which, if not avoided, will result in death
or serious injury.
Failure to follow these instructions will result in death or serious injury.

WARNING
WARNING indicates a hazardous situation that, if not avoided, could result in
death or serious injury.
Failure to follow these instructions can result in death, serious injury, or
equipment damage.

CAUTION
CAUTION indicates a hazardous situation that, if not avoided, could result in
minor or moderate injury.
Failure to follow these instructions can result in injury or equipment damage.

NOTICE
NOTICE is used to address practices not related to physical injury.
Failure to follow these instructions can result in equipment damage.

Please Note
Electrical equipment should only be installed, operated, serviced, and maintained by
qualified personnel. No responsibility is assumed by Schneider Electric for any
consequences arising out of the use of this material.
A qualified person is one who has skills and knowledge related to the construction,
installation, and operation of electrical equipment and has received safety training to
recognize and avoid the hazards involved.

B0700TK, Rev C 9
Control Core Services v9.6 Software Installation Guide Preface

Preface
Control Core Services v9.6 is a Day 0 installation. It delivers optional enhanced
cybersecurity features for the Foxboro DCS system that facilitates meeting client and
government specifications, for example, North American Electric Reliability
Corporation (NERC) standards. Control Core Services v9.6 can be installed on
supported Windows workstations and servers. Control Core Services software is not
supported on Solaris stations.
During a Day 0 software installation, you have an option of choosing to install the
Enterprise Edition Control Core Services v9.6, which needs Microsoft Active
Directory® network services, or Local Edition Control Core Services v9.6. Depending
on your environment, you might not be able to take advantage of Enterprise Edition
Control Core Services v9.6, for example, if you need to allow an older third-party
application to run that has not been rewritten to work in the Enterprise environment.

Revision Information
The changes in this release of the document are:

Chapter 4 • Added note to the DOS window command prompt that appears
while the Active Directory is being installed in Installing Control
Core Services Software, page 45.
Chapter 6 • Added note to the DOS window command prompt that appears
while the Active Directory is being installed in Continuing the
PDC Installation, page 90.
Chapter 7 • Added note to the DOS window command prompt that appears
while the Active Directory is being installed in Installing CCS
Software for this Configuration, page 133.

Related Documents
• Address Translation Station User’s Guide (B0700BP)
• Control Core Services v9.6 Release Notes (B0700TL)
• Control Network Architecture Guide (B0700AZ)
• Control Network Interface (CNI) User's Guide (B0700GE)
• Control Processor 270 (CP270) On-Line Image Update (B0700BY)
• Control Software Installation Guide (B0750RA)
• Control Software v7.4 Release Notes (B0750SY)
• FERRET User's Guide (B0860BU)
• FERRET Installation and Release Notes (B0860RU)
• Field Control Processor 270 (FCP270) Sizing Guidelines and Excel Workbook
(B0700AV)
• Field Control Processor 280 (FCP280) User’s Guide (B0700FW)
• Field Control Processor 280 (FCP280) On-Line Image Update (B0700FX)
• Field Control Processor 280 (FCP280) Sizing Guidelines and Excel Workbook
User’s Guide (B0700FY)
• Field Device Control 280 (FDC280) User's Guide (B0700GQ)

10 B0700TK, Rev C
Preface Control Core Services v9.6 Software Installation Guide

• Foxboro DCS Security Implementation Guide (B0700HM)

• FoxView™ and FoxDraw™ Software V10.6.1 Release Notes (B0700TE)
• H92 EcoStruxure™ Foxboro™ DCS Standard Workstation (HP Z420) Windows 10
Enterprise 2016 LTSB User’s Guide (B0700HB)
• H92 Standard Workstation (HP Z440) User’s Guide (B0700HA)
• Hardware and Software Specific Instructions for Model H90 (HP DL380 Gen9)
Windows Server 2016 Operating System (B0700GZ)
• Hardware Configuration User’s Guide (B0750BB)
• I/A Series System Configuration Component (IACC) User's Guide (B0700FE)
• McAfee ENS 10.7 and ePO 5.10 Installation Guide (B0700WK)
• Model H90 (HP DL380 Gen10) for Windows Server 2016 User’s Guide
(B0700HP)
• Model H92 (HP Z4) Standard Workstation User’s Guide (B0700HV)
• Model V91 Server Virtualization Host (HP DL380 Gen9) for Windows Server 2016
User's Guide (B0700HE)
• Model V91 Virtualization Host Server (HP DL380 Gen10) for Windows Server
2016 User’s Guide (B0700HQ)
• Procedure for Workstation Upgrade without Control Processor (CP) Reboot
(B0860CP)
• System Definition User’s Guide (B0193WQ)
• System Definition V3.6 Release Notes (B0700TG)
• System Manager User’s Guide (B0750AP)
• System Manager V2.15 Release Notes (B0750RS)
• Time Synchronization User’s Guide (B0700AQ)
• Veritas System Recovery 18 User’s Guide (B0700HS)
• Veritas System Recovery 2016 Desktop, Server and Virtual Editions User’s
Guide (B0700HH)
• Virtualization for Windows Server 2016 User’s Guide (B0700HD)
• Z-Module Control Processor 270 (ZCP270) Sizing Guidelines and Excel
Workbook (B0700AW)
Find the latest version of these documents on the Global Customer Support website.

Schneider Electric Products Mentioned in this Document

EcoStruxure™ Foxboro™ DCS
EcoStruxure™ Foxboro™ DCS Control Core Services
EcoStruxure™ Foxboro™ DCS Control Editors
EcoStruxure™ Foxboro™ DCS Control HMI
EcoStruxure™ Foxboro™ DCS Control Network
EcoStruxure™ Foxboro™ DCS Control Software
EcoStruxure™ Foxboro™ DCS FoxView/FoxDraw
EcoStruxure™ Foxboro™ DCS System Definition
EcoStruxure™ Foxboro™ DCS System Manager

B0700TK, Rev C 11
Control Core Services v9.6 Software Installation Guide Preface

Global Customer Support

For support, visit https://pasupport.schneider-electric.com (registration required).

We Welcome Your Comments

To help us improve documentation, we want to know about any corrections,
clarifications, or further information you would find useful. Send us an email at
[email protected].
This email address is only for documentation feedback. If you have a technical
problem or question, contact Global Customer Support.

12 B0700TK, Rev C
Chapter 1: Planning Your Installation Control Core Services v9.6 Software Installation Guide

Chapter 1: Planning Your Installation

You must have the hardware and media kits described in this chapter. Before you
install the Local Edition and Enterprise Edition EcoStruxure Foxboro DCS Control
Core Services v9.6 on supported Schneider Electric stations (workstations, servers,
and domain controllers) running these operating systems:
• Windows® 10
• Windows Server® 2016 Standard
This chapter also discusses:
• How to use this installation guide
• Overview of the types of software installations supported by this release
• System configuration and creating the Commit installation media
• Pre-installation system backup
• How to acquire documentation for the Control Core Services v9.6
• Media upgrade kits for supported hardware
• Installation media for Control Core Services v9.6
In this document, the term “workstation” refers to both desktop workstations and
servers in a Control Core Services system.

Available Starting Points for Preparing Your Existing Station

for the Control Core Services v9.6 Installation
Starting Points For Existing On-Control Network Domain
Controllers
Foxboro DCS Control Core Services v9.6 Installation does not support a direct
migration of Active Directory settings.
If starting from an Active Directory installation that is pre-CCS v9.4, it is necessary to
first upgrade the domain controller to v9.4 according to the documentation provided in
the Control Core Services 9.4 Software Installation Guide (B0700SX). When the PDC
is at CCS v9.4, it can then be updated to v9.5 according to the documentation
provided in the Control Core Services 9.5 Software Installation Guide (B0700TC).
If starting from an Active Directory installation that is CCS v9.4, it is necessary to first
upgrade the domain controller to v9.5 according to the documentation provided in the
Control Core Services 9.5 Software Installation Guide (B0700TC).
There have been no changes to Active Directory policies in CCS v9.6. When an On-
Control Network PDC is at CCS v9.5, it can then be updated to v9.6 according to the
standard installation procedures which do not involve any special migration steps.
This can be performed as a Day 1 (if configuration changes have been made in
System Definition) or as a Release Update. Always update the PDC station first,
before any domain clients are updated.
For On-Control Network Secondary Domain Controllers (SDC), perform a Release
Update or Day 1 similar to the steps used on a domain client.

B0700TK, Rev C 13
Control Core Services v9.6 Software Installation Guide Chapter 1: Planning Your Installation

Starting Point For Existing Off-Control Network Domain Controllers

Foxboro DCS Control Core Services v9.6 Installation does not support a direct
migration of Active Directory settings.
If starting from an Active Directory installation that is pre-CCS v9.4, first upgrade the
domain controller to v9.4 according to the documentation provided in the Control Core
Services 9.4 Software Installation Guide (B0700SX). When the PDC is at CCS v9.4, it
can then be updated to v9.5 according to the documentation provided in the Control
Core Services 9.5 Software Installation Guide (B0700TC).
If starting from an Active Directory installation that is CCS v9.4, it is necessary to first
upgrade the domain controller to v9.5 according to the documentation provided in the
Control Core Services 9.5 Software Installation Guide (B0700TC).
There have been no changes to Active Directory policies in CCS v9.6. When an Off-
Control Network PDC is at v9.5, the only supported action is a Day 1 operation which
is only needed if new workstations have been added to the system and thus are
needed to be added to the list of computers in Active Directory Users and Computers.

Starting Point For Existing Domain Clients or Enterprise Edition

Stations
For domain clients or for Enterprise Edition stations, perform a Release Update or
Day 1 installation from either CCS v9.4 or v9.5 to v9.6, after the PDC has been first
updated to CCS v9.6.

Current Software Installation Concepts

Starting with I/A Series software v8.8, the concept of installation changed from a
granular model to a more comprehensive model. Be advised this chapter refers to
installation on a new workstation/server, rather than an upgrade to an existing
Foxboro DCS or I/A Series software installation.
I/A Series software v8.7 and earlier had the concept of “selected package installation”,
which allowed each software package that was part of the I/A Series software to be
installed separately - for example, each package might be on a separate diskette, and
only the diskettes you wanted installed on a workstation/server would need to be
provided during the installation.
In I/A Series software v8.8 and Foxboro DCS Control Core Services v9.0 and later,
the installation process is more automated, providing more flexibility to allow the
appropriate system configuration application to determine which packages are
required for a workstation/server. Typically, the process works as such:
• The Foxboro system configuration application creates Commit media that
specifies which packages are to be installed on each workstation/server.
• Every package, except the OS1FDB package, is provided on the installation
DVD. The OS1FDB has several variations, and so the appropriate variation have
to be obtained separately.
• When run, the installation application installs the appropriate packages. If there
are any Device Integrator modules configured, the OS1FDB media will be
requested individually per letterbug. A different set of OS1FDB media can be
chosen for each letterbug or this can be skipped per letterbug.
After the installation is finished, you can perform these installation tasks on the
existing Foxboro DCS or Control Core Services software:

14 B0700TK, Rev C
Chapter 1: Planning Your Installation Control Core Services v9.6 Software Installation Guide

• Perform a Day 1 operation, which adds packages or updates the software

configuration based on changes from the system configuration application. If you
skipped the installation of the OS1FDB package, you can add it with this
operation.
• Perform a Repair operation, if necessary, to add or replace files that might be
missing or corrupted. In most cases, repairs are not necessary. If a file was not
added during a software update, it can be due to either:
◦ For a binary, versioned file, a later version of the file on the workstation from a
previous patch might exist.
◦ For a non-versioned file, there might have been a change to the file since it
was last installed, resulting in the Windows Installer logic not loading the new
versions. This second case can occur with FoxView display files, as one
example, which have been modified prior to the software update.
The upgrade from Control Core Services v9.4 or v9.5 to Control Core Services v9.6 is
a Release Update with optional Day 1, which updates existing software packages and
adds support for new features. Perform a Day 1 operation on all workstations on your
system if new packages have been added to a workstation commit. This excludes
updates from pre-v9.5 Primary Domain Controller workstations which must be
updated to CCS v9.5 first.

Overview of Supported Software Installations

The Control Core Services v9.6 release supports several different types of software
installations. Understanding and selecting the appropriate installation is vital and has
to be done before beginning the Control Core Services v9.6 installation to your
workstations/servers.
• Local Edition Control Core Services installation
The Local Edition Control Core Services is for systems not requiring Microsoft®
Active Directory Domain Controllers. Control Core Services v9.6 is installed as a
Day 0 installation or as a Release Update with optional Day 1 on a station that
supports Windows 10 or Windows Server 2016 Standard.
• Enterprise Edition Control Core Services installation
Enterprise Edition Control Core Services software is used on systems that require
Microsoft® Active Directory Domain Controllers. In these systems, the
workstation clients of these domain controllers are members of an Active
Directory domain (domain clients). There are two separate categories of
Enterprise Edition installations:
◦ New Enterprise Edition Control Core Services software installations.
◦ Installation on existing systems with security enhanced I/A Series software
v8.5 through v8.8 or Control Core Services v9.0 through v9.4, or Enterprise
Edition Control Core Services v9.5. These are referred to as migrations.
If a workstation is at an older version (domain client), it can be upgraded to CCS v9.6
or it can be left at the older version and can continue to be connected to the same
domain controller. Various domain controller scenarios are supported depending on
the migration path of the PDC.
For a detailed explanation of these scenarios, see Chapter 3: Installing Enterprise
Edition Control Core Services v9.6 on Domain Controllers, page 36.

B0700TK, Rev C 15
Control Core Services v9.6 Software Installation Guide Chapter 1: Planning Your Installation

Using this Installation Guide

See these sections in this chapter to determine the appropriate workstation hardware,
software and documentation that is required for your installation:
• Determining Hardware Requirements, page 16
• Pre-Installation System Backup, page 17
• System Configuration and Creating Commit Installation Media, page 18
• Control Core Services v9.6 Documentation, page 19
• Hardware and Software Specific Instruction Documents, page 19
• Workstation Specific Operating System Media, page 19
• Control Core Services v9.6 Media, page 20
To perform an installation for a workstation or server with Local Edition Control Core
Services v9.6, proceed to Chapter 2: Installing Local Edition Control Core Services
v9.6 Day 0, page 21 and perform the procedures in this chapter.
To perform an installation for a workstation or server with Local Edition Control Core
Services v9.6 on a system already installed with Control Core Services v9.4 or v9.5,
proceed to Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to v9.6, page
182 and perform the procedures in this chapter.
To perform an installation for a workstation or server with Enterprise Edition Control
Core Services v9.6, proceed to Chapter 3: Installing Enterprise Edition Control Core
Services v9.6 on Domain Controllers, page 36, which directs you to the appropriate
chapter of this document for the installation procedures for your specific system
configuration.

Determining Hardware Requirements

Control Core Services v9.6 runs on these currently offered platforms and any later
versions of these platforms which are released.

Table 1 - Platforms Supporting Control Core Services v9.6

Station Type Platform with Multicore CPU Cores Enabled

Workstation H92 HP Z420 Workstation (Model H92, Style G/A to Style H/A)
H92 HP Z440 Workstation (Model H92, Style J/A or newer
style)
H92 HP Z4G4 Workstation (Model H92, Style S/A or newer
style)
Server H90 HP DL380 Gen9 Server(a, page 17) (Model H90, Style G/A or
newer style)
H90 HP DL380 Gen10 Server (Model H90, Style M/A or newer
style)
Virtual Machine V90 HP DL380 VM Host
Host
NOTE: The V90 HP DL380 VM Host can be upgraded to a
V91 HP DL380 Gen9 Server 2016 VM Host. Its hardware
can run Windows Server 2016 but only after it has been
upgraded to become a V91 server.
V91 HP DL380 Gen9 Server 2016 VM Host (Model V91, Style
A/A or newer style)

16 B0700TK, Rev C
Chapter 1: Planning Your Installation Control Core Services v9.6 Software Installation Guide

Table 1 - Platforms Supporting Control Core Services v9.6 (Continued)

Station Type Platform with Multicore CPU Cores Enabled

V91 HP DL380 Gen10 Server 2016 VM Host (Model V91, Style
E/ A or newer style)
(a) BIOS must be updated to version 2.22 or later before upgrading the OS. Please
download the latest qualified BIOS update from the Global Customer Support
website: (https://pasupport.schneider-electric.com/content/Security/mspatch/
mspatch.asp). This link is only accessible to registered users. First time users can
visit: https://pasupport.schneider-electric.com (registration required). Allow three
business days for validation of the application.

NOTE: Additional hardware requirements are provided in the applicable user’s

guide listed in Related Documents, page 10 and these PSSs:
• Model H90 for Windows Server 2016 Operating System (PSS 41H-4H90)
• Model H92 Workstation for Windows 10 Operating System (PSS 31H-4H92)
• V91 Virtualization Server (PSS 41H-4V91)

Pre-Installation System Backup

Before installing a system with Control Core Services v9.6, back up your existing
workstations and servers. A backup has to occur before a Day 0 installation; a fresh
Control Core Services installation that wipes out any Control Core Services or I/A
Series software installed on it previously. A Day 0 installation is needed if you have a
workstation with I/A Series software v8.8 or earlier or Control Core Services v9.0
through 9.3 and want to upgrade that station to Control Core Services v9.6.
Typically, a backup will only occur for these scenarios:
• A legacy workstation being upgraded to CCS v9.6 through a Day 0 process
where the user will have to save off databases, display files, etc. before installing
the new system. There are two subcategories to this:
◦ The legacy system has hardware that is compatible with Windows 10 or
Windows Server 2016 and will re-use the old hardware.
◦ The legacy system hardware is not compatible and will be replaced.
• For a PDC, it is recommended to backup the PDC before upgrade, but the PDC
hardware (given the PDC upgrade procedures provided) will be replaced during
the upgrade process. The old PDC can then be re-used depending on its
hardware's compatibility with the Server 2016 operating system. It could
potentially be re-used as an SDC or as a domain client. Or, if the hardware is not
compatible, it could be re-used as an older version workstation spare.
For instructions on backing up and restoring your workstations or servers, see Veritas
System Recovery 2016 Desktop, Server and Virtual Editions User’s Guide (B0700HH)
or Veritas System Recovery 18 User’s Guide (B0700HS).
NOTE: To back up the PDC and SDC domain controller pair, see “Guidelines for
Using Veritas System Recovery for Backing Up and Restoring Domain
Controllers” in Foxboro DCS Services Security Implementation Guide (B0700HM).
When you have completed the backup, install the software on each target workstation.
For a Day 0 installation, this procedure includes installing a new operating system
image on the station and performing the Day 0 installation.
If you are installing Enterprise Edition Control Core Services v9.6, install the Primary
Domain Controller (PDC) first.
After Day 0 installations, control processors need an image update, so careful
planning is needed. The On-Line Image Update (or On-Line Upgrade) procedure is

B0700TK, Rev C 17
Control Core Services v9.6 Software Installation Guide Chapter 1: Planning Your Installation

not available for Day 0 installations because the control database files (workfiles) are
lost during the Day 0 software installation. To restore the control database after a Day
0 installation, perform an Initialize and LoadAll. The on-line image update procedure is
available for future upgrades that do not involve a Day 0 installation on the host
workstation. See Field Control Processor 280 (FCP280) On-Line Image Update
(B0700FX) or Control Processor 270 (CP270) On-Line Image Update (B0700BY).

System Configuration and Creating Commit Installation

Media
The first phase of installing a system is the system configuration process, which
includes creating, importing, and/or editing a system configuration, and creating
Commit installation media (on a network drive, USB drive, etc.). Control Core Services
v9.6 system configuration can be accomplished using this software:
• EcoStruxure Foxboro DCS System Definition v3.6
• I/A Series Configurator Component (IACC) v2.6 or later
I/A Series System Configuration Component (IACC) User's Guide (B0700FE).
This product does not support configuration of station types FDC280 or CNI and
does support the configuration of SNMPv3 switches.
• EcoStruxure Foxboro DCS Control Software (referred to as the Control Software)
v7.2 or later
For instructions on installing the Control Software, see Control Software
Installation Guide (B0750RA). To create the Commit installation media, perform
the procedures in Hardware Configuration User’s Guide (B0750BB). This product
does not support configuration of the CNI station type and does support the
configuration of SNMPv3 switches.
After creating or editing the system configuration, create Commit installation media for
use during software installation.
Label Commit installation media with the Control Core Services or I/A Series versions
on which it can be used, for example, Control Core Services v9.6 or I/A Series v8.2-
v8.8.
It is recommended you have only a single System Configuration (set of Commit
media) for your Control Core Services system. From a single configuration database,
you can produce media for multiple versions of Control Core Services and I/A Series
software by providing a Package Distribution Disk (10091). Starting with I/A Series
software v8.8, there is no package distribution disk, so this request can be ignored in
System Definition. For earlier versions, this was used to produce specific information
on the Commit media that was used by the I/A Series installation application.
See the documentation listed in Control Core Services v9.6 Documentation, page 19
for information on how to import existing configurations using System Definition v3.6,
IACC v2.6, or the Control Software v7.3.
If importing an older configuration from an earlier version of System Definition (pre-
v3.0), in a system with I/A Series software pre-v8.8, any stations that will be installed
for use in a system with Control Core Services v9.6 has to be migrated to either the
new WSTA70 (for Windows 10) or WSVR70 (for Windows Server 2016 Standard)
station type. After migrating these stations, new Commit media has to be created.
(Stations with I/A Series software v8.8 have already been migrated to these new
station types.)

18 B0700TK, Rev C
Chapter 1: Planning Your Installation Control Core Services v9.6 Software Installation Guide

Control Core Services v9.6 Documentation

Verify you have all the necessary documentation needed for your installation. See
Related Documents, page 10 for a list of all documentation related to Control Core
Services v9.6. The latest revisions of the documents are on the Global Customer
Support website https://pasupport.schneider-electric.com (registration required).

Hardware and Software Specific Instruction Documents

For the Hardware Specific instructions applicable to Windows 10 and Server 2016
platforms used by Control Core Services, see the Hardware and Software Specific
documentation in the Control Core Services v9.6 Release Notes (B0700TL).

Workstation Specific Operating System Media

You will also need to install operating system images for each workstation on which
you will install the Local Edition or Enterprise Edition Control Core Services v9.6 if the
hardware to be used is not a new station shipped from the Schneider Electric factory
with the v9.6 Restore image identified by the media kits in the table and verified in
your workstation’s H-code.

Table 2 - Foxboro DCS Control Core Services v9.6 Platform Specific Media Kits

Media Kit Part Number Kit Description

K0204BK, Rev. A Foxboro DCS Control Core Services v9.6 Release for
Windows 10 and Server 2016

These upgrade kits are available if you want to upgrade existing supported hardware
to the new operating systems.

Table 3 - Foxboro DCS Control Core Services v9.6 Platform Specific Upgrade
Kits

Media Kit Part Number Kit Description

K0204AG H92 HP Z440 Workstation Windows 10 upgrade kit
(Model H92, Style J/A or newer style)
K0204AH H92 HP Z420 Workstation Windows 10 upgrade kit
(Model H92, Style G/A to Style H/A)
NOTE: Older styles of the HP Z420 can be upgraded
by replacing the video card with new part number
P0928JF. Any continued use of on-board serial card
will be considered an engineered solution. Consult
your technical/sales representative for details.
K0204AW(a, page 20) H90 HP DL380 Gen9 Server 2016 (as Server, supports
remote clients) upgrade kit (Model H90, Style G/A or
newer style)
K0204AK(b) V91 HP DL380 G9 Server 2016 VM Host upgrade kit
(Model V91, Style A/A or newer style)

B0700TK, Rev C 19
Control Core Services v9.6 Software Installation Guide Chapter 1: Planning Your Installation

Table 3 - Foxboro DCS Control Core Services v9.6 Platform Specific Upgrade
Kits (Continued)

Media Kit Part Number Kit Description

K0204AL Upgrade kit for Server 2016 2 VMs (Kit to add 2 Server
2016 VMs to V91 virtualization server host)
(a) BIOS must be updated to version 2.22 or later before upgrading the OS. Please
download the latest qualified BIOS update from the Global Customer Support
website: (https://pasupport.schneider-electric.com/content/Security/mspatch/
mspatch.asp). This link is only accessible to registered users. First time users can
visit: https://pasupport.schneider-electric.com (registration required). Allow three
business days for validation of the application.
(b) Can be used to upgrade a V90 Gen9 server.

Control Core Services v9.6 Media

See the Control Core Services v9.6 Release Notes (B0700TL) included with your
station for the part number of the restore DVD for your station.
The part number and contents of the Control Core Services v9.6 Day 0 Media Kit, and
the additional media needed to install this software, are listed in these release notes.

Pre-Installation Tasks
• Backing Up the CSA Database
Back up the CSA files by using the CSA_Save utility as described in “Backing Up
and Restoring Compound Summary Access (CSA)” in the Control Core Services
v9.6 Release Notes (B0700TL).
• Adjusting BIOS Settings
For the BIOS settings applicable to your workstation/server hardware, see the
applicable user’s guide shipped with your hardware.
• Loading Platform Images
To install the images applicable to your workstation/server hardware, see
Workstation Specific Operating System Media, page 19.
• Configuring Local Group Policies (LGPOs)
To set the LGPOs, see Appendix N: Security by Local Group Policies, page 304.
The LGPOs and ENS must be installed before the Control Core Services v9.6
installation.
• Install McAfee Products
If you are not using an alternative security product, it is recommended you install
McAfee security products. See Related Documents, page 10 for the latest
McAfee ENS and ePO Installation Guide.
Review Post-Installation Migration Procedures
Before installing Control Core Services v9.6 on your stations, review the post-
installation migration procedures in Other Migration Considerations, page 239.

20 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

Chapter 2: Installing Local Edition Control Core

Services v9.6 Day 0
You can perform an initial installation of the Local Edition Control Core Services v9.6
on your desired workstation or server. An initial installation, or an installation which
removes any instances of existing Control Core Services or I/A Series software, is
referred to as a “Day 0” operation.
As well, updating supported hardware with earlier versions of Control Core Services
requires a Day 0 operation. Upgrade scenarios include:
• I/A Series software versions earlier than v8.8
Requires new hardware. You must save off databases, displays, etc. and load the
hardware with Control Core Services v9.6 and apply the saved databases,
displays, etc.
• I/A Series software v8.8 through Control Core Services v9.0-v9.3
This might require new hardware if not compatible with Windows 10 or Windows
Server 2016. If new hardware is required, save off databases, displays, etc. and
re-load with new hardware. If your hardware is compatible, save off databases,
displays, etc. and re-load the workstation with new operating system. Load with
CCS v9.6 and apply saved databases, displays, etc.
• Control Core Services v9.4 or v9.5
This is a Release Update with optional Day 1 installation (if packages must be
added to an existing CCS v9.5 workstation).
If you already have a supported platform loaded with the Windows 10 or Server 2016
Standard operating system and want to apply an initial Day 0 installation of Control
Core Services v9.6 to it, see this chapter.
To upgrade from Control Core Services v9.4 or v9.5, see Chapter 9: Upgrading
Control Core Services v9.4 and v9.5 to v9.6, page 182.
If you already have Control Core Services v9.6 installed and want to update or change
the packages installed (a Day 1 operation), or repair the existing packages, see
Chapter 10: Updating Control Core Services v9.6 for Commit Changes or Repairing,
page 208.
Password handling is different for Control Core Services v9.6 on Windows 10/
Windows Server 2016 operating systems, as compared to how it was handled in
Control Core Services v9.4.
• The built-in Administrator account has no password and the account is disabled.
• “Account1” has “Password1” as its initial value, but the user is prompted to
change the password during installation.
• A new Engineering account is created during a Local Edition installation, during
which you select the username and password.

Preparing the Workstation or Server

This section applies to Windows 10 and Windows Server 2016 Standard stations on
which Local Edition Control Core Services are being installed for the first time, or
overwriting existing Control Core Services or I/A Series software. (This is referred to
as a Day 0 installation.)
Perform these steps to set up the hardware, restore the Windows operating system,
and update drivers for your workstation.

B0700TK, Rev C 21
 Chapter 2: Installing Local Edition Control Core Services v9.6
Control Core Services v9.6 Software Installation Guide Day 0

1. See Control Core Services v9.6 Release Notes (B0700TL) for hardware
requirements specific to the v9.6 release. Obtain and use the latest hardware and
software user guides referenced in these release notes for each workstation
being installed with Control Core Services v9.6.
2. For instructions on installing memory upgrades, PCI cards, and so forth, see the
latest hardware specific user guides for your Schneider Electric hardware.
3. If this is a new station shipped from the Schneider Electric factory, it is not
necessary to install the operating system. See the instructions in the hardware
and software user guide to load all required drivers.
If it is not a new station, using the V9.6 Restore Media, restore the Windows
operating system on this workstation. See the instructions in the hardware and
software user guide to load all required drivers.
Only use the media kits listed in Foxboro DCS Control Core Services v9.6
Platform Specific Media Kits, page 19 to restore the operating system of a station
for Control Core Services v9.6.
4. Set the time and date.
a. Open the Windows Date and Time applet by clicking the Date and Time icon
in the Control Panel.
b. Click Change Date and Time.
c. Adjust the date and time.
d. Click OK.
e. Click Change time zone.
f. Select the correct time zone from the list and select the checkbox (if not
already selected) to automatically adjust the clock for daylight saving time
(DST) changes, if desired.
g. Click OK.
5. Confirm all of the steps prescribed in the hardware specific documents
referenced in the Control Core Services v9.6 Release Notes (B0700TL) have
been performed before proceeding, including updating drivers such as the
Network Interface Card drivers.

Changing the Station Name

The Windows workstation or server name has to match the workstation or server
letterbug name as it was configured in SysDef and saved onto your Commit
installation media before you install the Control Core Services. For instructions on
modifying the computer name of your workstation or server, see Appendix B:
Changing the Station Name, page 254.

Preparing Network Interface Cards (NICs) for Installation

NOTICE
POTENTIAL DATA LOSS
Perform this procedure for 100Mbps fiber optic cards only. For copper NICs and for
Gigabit Fiber optic NICs, you must NOT perform this procedure.
Failure to follow these instructions can result in data loss.

22 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

Before installing Control Core Services, for each installed NIC, you have to set the
NIC’s properties “Flow Control” and “Speed & Duplex” manually for the NICs on this
station.
See the applicable user’s guide included with your station to determine the NIC cards
it supports.
1. On Windows 10 or Windows Server 2016 stations, click Control Panel > Device
Manager.
In the Device Manager window, expand the Network adapters list.
2. Right-click the desired card and click Properties. In the Properties dialog box
that appears, select the Advanced tab.
3. In the Property field, click Flow Control. In the Value field, select Disable from
the list.
4. In the Property field, click Speed & Duplex. In the Value field, in the list:
• For a station on the control network, select 100 Mb Full.
• For a station on another network other than the control network (Off-Control
Network), select Auto.
5. Click OK.
6. For each additional NIC, repeat Step 2 through Step 5.
7. Shutdown and restart the system for the driver changes to take effect. Click Start
> Shut Down and select Restart from the list. Click OK.

Exiting During Software Installation

1. Click Cancel during the section of the installation which configures the
workstation type and domain controller setup. This dialog box appears:

2. Click Yes to cancel, or No to resume the installation process.

If you click Yes, the installation exits. Upon restarting the setup process,
depending on how far along the configuration has proceeded, you might be
returned to the same dialog box from which the installation was canceled.
3. To restart the installation process after clicking Cancel, re-insert the DVD labeled
“Foxboro DCS Control Core Services v9.6 Windows 10/Server 2016 Day 0 DVD”
(K0177DX) and navigate to the media. Double-click on Setup.exe to launch the
installation.

B0700TK, Rev C 23
 Chapter 2: Installing Local Edition Control Core Services v9.6
Control Core Services v9.6 Software Installation Guide Day 0

Installing CCS Software

1. Verify the workstation is attached to the control network.
2. Install Windows 10 or Windows Server 2016 Local Group Policies. For
instructions, see Appendix N: Security by Local Group Policies, page 304.
3. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.
4. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD” (K0177DX), if it is not already in the station.
5. If McAfee ENS is installed, confirm these McAfee ENS components are up to
date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
6. Run a full scan of the system to confirm no viruses are present in the system
before work begins.
7. Navigate to the DVD drive and double-click setup.exe.
8. When the User Account Control (UAC) prompt appears, click Yes.

24 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

9. Select Install Local Edition Control Core Services. Click Next to continue.

10. The next dialog box requests you load the committed configuration install files.
Click Load.

B0700TK, Rev C 25
 Chapter 2: Installing Local Edition Control Core Services v9.6
Control Core Services v9.6 Software Installation Guide Day 0

11. The browser for the folder containing the committed configuration install files
opens. If the installation media with your Commit files is on the server’s hard drive
or a network, browse to the location of the media and click Select Folder.

26 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

12. When the installation files have been loaded, click Bind to launch the Control
Network Configurator.

13. From the Control Network Configurator dialog box, select the two network
cards representing the control network and click Next. Be certain to pick the
correct NICs as this selection cannot be changed later in the installation.

B0700TK, Rev C 27
 Chapter 2: Installing Local Edition Control Core Services v9.6
Control Core Services v9.6 Software Installation Guide Day 0

14. In the Load committed configuration install files dialog box, click Next.

15. In the Configure User Accounts dialog box:

a. Specify the Password and confirm password for the “Local Administrator
Account”.

NOTICE
POTENTIAL DATA LOSS
It is very important to set the password for the Account1 user account
differently on each workstation. Setting the same password for Account1
could lead to information disclosure.
Failure to follow these instructions can result in data loss.

b. Specify the Username, Password, and Confirm Password for the “Local
Edition Engineering User Account”. The Account2 username and password
must be the same on each Local Edition workstation.
NOTE: The Local Engineering User Account username and password
have to have the same value on all Local Edition workstations in order to
maintain functionality between Local Edition workstations.
The Account1 user account is not intended for the operation of the
Foxboro DCS Control Core Services system. Always log in with the Local
Edition Engineering User Account when operating the system.
Always set the Account1 passwords differently on the Local Edition
workstations and the Enterprise Edition domain client workstations.
Also, on each Local Edition workstation, always set the Account1
password and the Local Engineering User Account password differently.

28 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

c. Select the Set this account to Auto Logon on restart checkbox, if you
want to enable auto-login. If this is not selected, you have to login manually.
d. Specify the SNMPv3 Key and confirm key if the workstation is a switch host
and SNMPv3 switches have been configured on your system. Be advised the
SNMPv3 Configuration Key entries will not appear unless the workstation is
a switch host and at least one switch is configured for SNMPv3 in System
Definition.
e. Click Configure.

B0700TK, Rev C 29
 Chapter 2: Installing Local Edition Control Core Services v9.6
Control Core Services v9.6 Software Installation Guide Day 0

16. Click Install.

17. The MSI installer opens for Control Core Services Day 0 software. Click Next.

30 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

18. Click Install to run the installation.

Canceling the installation after this point might result in a partially installed
system.
19. If the OS1FDB package is configured on this server, the Media Request dialog
box appears for each OS1FDB station configured to be hosted by the workstation
being installed. This will occur one time for each OS1FDB station configured.
a. Perform one of these actions:
• Click Skip to bypass the installation of this package. If you selected
Skip, the installation will continue, but this dialog box will appear again
for each of the OS1FDB stations configured on this Foxboro DCS
workstation.

B0700TK, Rev C 31
 Chapter 2: Installing Local Edition Control Core Services v9.6
Control Core Services v9.6 Software Installation Guide Day 0

• Click Load to install this package. If you selected Load, the media folder
browser opens.

If your installation media for the OS1FDB package is not on a floppy diskette,
browse to the location of your stamped media and click Select Folder.
If your installation media for the OS1FDB package is on a floppy diskette,
click Use Diskette. The diskette has to be in the diskette drive (A:\). When
Use Diskette is clicked, the diskette will be read.
b. If you selected Use Diskette, the Media Request dialog box appears. Insert
the second diskette in the OS1FDB set and click Load. The diskette has to
be inserted in drive A:\.

20. Click Finish when the installation process is finished.

32 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

At the end of the installation, the installation log appears. You can view this log
later by clicking Start > Foxboro DCS Control Core Services > Log Viewer.

Click on Setup Log, Pkg Log, and Init Log to view these logs. These logs can
also be printed.

Installing the Control Core Services v9.6 Trailer Media (If Provided)
If a trailer is provided in the media kit, install it at this time. Installation instructions are
provided in Control Core Services v9.6 Release Notes (B0700TL).

B0700TK, Rev C 33
 Chapter 2: Installing Local Edition Control Core Services v9.6
Control Core Services v9.6 Software Installation Guide Day 0

Restarting Your System

A system restart is required to begin using the Foxboro DCS Control Core Services
software. However, some optional software can be installed before the restart of the
workstation. Review the optional software that is to be installed on this workstation.
This software can be installed before the system restart:
• System Manager v2.15
• FoxView/FoxDraw v10.6.1
• Foxboro Classic Software Support v1.0
NOTE: System Manager is not part of the Control Core Services media. It must be
installed using separate media.
If the workstation is a virtual machine, shut it down and set its MAC addresses to be
static, and start the VM again. For instructions, see Virtualization for Windows Server
2016 User's Guide (B0700HD).
If this workstation is a physical machine, reboot the workstation at this time. Click
Start > Shut Down and select Restart from the list and click OK.

Installing Optional Software

See Appendix H: Installing Optional Software, page 273.
NOTE: Install the “Foxboro Classic Software Support” media to use ICC, Operator
Action Journal, PLB Monitor, or PLB Editor.

Setting Date and Time

For an internally sourced Master TimeKeeper (MTK), set the local date and time with
System Manager. For instructions on how to set the date and time with System
Manager, see the section “Date and Time Tools” in System Manager User’s Guide
(B0750AP).
See Time Synchronization User’s Guide (B0700AQ) for a description of the time
synchronization subsystem.

Connecting Remote Desktop to Local Edition Clients

By default, Local Edition users cannot log onto other Local Edition clients using
Remote Desktop. When attempting to do so, this detected error appears:

34 B0700TK, Rev C
Chapter 2: Installing Local Edition Control Core Services v9.6
Day 0 Control Core Services v9.6 Software Installation Guide

1. Enable Remote Desktop Services on the target machine.

a. Open the Services console (Start > Run > Services.msc).
b. Right-click Remote Desktop Services and from the menu that appears,
click Properties.
c. Change the Startup Type to Automatic.
d. Click Start to start the service.
e. Close the dialog box.
2. Add the desired users to Remote Desktop Users group on the target machine.
a. Open the Computer Management console (Start > Run > compmgmt.msc).
b. Navigate to System Tools > Local Users and Groups > Groups.
c. Double-click the Remote Desktop Users group.
d. Click Add.
e. Enter the name of the desired user to allow remote desktop login.
f. Click Check Names.
g. Click OK.
h. Click OK to close the dialog box.

B0700TK, Rev C 35
 Chapter 3: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 on Domain Controllers

Chapter 3: Installing Enterprise Edition Control Core

Services v9.6 on Domain Controllers
You can install Enterprise Edition Control Core Services on domain controllers. This
requires you to determine which tasks need to be performed to support your specific
system configuration.
If a Control Core Services PDC (domain) is already at v9.5, then no domain migration
is necessary. Only a Release Update or Day 1 software update is needed for On-
Control Network domain controllers to bring the station up to v9.6.
Foxboro DCS Control Core Services v9.6 Installation does not support a direct
migration of Active Directory settings.
If starting from an Active Directory installation that is pre-CCS v9.4, first upgrade the
domain controller to v9.4 according to the documentation provided in the Control Core
Services 9.4 Software Installation Guide (B0700SX). When the PDC is at v9.4, it can
then be updated to v9.5 according to the documentation provided in the Control Core
Services 9.5 Software Installation Guide (B0700TC).
If starting from an Active Directory installation that is CCS v9.4, first upgrade the
domain controller to v9.5 according to the documentation provided in the Control Core
Services 9.5 Software Installation Guide (B0700TC).
There have been no changes to Active Directory policies in CCS v9.6. When an On-
Control Network PDC is at v9.5, it can then be updated to v9.6 according to the
standard installation procedures which do not involve any special migration steps.
This can be performed as a Day 1 (if configuration changes have been made in
System Definition) or as a Release Update. Always update the PDC station first,
before any domain clients are updated.
Upgrading a Control Core Services v9.4 or v9.5 Enterprise Edition domain client to
Control Core Services v9.6 can be achieved by performing the procedures in Chapter
9: Upgrading Control Core Services v9.4 and v9.5 to v9.6, page 182.
If you already have Control Core Services v9.6 installed and want to update or change
the packages installed (a Day 1 operation), or repair the existing packages, see
Chapter 10: Updating Control Core Services v9.6 for Commit Changes or Repairing,
page 208.
The release updates (Enterprise Edition or Local Edition) use the same procedure,
including release update procedures for On-Control Network PDCs.

Determining the Installation Scenario For Your CCS System

For installations that need additional cybersecurity and management capabilities over
that provided by the Local Edition Control Core Services v9.6, a system with the
Enterprise Edition Control Core Services v9.6 is available. This implementation
involves having servers that provide the role of Microsoft® Active Directory Domain
Controllers. A domain controller is a server on a Microsoft Windows network that is
responsible for allowing host access to Windows domain resources. It stores user
account information, authenticates users and enforces authorization policy for a
Windows domain.
There has to be at least one domain controller present to act as the “primary” domain
controller, but the recommendation is to have a second server acting as a “secondary”
domain controller to provide redundancy. The workstation clients of these domain
controllers are members of an Active Directory domain (domain clients).

36 B0700TK, Rev C
Chapter 3: Installing Enterprise Edition Control Core Services
v9.6 on Domain Controllers Control Core Services v9.6 Software Installation Guide

1. There are two separate types of installations for systems with Enterprise Edition
Control Core Services v9.6. Determine which are applicable for the stations in
your Control Core Services system:
• New Installation (Day 0) - Installation of this Enterprise Edition software on
workstations/servers on which Control Core Services or I/A Series software
has never been installed. For this installation, the domain controllers and the
client domain workstations are newly installed with Control Core Services
v9.6. Workstations with Local Edition Control Core Services software can
also be installed on the same control network but will not be members of the
Active Directory domain.
• Release Update installation (Day 1) - Installation of this Enterprise Edition
software on workstations/servers on which Control Core Services v9.4 or
v9.5 is already installed.
2. The domain controller target destination has to be determined. This is based on
where the domain controllers will be located after the installation:
• On-Control Network - On the control network.
• Off-Control Network - On a separate network.
3. When you have determined the installation type (New Installation or Release
Update/Day 1) and the domain controller target destination (On-Control Network
or Off-Control Network), use this information to select your installation scenario
from the table. Proceed to the appropriate section in this document to install the
software, as directed. The table provides the details concerning each different
installation scenario for domain controllers only.

Table 4 - Domain Controller Installation Scenarios for Control Core Services v9.6

Domain Controller Target Destination Scenario See

Type Chapter
On-Control Network Off-Control Network
New On-Control - Scenario 1 , Chapter 4,
Network PDC with page 39 page 42
Control Core
Services v9.6
- New Off-Control Scenario 2, Chapter 6,
New Domain Network PDC with page 39 page 87
Controller Control Core Services
Installation, No v9.6
Migration of Older
- Install Control Core Scenario 3, Chapter 7,
Configurations
Services v9.6 on page 39 page 132
Existing Off-Control
Network (Corporate)
PDC (a, page 38) with
Windows Server 2016
Installation Standard
Type
Domain Upgrade On-Control Scenario 4, Chapter 9 in
Controller Network PDC from page 39 B0700TC,
Upgrade Control Core then
Installation of Services v9.4 to v9.6 Chapter 9,
Control Core page 182
Services v9.4 to
v9.6 Upgrade Off-Control Scenario 5, Chapter 9 in
Network PDC from page 40 B0700TC,
(Only use for Control Core Services then
single plant unit/ v9.4 to v9.6 Chapter 9,
area installations page 182
that have not
been upgraded
previously to
CCS v9.4)

B0700TK, Rev C 37
 Chapter 3: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 on Domain Controllers

Table 4 - Domain Controller Installation Scenarios for Control Core Services v9.6 (Continued)

Domain Controller Target Destination Scenario See

Type Chapter
On-Control Network Off-Control Network
Upgrade an existing Scenario 6, Chapter 9 in
corporate PDC from page 40 B0700TC,
Control Core Services then
v9.4 to v9.6 Chapter 9,
page 182
Update On-Control Scenario 7, Chapter 10,
Domain Network PDC page 40 page 208
Controller Update installed with Control
Control Core Core Services v9.6
Services v9.6 for
Repair/ Commit Update Off-Control Scenario 8, Chapter 10,
changes Network PDC installed page 40 page 208
with Control Core
(Only use on Services v9.6
Domain
Controllers Update an existing Scenario 9, Chapter 10,
already at CCS corporate PDC page 41 page 208
v9.6) installed with Control
Core Services v9.6
Domain Migrate On-Control Migrate Off-Control Scenario 10, N/A
Controller Network PDC Network PDC or page 41
Migration to installed with Control existing corporate
Control Core Core Services v9.5 or PDC installed with
Services v9.6 earlier Control Core Services
v9.5 or earlier
(Use for multiple
plant unit/area
installations or
installations that
have been
upgraded
previously to
CCS v9.5)
Installation Day 1 update of Scenario 11, Chapter 9,
Type existing CCS v9.5 page 41 page 182
On-Control Network
Domain domain controller to
Controller Update CCS v9.6
Control Core
Services v9.5 to Release Update of Scenario 12, Chapter 9,
CCS v9.6 existing CCS v9.5 page 41 page 182
On-Control Network
(No Active domain controller to
Directory CCS v9.6
changes – Not
required for Off- Day 1 update of Scenario 13, Chapter 9,
Control Network) existing CCS v9.5 Off- page 41 page 182
Control Network
domain controller to
CCS v9.6
(a) An existing Off-Control Network PDC means a PDC that you already have in place which does not contain any
Control Core Services domain content. It has to be already installed with Microsoft Active Directory software. This
is typically a corporate PDC.

38 B0700TK, Rev C
Chapter 3: Installing Enterprise Edition Control Core Services
v9.6 on Domain Controllers Control Core Services v9.6 Software Installation Guide

Table 5 - Domain Client Installation Scenarios for Control Core Services v9.6

Domain Controller Target Destination Scenario See

Type Chapter
On-Control Network Off-Control Network
Installation Procedure - Scenario A Chapter 9,
Domain Client for Domain Clients page 182
Installation of (On-Control Network)
Control Core
Services v9.4 or - Installation Procedure Scenario B Chapter 9,
v9.5 to v9.6 for Domain Clients page 182
Installation (Off-Control Network)
Type Installation Procedure - Scenario C Chapter 8,
for Domain Clients page 149
First time (On-Control Network)
installations of
CCS v9.6 - Installation Procedure Scenario D Chapter 8,
for Domain Clients page 149
(Off-Control Network)

Installation Scenarios
Scenario Description Reference
• New domain controllers (PDC and SDC) are located on the Foxboro DCS PDC/SDC:
Control Network (On-Control Network). Each of the stations (new domain
controllers and new domain client workstations) are loaded with Control Core Chapter 4, page
Services v9.6. 42
1
• All domain clients are installed as new workstations with Control Core Domain clients:
Services v9.6.
Chapter 8, page
149
• New domain controllers (PDC and SDC) are located on a separate, PDC:
customer-supplied network (Off-Control Network).
Chapter 6, page
• Installation of Control Core Services v9.6 will install only the Active Directory 87
2 components on the PDC/SDC.
Domain clients:
• All domain clients are installed as new workstations with Control Core
Services v9.6 Chapter 8, page
149
This scenario is designed for systems in which you already have a corporate PDC PDC:
with Windows Server 2016 Standard on which you want to install the Control Core
Services components for Active Directory. Chapter 7, page
132
• Control Core Services v9.6 Active Directory components only are installed to
an existing PDC with Windows Server 2016 Standard installed on an Off- Domain clients:
Control Network. The existing PDC is running Windows Server 2016
3 Chapter 8, page
Standard with no Control Core Services software. The existing PDC installed
on a separate network (Off-Control Network) is a customer-supplied station 149
that has customer-specific Active Directory components with no Control Core
Services software.
• All domain clients are installed as new workstations with Control Core
Services v9.6.
• The PDC /SDC (Server 2016) is on an on-control network and has already PDC v9.4:
been installed with Control Core Services v9.4.
Chapter 9 in
4 • You would like to upgrade this PDC/SDC with Control Core Services v9.6. B0700TC, then
• Only use for systems migrated (domain/PDC) from versions prior to CCS Chapter 9, page
v9.4. 182

B0700TK, Rev C 39
 Chapter 3: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 on Domain Controllers

Scenario Description Reference

PDC v9.5:
Chapter 9, page
182
SDC:
Chapter 9, page
182
Domain clients:
Chapter 8, page
149
• The PDC (Server 2016) is on an off-control network and has already been PDC v9.4:
installed with Control Core Services v9.4 Active Directory components.
Chapter 9 in
• You would like to upgrade this PDC with Control Core Services v9.6 Active B0700TC, then
Directory components. Chapter 9, page
• Only use for single plant unit/area installations that have not been upgraded 182
previously to CCS v9.4.
5 PDC v9.5:
Chapter 9, page
182
Domain clients:
Chapter 8, page
149
• The PDC (Server 2016) is on an off-control network and is a corporate PDC. PDC v9.4:
This means, the Active Directory on the PDC was installed with Microsoft
Server Manager. Chapter 9 in
B0700TC, then
• The corporate PDC has already been installed with Control Core Services Chapter 9, page
v9.4 Active Directory components. 182
• You would like to upgrade this corporate PDC with Control Core Services v9.6
6 PDC v9.5:
Active Directory components.
• Only use for single plant unit/area installations that have not been upgraded Chapter 9, page
previously to CCS v9.4. 182
Domain clients:
Chapter 8, page
149
• The PDC/SDC (Server 2016) is on an on-control network and has already PDC/SDC:
been installed with Control Core Services v9.6.
Chapter 10, page
• You would like to update this PDC/SDC with Control Core Services v9.6 for 208
7 the purpose of repairing the installation or for commit changes.
Domain clients:
Chapter 8, page
149
• The PDC (Server 2016) is on an off-control network and has already been PDC:
installed with Control Core Services v9.6 Active Directory components.
Chapter 10, page
• You would like to update this PDC for commit changes such as addition/ 208
8 deletion of a computer in the committed configuration. These changes require
updating the Active Directory structure for the changes to computers Domain clients:
configured in the commit.
Chapter 8, page
149

40 B0700TK, Rev C
Chapter 3: Installing Enterprise Edition Control Core Services
v9.6 on Domain Controllers Control Core Services v9.6 Software Installation Guide

Scenario Description Reference

• The PDC (Server 2016) is on an off-control network and is a corporate PDC. PDC:
This means, the Active Directory on the PDC was installed with Microsoft
Server Manager. Chapter 10, page
208
• The corporate PDC has already been installed with Control Core Services
9 v9.6 Active Directory components Domain clients:
• You would like to update this PDC for commit changes such as addition/ Chapter 8, page
deletion of a computer in the committed configuration. These changes require 149
updating the Active Directory structure for the changes to computers
configured in the commit.
• The PDC meets any of these qualifications: PDC:
◦ PDC supports multiple plant units/areas. Services
◦ Is on an on-control network and has already been upgraded to Control Available from
Core Services v9.4 from a previous version. Schneider
Electric, page 41
10 ◦ Is on an off-control network and has already been upgraded to Control
Core Services v9.4 from a previous version. Domain clients:
◦ Is on a corporate PDC and has already been upgraded to Control Core Chapter 8, page
Services v9.4 from a previous version. 149
• You would like to upgrade this PDC/SDC with Control Core Services v9.6.
• The PDC/SDC (Server 2016) is on an On-Control Network and has already Chapter 9, page
been installed with Control Core Services v9.5. 182
11
• You would like to upgrade this PDC/SDC with Control Core Services v9.6
There have been configuration changes in System Definition.
• The PDC/SDC (Server 2016) is on an On-Control Network and has already Chapter 9, page
been installed with Control Core Services v9.5. 182
12
• You would like to upgrade this PDC/SDC with Control Core Services v9.6
There have been NO configuration changes in System Definition.
• The PDC/SDC (Server 2016) is on an Off-Control Network and has already Chapter 9, page
been installed with Control Core Services v9.5 policies and settings. 182
13 • There have been configuration changes in System Definition which resulted
in the addition of workstations to the Foxboro DCS network You want to get
these new workstations added to the Active Directory Users and Computers.

Additional Scenarios
Be advised moving domain controllers on or off the control network must be
accomplished before an upgrade from Control Core Services v9.4 to v9.6 can be
attempted. For those scenarios, see the “Domain Controller Installation/Migration
Scenarios for Control Core Services v9.4” table in Control Core Services v9.4
Software Installation Guide (B0700SX). They are advanced scenarios that might
require the guidance of the Schneider Electric Cybersecurity Services Team.

Services Available from Schneider Electric

For Scenario 10, page 41 and other scenarios not covered here, we recommend
contracting with the Schneider Electric Cybersecurity Services Team to provide further
guidance and customizing the security solution at your site.
More information about Schneider Electric Cybersecurity Services can be found at:
https://www.schneider-electric.com/en/work/solutions/cybersecurity/

B0700TK, Rev C 41
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

Chapter 4: Installing Enterprise Edition Control Core

Services v9.6 on New Primary Domain Controllers on
The Control Network
You can install Enterprise Edition Control Core Services v9.6 on primary domain
controller servers on the control network.
To install Enterprise Edition Control Core Services v9.6 on a secondary domain
controller, see Chapter 5: Installing Enterprise Edition Control Core Services v9.6 on
New Secondary Domain Controllers on The Control Network, page 66.
NOTE: Starting with the HP DL380 Gen9 server images for Windows Server
2016, the default Administrator account is disabled and has a blank password.
The steps required for this scenario are shown in this image:

Figure 1 - Steps to Install Enterprise Edition Control Core Services v9.6 on

Primary Domain Controller Servers on the Control Network

Preparing the Server

The primary domain controller (PDC) has to be a server-class station installed with the
Windows Server 2016 Standard operating system, and has to be the first station in the
Control Core Services system installed with the Enterprise Edition Control Core

42 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
Services software. For this procedure, it is assumed the PDC is installed on the
control network (which is a dedicated Control Core Services maintained network).
Perform these steps to set up the hardware, restore the Windows operating system,
and update drivers for your workstation.
1. See Control Core Services v9.6 Release Notes (B0700TL) for hardware
requirements specific to the v9.6 release. Obtain and use the latest hardware and
software user guides referenced in these release notes for each workstation
being installed with Control Core Services v9.6.
2. For instructions on installing memory upgrades, PCI cards, and so forth, see the
latest hardware user guides for your Schneider Electric hardware.
3. If this is a new station shipped from the Schneider Electric factory, it is not
necessary to install the operating system. See the instructions in the hardware
and software user’s guide to load all required drivers.
If it is not a new station, using the v9.6 Restore Media, restore the Windows
operating system on this workstation. See the instructions in the hardware and
software user’s guide to load all required drivers.
Only use the media kits listed in Foxboro DCS Control Core Services v9.6
Platform Specific Media Kits, page 19 to restore the operating system of a station
for Control Core Services v9.6.
4. Set the time and date.
a. Open the Windows Date and Time applet by clicking the Date and Time icon
in the Control Panel.
b. Click Change Date and Time.
c. Adjust the date and time.
d. Click OK.
e. Click Change time zone.
f. Select the correct time zone from the list and select the checkbox (if not
already selected) to automatically adjust the clock for daylight saving time
(DST) changes, if desired.
g. Click OK.
5. Confirm all of the steps prescribed in the hardware specific documents
referenced in the Control Core Services v9.6 Release Notes (B0700TL) have
been performed before proceeding, including updating drivers such as the
Network Interface Card drivers.

Notes on Installing Control Core Services

Before you install Control Core Services, verify the server is physically connected to
the control network and, if needed, that any network interface card drivers are
updated. Also, verify the server is disconnected from any secondary (non-Foxboro)
networks, but it is inadvisable for you to disable the adapters for these network cards.
• The server must be connected to the control network before installing Control
Core Services.
• Disconnect non-Foxboro network connections but the adapters for these network
cards must not be disabled.
• The network interface drivers used for connection to the control network might
require updating before installing Control Core Services v9.6. It is required
because this might lead to unstable or unavailable communications.

B0700TK, Rev C 43
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
• On servers with the Windows Server 2016 Standard operating system, it is
recommended no roles be added to the system which are not necessary for the
operation of the server. Adding unnecessary roles (for example, adding the
Remote Desktop Services role when the server is not to be used as a remote
session host) can create cybersecurity weaknesses in the overall system.

Changing the Station Name

The Windows workstation or server name has to match the workstation or server
letterbug name as it was configured in SysDef and saved onto your Commit
installation media before you install the Control Core Services. For instructions on
modifying the computer name of your workstation or server, see Appendix B:
Changing the Station Name, page 254.

Preparing Network Interface Cards (NICs) for Installation

NOTICE
POTENTIAL DATA LOSS
Perform this procedure for 100Mbps fiber optic cards only. For copper NICs and for
Gigabit Fiber optic NICs, you must NOT perform this procedure.
Failure to follow these instructions can result in data loss.

Before installing Control Core Services, for each installed NIC, you have to set the
NIC’s properties “Flow Control” and “Speed & Duplex” manually for the NICs on this
station.
See the applicable user’s guide included with your station to determine the NIC cards
it supports.
1. On Windows 10 or Windows Server 2016 stations, click Control Panel > Device
Manager.
In the Device Manager window, expand the Network adapters list.
2. Right-click the desired card and click Properties. In the Properties dialog box
that appears, select the Advanced tab.
3. In the Property field, click Flow Control. In the Value field, select Disable from
the list.
4. In the Property field, click Speed & Duplex. In the Value field, in the list:
• For a station on the control network, select 100 Mb Full.
• For a station on another network other than the control network (Off-Control
Network), select Auto.
5. Click OK.
6. For each additional NIC, repeat Step 2 through Step 5.
7. Shutdown and restart the system for the driver changes to take effect. Click Start
> Shut Down and select Restart from the list. Click OK.

44 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide

Installing Control Core Services Software

NOTE: It is recommended you perform backups of all existing software and
settings on the existing primary domain controller before proceeding with these
steps.
1. Verify the workstation is attached to the control network.
2. Unplug any non-control network cables.
3. Install Windows Server 2016 Local Group Policies. For instructions, see
Appendix N: Security by Local Group Policies, page 304.
4. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.
5. If McAfee ENS is installed, confirm these McAfee ENS components are up to
date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
6. Run a full scan of the system to confirm no viruses are present in the system
before work begins.
7. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD”.
8. Navigate to the DVD drive and double-click setup.exe.
9. When the User Account Control (UAC) prompt appears, click Yes.

10. A dialog box appears that allows you to select whether you are installing Local
Edition Control Core Services or for an Enterprise Edition system.
• Select Install Enterprise Edition Control Core Services
• Select the installation type as Active Directory Domain Services (AD DS)
• Select the network connectivity as On Control Network:

B0700TK, Rev C 45
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

NOTE: Click Cancel in any screen during the installation to cancel the
installation procedure. The installation can be resumed from where it was
stopped by relaunching the Setup.exe application.
11. Click Next.

46 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
12. The next dialog box requests you load the committed configuration install files.
Click Load.

The browser for the folder containing the committed configuration install files
opens. If the installation media with your Commit files is on the server’s hard drive
or a network, browse to the location of the media and click Select Folder.

13. When the installation files have been loaded, click Bind to launch the Control
Network Configurator dialog box.

B0700TK, Rev C 47
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
14. From the Control Network Configurator dialog box, select the two network
cards representing the control network and click Next. Be certain to pick the
correct NICs as this selection cannot be changed later in the installation.

15. Click Next. The Server platform setup dialog appears. Leave the “Install as a
Primary Domain Controller (PDC)” choice selected.

16. If you plan to install one or more SDCs, select the SDC names from the “Select
the Secondary Domain Controller Stations” list and click Set.

48 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide

17. If SDCs are not in the install plan, you can click Skip in the section “Select the
Secondary Domain Controller Stations”.
18. Enter a new DSRM password and re-enter the same password in the Confirm
Password text box under the section “Passwords”. The DSRM password is
required to boot the domain controller into Directory Services Restore Mode to
recover Active Directory.
19. Enter a new Built-in Admin password and re-enter the same password in the
Confirm Password text box.
20. Select the "AD Database path","AD Log Files Path" and "AD SYSVOL path"
under the section "Path Information". You can use the default values or change
the paths by clicking on the ellipses.
21. You can select the existing path or create a new path by clicking Make New
Folder. Click OK to select the folder.
22. Enter the new domain name, domain extension, site name, and NetBIOS name
and click Prepare. The NetBIOS name is auto-populated as you change the
domain name. You can choose to change the auto-populated value of the
NetBIOS name before clicking Prepare.

B0700TK, Rev C 49
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

The rules for generating a domain extension are:

• Domain extension must contain at least one character in the range of [a-z] or
[A-Z].
• Domain extension can contain numbers in the range of [0-9].
• Hyphen (-) is the only special character allowed.
• Length must not exceed more than 63 characters.
The NetBIOS domain name is the name which you see when you log into the
domain. It is generated by the installation application and appears in the text box
“NetBIOS Name”. The generated NETBIOS name is based on the domain name
specified. The rules for generating a NETBIOS name are:
• The maximum length of the name must be 15 characters.
• The minimum length of the name must be 2 characters.
• It can contain any combination of upper and lower case letters and numbers
as well as these special characters: !, @, #, $, %, ^, &, ), (, -, _, {, }, and ~.
• These special characters are not allowed: \, /, :, *, ?, “, <, >, and |.
If the generated name does not conform with these rules or is not suitable to your
requirements, you are free to change it in the text box. Note that generally, this
value is set to the same name as the last segment of the domain name.

50 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
23. If there are any validation detected errors, clicking Prepare presents them as
appropriate, allowing you to change the information entered. The validations
performed in this step include:
• Password matching
• Built-in Password complexity checking
• DSRM Password complexity checking
• NetBIOS name validity checking
• Domain name validity checking
24. If all of the validations have passed, an Active Directory message dialog box
appears. Confirm the name you have chosen for your Active Directory domain is
correct and will not conflict with another domain on the same network. Click OK to
continue.

A NetBIOS name will be generated by the install program and appears in the text
box “NetBIOS Name”. This NETBIOS name is based on your domain name.
However, NetBIOS names are restricted to fifteen (15) characters.
25. Click Install to load the Active Directory Domain Services onto this server and to
promote the server to the role of Primary Domain Controller. A DOS window
appears while Active Directory is being installed.

The DOS window shows progress while the system is promoted to Primary
Domain Controller status and DNS is installed. Some system messages are
shown in the DOS window during the promotion of the domain controller. These
system messages pertain to static IP addresses, the delegation of DNS, or
default security settings for the Windows Server 2016 operating system. These
system messages can be ignored.

B0700TK, Rev C 51
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

26. After the server is promoted to the Primary Domain Controller role, the “You’re
about to be signed out window” appears. Click Close to restart the server.

27. After the server reboots, log in as “Administrator” user account with the password
that has been set in the Server Platform Setup screen.
28. Restart the installation by launching Setup.exe from the DVD drive, as described
in Step 7 and Step 8.
When the User Account Control (UAC) prompt appears, click Yes.
A dialog box appears. Click Apply.

52 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide

A DOS window appears while the Active Directory is ready to be configured.

During this stage it is normal to see detected errors that Active Directory is not yet
functional. The Active Directory verification process attempts to make it functional
and proceeds to the next step of configuring the Active Directory.

29. As part of the Active Directory configuration process, a DOS window appears
showing the progress while the Active Directory domain settings are applied.

NOTE: The XML file indicated in this dialog box is correct to reference CCS
v9.5. The Active Directory group policies have not changed since CCS v9.5.

B0700TK, Rev C 53
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
30. When the configuration of Active Directory is complete, the command window
shows if the process completed successfully, or with detected errors. The
command window also shows the path to the log file which is:
c:\windows\temp\2016onmeshpdc_config.log
The command window waits for any key to be pressed to proceed further. Press
Enter to dismiss the command window.

If the command prompt indicates there are any detected errors, save the
indicated log file to an external drive for any possible analysis by Schneider
Electric. Reimage the server and start the installation again.
31. At this point, the CCS Secure User Accounts dialog box appears. Enter the
username and the password for the respective Control Core Services domain
accounts. For example, you can enter “CCSDomainAdmin” as the username for
CCS domain administrator account and “CCSInstaller” as a username for the
CCS Installation account. After you have entered these details, click Create.
Before you click Create, select the Show Password checkbox to verify the
passwords.

NOTE: You can name your account with any name you choose, However, in
this document we will see this account as the “CCS Installation account” or
using the examples names: CCSDomainAdmin and CCSInstaller. You can
substitute that name with the name you choose for all procedures.
After the CCS domain administration account has been created during the PDC
software installation, use this account for any subsequent installation tasks on
workstations, such as installing additional software.
The password has to meet this criteria:
• Must not contain the user's account name or parts of the user's full name that
exceed two consecutive characters.
• An 8-character minimum password length

54 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
• Contain characters from three of these four categories:
◦ English upper case characters (A-Z)
◦ English lower case characters (a-z)
◦ Base 10 digits (0-9)
◦ Non-alphabetic characters (for example: !, $, #, %)
32. When the Schneider Electric CCS Software Install: Workstation Reboot
Request dialog box appears, click Reboot. After the reboot, use the CCS domain
administrator username and login. Note that in this image, the
“CCSDomainAdmin” is only an example. The dialog box will reflect the unique
username that you created.

33. The “You’re about to be signed out” screen appears. After a few minutes, the
server will automatically reboot.

NOTICE
POTENTIAL DATA LOSS
At this point the default Administrator account (which is internally renamed as
IAManager) on the PDC is disabled for security reasons. You will be unable to
login with this account on the PDC. The only domain administrator at this point
will be the CCSDomainAdmin user. If you want to enable the Administrator (a.k.
a IAManager) on the PDC, you can use Active Directory Users and Computers
console to enable the user. It is therefore advised to create another domain
administrator user who can act as a domain and enterprise administrator. The
other domain admin account can be useful in an event the first two domain
admin accounts get locked or unusable.
Failure to follow these instructions can result in data loss.

34. After the server reboots, log on with the CCS Domain Administrator user account
with the password chosen earlier.

B0700TK, Rev C 55
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
35. The installation continues automatically. Click Next > Install to run the
installation.

In some cases, the installation is not able to restart automatically after logging in
with the CCS Domain Administrator user account. If the InstallShield Wizard
does not appear after logging in (this dialog box could take a few minutes to
appear), the installation has to be restarted manually. This can be done after a
reboot or logoff and logon with the CCS Domain Administrator user account. To
restart the installation manually, execute setup.exe directly from the DVD drive.

56 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
36. If the OS1FDB package is configured on this server, the Media Request dialog
box appears. To install this package, insert the first OS1FDB package diskette
and click Load. After the first disk has been loaded, insert the second OS1FDB
package diskette and click Load.
To bypass the installation of this package, click Skip. The installation continues,
but this dialog box appears again for each of the OS1FDB stations configured on
this station.
This will occur one time for each OS1FDB station configured.

37. If you selected Load, the media folder browser opens.

If your installation media for the OS1FDB package is not on a floppy diskette,
browse to the location of your stamped media and click Select Folder.
If your installation media for the OS1FDB package is on a floppy diskette, click
Use Diskette. The diskette has to be in the diskette drive (A:\). When Use
Diskette is clicked, the diskette will be read.

B0700TK, Rev C 57
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
38. If you selected Use Diskette, the Media Request dialog box appears. Insert the
second diskette in the OS1FDB set and click Load. The diskette has to be
inserted in drive A:\.

39. Click Finish when the installation process is finished.

At the end of the installation, the installation log appears. You can view the
installation log at any time by clicking Start > Foxboro DCS Control Core
Services > Log Viewer.

40. Click Setup Log, Pkg Log, and Init Log to view these logs. These logs can also
be printed.
NOTE: Day 0 installation of pre-Control Core Services v9.6 clients is not
allowed when the PDC is running CCS v9.5. This operation is an exception,
but if you still have to perform this action, see Appendix L: Day 0 Installation
of Pre-CCS v9.5 Clients on a System with a PDC Installed with Enterprise
Edition CCS v9.5 or v9.6, page 295.

Restarting Your VM Server

If the server is a virtual machine, shut it down and set its MAC addresses to be static,
and start the VM again. For instructions, see Virtualization for Windows Server 2016
User's Guide (B0700HD).

58 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
If this server is a physical machine, reboot the server at this time. Click Start > Shut
Down. Select Restart from the list and click OK.

Primary Domain Controller Post-Installation Procedures

NOTICE
POTENTIAL DATA LOSS
At this point the default Administrator account (who is internally renamed as
IAManager) on the PDC is disabled due to security reasons. You will be unable to
login with this account on the PDC. The only domain administrator at this point will
be the CCSDomainAdmin user. If you want to enable the Administrator (a.k.a
IAManager) on the PDC, you can use Active Directory Users and Computers
console to enable the user. It is therefore, advised to create another domain
administrator user who can act as a domain and enterprise administrator. The other
domain admin account can be useful in an event the first two domain admin
accounts get locked or unusable.
Failure to follow these instructions can result in data loss.

Changing Passwords
1. Click Start, and select Search programs and files. Enter ntdsutil.exe. When
the application name (ntdsutil.exe) appears, click it.
2. In the command prompt window:
a. Enter set dsrm password
b. Enter reset password on server <SERVERNAME>
<SERVERNAME> is the actual name of your PDC server.
c. Enter your newly chosen Active Directory Restore Mode password as
prompted (two times).
d. Enter quit to exit the command prompt.
Document this password and save it in a trusted place for future retrieval.
Without this password you will not be able to recover Active Directory.

Creating Users in Active Directory

These steps can be used to create an Operator account in the Active Directory
domain. This is a default group. Similar steps can be taken to create other customized
accounts, such as Maintenance and Engineer accounts. For information on creating
customized accounts, see Foxboro DCS Security Implementation Guide (B0700HM).

B0700TK, Rev C 59
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
1. Click Start > Windows Administrative Tools > Active Directory Users and
Computers.
2. Under the Foxboro\Accounts\Users\Standard OU, right-click Standard, and
select New > User:

The users are created under the Accounts\Users\Standard OU, including IA Plant
Engineers, IA Plant Operators, and IA Plant Maintenance.
The New Object - User dialog box opens.

3. Enter the First name, Full name, and User logon name as the same value (for
example, Operator1).
4. Click Next.
5. In the New Object - User dialog box, clear the User must change password at
next logon checkbox. Select the Password never expires checkbox.
6. Enter the password and confirm the password.

60 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
7. Click Next.

8. Click Finish.

B0700TK, Rev C 61
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
9. Double-click on the new username in the Active Directory Users and
Computers dialog box to open the Properties dialog box.

10. Select the Member Of tab.

11. Click Add.

62 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
12. Enter the text IA Plant and click Check Names.

13. Select the desired Control Core Services standard user group (for example, IA
Plant Operators) and click OK.

14. Click OK to close the Select Groups dialog box.

B0700TK, Rev C 63
 Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
15. Click OK to close the Properties dialog box.

16. Repeat these steps for as many users as desired. The different standard user
groups provide different policy settings and system access.

Tombstone Lifetime Attribute in Active Directory

By default the Active Directory tombstone lifetime is 180 days. Having a longer
tombstone lifetime decreases the chance a deleted object remains in the local
directory of a disconnected Domain Controller beyond the time when the object is
permanently deleted from online DCs.
It is highly recommended you review information regarding the tombstone lifetime
attribute in “Backing Up Active Directory on Domain Controllers” in Foxboro DCS
Security Implementation Guide (B0700HM). If you want to alter the default value, use
the procedure “Changing the Tombstone Lifetime Attribute in Active Directory” in
Foxboro DCS Security Implementation Guide (B0700HM).

Backing Up Active Directory

Back up your Active Directory at regular intervals on Control Core Services domain
controller stations. Backing up Active Directory provides a smooth restoration of
Control Core Services system operations after an unexpected hardware or software

64 B0700TK, Rev C
Chapter 4: Installing Enterprise Edition Control Core Services
v9.6 on New Primary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
suboptimal condition. For additional information, see “Backing Up Active Directory on
Domain Controllers” in Foxboro DCS Security Implementation Guide (B0700HM).

B0700TK, Rev C 65
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

Chapter 5: Installing Enterprise Edition Control Core

Services v9.6 on New Secondary Domain Controllers
on The Control Network
It is highly recommended you have a Secondary Domain Controller (SDC) in place in
order to maintain high availability of the domain services in case the PDC is down.
You can install Enterprise Edition Control Core Services v9.6 on secondary domain
controller servers on the Foxboro DCS Control Network.
NOTE: Starting with the HP DL380 Gen9 server images for Windows Server
2016, the default Administrator account is disabled and has a blank password.
The steps required for this scenario are shown in this diagram:

Figure 2 - Steps to Install Enterprise Edition Control Core Services v9.6 on

Secondary Domain Controller Servers on the Control Network

Preparing the SDC Server

The Secondary Domain Controller (SDC) has to be a server-class station installed
with the Windows Server 2016 Standard operating system. For this procedure, it is
assumed the SDC is installed on the control network (which is a dedicated Foxboro
DCS maintained network).

66 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
Perform these steps to set up the hardware, restore the Windows operating system,
and update drivers for your workstation.
1. See Control Core Services v9.6 Release Notes (B0700TL) for hardware
requirements specific to the v9.6 release. Obtain and use the latest hardware and
software user guides referenced in these release notes for each workstation
being installed with Control Core Services v9.6.
2. For instructions on installing memory upgrades, PCI cards, and so forth, see the
latest hardware user guides for your Schneider Electric hardware.
3. If this is a new station shipped from the Schneider Electric factory, it is not
necessary to install the operating system. See the instructions in the hardware
and software user’s guide to load all required drivers.
If it is not a new station, using the v9.6 Restore Media, restore the Windows
operating system on this workstation. See the instructions in the hardware and
software user’s guide to load all required drivers.
Only use the media kits listed in Foxboro DCS Control Core Services v9.6
Platform Specific Media Kits, page 19 to restore the operating system of a station
for Control Core Services v9.6.
4. Set the time and date.
a. Open the Windows Date and Time applet by clicking the Date and Time icon
in the Control Panel.
b. Click Change Date and Time.
c. Adjust the date and time.
d. Click OK.
e. Click Change time zone.
f. Select the correct time zone from the list and select the checkbox (if not
already selected) to automatically adjust the clock for daylight saving time
(DST) changes, if desired.
g. Click OK.
While installing an SDC, it is vital to maintain that the UTC system time matches
the UTC system time on the domain (as viewed on the PDC). The date and time
have to match, though the time which Windows displays might differ if the time
zones are not the same on the two stations.
Be careful when changing the time zone before adjusting the system time as this
can cause the AM/PM setting to change.
Also, be aware the checkbox included for some time zones which defines
whether or not the time will be automatically adjusted for Daylight Saving Time
can cause the system time to differ by an hour.
5. Confirm all of the steps prescribed in the hardware specific documents
referenced in the Control Core Services v9.6 Release Notes (B0700TL) have
been performed before proceeding, including updating drivers such as the
Network Interface Card drivers.

Important Information on Installing Control Core Services

Before you install Control Core Services, verify the server is physically connected to
the network and that the PDC is on-line and attached to the control network.
Also, verify the server is disconnected from any secondary (non-Foxboro) networks,
but it is not recommended to disable the adapters for these network cards.

B0700TK, Rev C 67
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
• The server must be connected to the control network before installing Control
Core Services.
• Disconnect non-Foxboro network connections but keep the adapters enabled for
these network cards.
• The network interface drivers used for connection to the control network might
require updating before installing Control Core Services v9.6. Drivers that have
not been updated might lead to unstable or unavailable communication.
• It is not possible to log onto either type of domain controller (primary or
secondary) with any of the Local Edition or standard Control Core Services user
accounts (such as users that are members of the IA Plant Operators, IA Plant
Maintenance, or IA Plant Engineers groups). It is possible to log onto a domain
controller with the CCS Domain Administrator user account that is created in the
CCS Secure User Accounts dialog box. The recommended configuration for the
domain controllers is IAMESH only.
• For On-Control Network domain controllers on a Foxboro DCS Control Core
Services System, we recommend they are configured with only the IAMESH
package in System Definition. The domain controllers cannot be used as an
engineer or operator workstation because of the inability to log onto the domain
controllers with the standard Control Core Services user accounts.
• On-Control Network domain controllers cannot be used to monitor SNMPv3
configured switches. If a PDC or SDC is configured as a System Monitor (SMON)
host which monitors SNMPv3 switches, the setup will not configure the SNMPv3
key on the system and the switches will not show online in System Manager.
• On servers with the Windows Server 2016 Standard operating system, it is
recommended no roles be added to the system which are not necessary for the
operation of the server. Adding unnecessary roles (for example, adding the
Remote Desktop Services role when the server is not to be used as a remote
session host) can create cybersecurity weaknesses in the overall system.

Changing the Station Name

The Windows workstation or server name has to match the workstation or server
letterbug name as it was configured in SysDef and saved onto your Commit
installation media before you install the Control Core Services. For instructions on
modifying the computer name of your workstation or server, see Appendix B:
Changing the Station Name, page 254.

Preparing Network Interface Cards (NICs) for Installation

NOTICE
POTENTIAL DATA LOSS
Perform this procedure for 100Mbps fiber optic cards only. For copper NICs and for
Gigabit Fiber optic NICs, you must NOT perform this procedure.
Failure to follow these instructions can result in data loss.

Before installing Control Core Services, for each installed NIC, you have to set the
NIC’s properties “Flow Control” and “Speed & Duplex” manually for the NICs on this
station.
See the applicable user’s guide included with your station to determine the NIC cards
it supports.

68 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
1. On Windows 10 or Windows Server 2016 stations, click Control Panel > Device
Manager.
In the Device Manager window, expand the Network adapters list.
2. Right-click the desired card and click Properties. In the Properties dialog box
that appears, select the Advanced tab.
3. In the Property field, click Flow Control. In the Value field, select Disable from
the list.
4. In the Property field, click Speed & Duplex. In the Value field, in the list:
• For a station on the control network, select 100 Mb Full.
• For a station on another network other than the control network (Off-Control
Network), select Auto.
5. Click OK.
6. For each additional NIC, repeat Step 2 through Step 5.
7. Shutdown and restart the system for the driver changes to take effect. Click Start
> Shut Down and select Restart from the list. Click OK.

Installing CCS Software on SDC Server

1. Confirm the Primary Domain Controller has been installed and is attached to the
control network.
2. Confirm the Secondary Domain Controller server is attached to the control
network.
3. Unplug any non-control network cables.
4. Install Windows Server 2016 Local Group Policies. For instructions, see
Appendix N: Security by Local Group Policies, page 304.
5. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.
6. If McAfee ENS is installed, confirm these McAfee ENS components are up to
date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
7. Run a full scan of the system to confirm no viruses are present in the system
before work begins.
8. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD” (K0177DX) into the server’s optical drive.
9. Navigate to the DVD drive and double-click setup.exe.

B0700TK, Rev C 69
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
10. When the User Account Control (UAC) prompt appears, click Yes.

11. A dialog box appears that allows you to select whether you are installing Local
Edition Control Core Services or for an Enterprise Edition system.
• Select Install Enterprise Edition Control Core Services
• Select the installation type as Active Directory Domain Services (AD DS)
• Select AD Type as Install New AD (PDC/SDC)
• Select the network connectivity as On Control Network:

70 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide

NOTE: Click Cancel in any screen during the installation to cancel the
installation procedure. The installation can be resumed from where it was
stopped by relaunching the Setup.exe application.
12. Click Next.
13. The next dialog box requests you load the committed configuration install files.
Click Load.

B0700TK, Rev C 71
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

The browser for the folder containing the committed configuration install files
opens. If the installation media with your Commit files is on the server’s hard drive
or a network, browse to the location of the media and click Select Folder.

14. When the installation files have been loaded, click Bind to launch the Control
Network Configurator dialog box.

72 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
15. From the Control Network Configurator dialog box, select the two network
cards representing the control network and click Next. Be certain to pick the
correct NICs as this selection cannot be changed later in the installation.

16. Click Next.

17. Confirm the PDC is pingable from this server. If it is not, you might have to cancel
the setup, reboot the server and attempt the ping again. If the ping works after the
reboot, run the installation again.

18. The Server platform setup dialog appears. Select Install as a Secondary
Domain Controller (SDC).

B0700TK, Rev C 73
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

19. In the “Provide information for the domain joining account and click Authorize”
area, enter in the name of the primary domain controller (PDC) station. Verify the
account name with authority to add workstation to the domain (i.e. foxboro.local
\CCSDomainAdmin). Enter the password for this account and click Authorize.

NOTE: For SDC, only users who are members of the “IA Domain Admin”
group are authorized to join the domain. If you try to authorize with any other
user, a Permission Denied system message appears.

74 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
20. If the local system time does not match the PDC system time, the Resetting UTC
Date dialog box appears. Click OK. Fix the local system time to match the PDC
time (see Preparing the Server, page 42) and click Authorize again.

In some cases, it will not be possible to determine the remote system time. In this
case, the “Unable to determine local time” dialog box appears. Verify the local
and remote system times match (including date, time, AM/PM) before continuing.
Note that the checkbox displayed for some time zones which allows the system to
automatically adjust for Daylight Saving Time can affect the time displayed by the
system by one hour.

21. If clicking Authorize results in a successful domain rights verification, a message

indicating this appears.

B0700TK, Rev C 75
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
22. If there is another Secondary Domain Controller on the network, select that
SDC’s name from the “Select the Secondary Domain Controller Stations” list and
click Set. Otherwise, click Skip.

23. Confirm the domain is pingable from the client.

• FQDN (Fully Qualified Domain Name) of the PDC (ex:- FL5014.foxboro.
local)
• IP address of the PDC
• Domain name

76 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
24. Verify the name of the domain and click Connect.

25. A message appears to indicate that the connection to the domain has succeeded.
If unsuccessful, a reason that the operation did not finish is shown. Click OK.
If after connecting the domain client to an SDC and the software installation does
not continue after the reboot, the system time might not have been set correctly.
See Setting Time Correctly Software Installation Cannot Continue After Reboot
(SDC or Domain Client), page 260 to correct this.
26. When the Schneider Electric CCS Software Install: Workstation Reboot
Request dialog box appears, click Reboot.

B0700TK, Rev C 77
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
27. The “You’re about to be signed out” screen appears. After a few minutes, the
server will automatically reboot.

28. After the server reboots, log onto the server with the “CCSDomainAdmin” account
using the password as it was set during the PDC server’s installation.
29. Verify the Domain Name and Site Name fields. If satisfied, click Prepare.

30. Enter a new DSRM password and re-enter the same password in the Confirm
Password text box under the section Passwords.
The DSRM password is required to boot the domain controller into Directory
Services Restore Mode to recover Active Directory.
31. Select the "AD Database path", "AD Log Files Path" and "AD SYSVOL path"
under the section "Path Information". You can use the default values or change
the paths by clicking on the ellipses.
32. Select the existing path or create a new path by clicking Make New Folder. Click
OK to select the folder.

78 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
33. Enter the domain name, site name, and NetBIOS name and click Prepare. The
NetBIOS name is auto-populated as you change the domain name. You can
choose to change the auto-populated value of the NetBIOS name before clicking
Prepare.
NOTE: To verify the site name, perform these actions on the PDC:
• Log in as CCSDomainAdmin.
• Open the command prompt.
• Execute the command dsquery site.
The command result must show the site name.

If the domain name or site name do not match with those provided during PDC
installation, the “Provided Site Name or Domain Name is invalid” dialog box
appears. Clicking OK causes the installation to not succeed.

34. After correcting the Domain name or Site name, click Cancel. Click Prepare to
continue with the installation.
35. If the site name or domain name matches the equivalent names on the PDC, a
dialog box appears indicating a suboptimal condition. Verify the name you have
chosen for your Active Directory domain is correct and will not conflict with
another domain on the same network.
Click OK.

B0700TK, Rev C 79
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
36. To maintain a smooth installation process, verify the PDC fully qualified domain
name is pingable. Confirm there is no physical firewall between the PDC and this
server. This confirms PDC and SDC data replication/synchronization.
a. Open a command prompt.
b. Ping the PDC using its on-control network IP address with the –a option.
c. The result of the ping must show a fully qualified name of the PDC.

37. Click Install to load the Active Directory Domain Services onto this server and to
assign the server to the role of Secondary Domain Controller.

A DOS window appears while Active Directory is being installed.

80 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide

NOTE: If the promotion to the domain controller is unsuccessful, a system

message is shown. Details about the system message can be found in two
files:
• C:\windows\temp\promote2dc.txt
• C:\windows\debug\dcpromo.log
If this occurs, reimage the machine and restart the installation process.

38. The server reboots automatically after Active Directory has been installed. After
the server reboots, log into the “CCSDomainAdmin” account with the password
as set in the Server platform setup dialog box.
39. After a few minutes, the installation process restarts automatically. The Setting up
the platform for a secure CCS Software Installation dialog box appears. Click
Apply.

B0700TK, Rev C 81
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network
A DOS window appears while the Active Directory domain settings are applied.

40. When the Active Directory configuration is complete, the command window
shows if the process completed successfully, or with detected errors. The
command window also shows the path to the log file which is: c:\windows
\temp\2016sdc_config.log. The command window waits for any key to be
pressed to proceed further. Press Enter to dismiss the command window.

If this command prompt indicates there are any detected errors, save the
indicated log file to an external drive for any possible analysis by Schneider
Electric. Reimage the server and start the installation again.
41. Click Next > Install to run the installation.

82 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide
42. If the OS1FDB package is configured on this server, the Media Request dialog
box appears.
To install this package, insert the first OS1FDB package diskette and click Load.
After the first disk has been loaded, insert the second OS1FDB package diskette
and click Load.
To bypass the installation of this package, click Skip. The installation continues,
but this dialog box appears again for each of the OS1FDB stations configured on
this SDC.

43. If you selected Load, the media folder browser opens.

If your installation media for the OS1FDB package is not on a floppy diskette,
browse to the location of your stamped media and click Select Folder.
44. Click Finish when the installation process is finished.

B0700TK, Rev C 83
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

At the end of the installation, the installation log appears. You can view the
installation log at any time by clicking Start > Foxboro DCS Control Core
Services > Log Viewer.

Click Setup Log, Pkg Log, and Init Log to view these logs. These logs can also
be printed.

Installing the Control Core Services v9.6 Trailer Media (If Provided)
If a trailer is provided in the media kit, install it at this time. Installation instructions are
provided in Control Core Services v9.6 Release Notes (B0700TL).

84 B0700TK, Rev C
Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Network Control Core Services v9.6 Software Installation Guide

Restarting Your VM Server

If the server is a virtual machine, shut it down and set its MAC addresses to be static,
and start the VM again. For instructions, see Virtualization for Windows Server 2016
User's Guide (B0700HD).
If this server is a physical machine, reboot the server at this time. Click Start > Shut
Down. Select Restart from the list and click OK.

Installing Additional Optional Software

After installing Control Core Services software and restarting the station, you can
install any optional software that is desired. See Appendix H: Installing Optional
Software, page 273.
NOTE: Install the “Foxboro Classic Software Support” media to use ICC, Operator
Action Journal, PLB Monitor, or PLB Editor. If you already have Control Core
Services v9.4, it is not necessary to install Foxboro Classic Software Support to
use these features. If you previously installed “Foxboro Classic Software Support”
on CCS v9.5, it is not necessary to install it again on CCS v9.6.

Secondary Domain Controller Post-Installation Procedures

Changing Passwords
1. Click Start > Run and enter ntdsutil.exe:

2. Click OK.
3. Enter this text in the command prompt window:
set dsrm password
reset password on server <SERVERNAME>
<password>
<password>
quit
quit
<SERVERNAME> is the actual name of your SDC server. <Password> is the
newly chosen Active Directory Restore Mode password.
Document this password and save it in a trusted place for future retrieval. Without
this password you will not be able to recover Active Directory.

B0700TK, Rev C 85
 Chapter 5: Installing Enterprise Edition Control Core Services
v9.6 on New Secondary Domain Controllers on The Control
Control Core Services v9.6 Software Installation Guide Network

Backing Up Active Directory

Back up your Active Directory at regular intervals on Control Core Services domain
controller stations. Backing up Active Directory provides a smooth restoration of
Control Core Services system operations after an unexpected hardware or software
suboptimal condition. For additional information, see “Backing Up Active Directory on
Domain Controllers” in Foxboro DCS Security Implementation Guide (B0700HM).

Continuing Installation
For the installation procedure for the domain clients, see Chapter 8: Installing
Enterprise Edition Control Core Services v9.6 for Domain Clients, page 149.

86 B0700TK, Rev C
Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

Chapter 6: Installing Enterprise Edition Control Core

Services v9.6 for New Off-Control Network Domain
Controllers
You can install Enterprise Edition Control Core Services v9.6 on new primary and
secondary domain controller servers on a separate network from the Foxboro DCS
Control Network.
• For Off-Control Network Primary Domain Controllers, proceed to Off-Control
Network Primary Domain Controllers, page 87.
• For Off-Control Network Secondary Domain Controllers, proceed to Off-Control
Network Secondary Domain Controllers, page 109.
NOTE: It is highly recommended to have a Secondary Domain Controller (SDC) in
place in order to maintain high availability of the domain services in case the PDC
is down.
Starting with the HP DL380 Gen9 server images for Windows Server 2016, the default
Administrator account is disabled and has a blank password.

Off-Control Network Primary Domain Controllers

This section describes how to install Enterprise Edition Control Core Services v9.6 on
new primary domain controller servers on a separate network from the control
network.
The steps required for this scenario are shown in this image:

B0700TK, Rev C 87
 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

Figure 3 - Steps to Install Enterprise Edition Control Core Services v9.6 on Off-
Control Network Primary Domain Controller Servers

Preparing the PDC Server

The primary domain controller (PDC) has to be a server-class station installed with the
Windows Server 2016 Standard operating system, and has to be the first station in the
Control Core Services system installed with the Enterprise Edition Control Core
Services. For this procedure, it is assumed the PDC is installed on a separate network
(which is called an “Off-Control Network” network), not connected to the control
network.
Perform these steps to set up the hardware, restore the Windows operating system,
and update drivers for your workstation.
1. See Control Core Services v9.6 Release Notes (B0700TL) for hardware
requirements specific to the v9.6 release. Obtain and use the latest hardware and
software user guides referenced in these release notes for each workstation
being installed with Control Core Services v9.6.
2. For instructions on installing memory upgrades, PCI cards, and so forth, see the
latest hardware user guides for your Schneider Electric hardware.

88 B0700TK, Rev C
Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

3. If this is a new station shipped from the Schneider Electric factory, it is not
necessary to install the operating system. See the instructions in the hardware
and software user’s guide to load all required drivers.
If it is not a new station, using the V9.6 Restore Media, restore the Windows
operating system on this workstation. See the instructions in the hardware and
software user’s guide to load all required drivers.
Only use the media kits listed in Foxboro DCS Control Core Services v9.6
Platform Specific Media Kits, page 19 to restore the operating system of a station
for Control Core Services v9.6.
4. Set the time and date.
a. Open the Windows Date and Time applet by clicking the Date and Time icon
in the Control Panel.
b. Click Change Date and Time.
c. Adjust the date and time.
d. Click OK.
e. Click Change time zone.
f. Select the correct time zone from the list and select the checkbox (if not
already selected) to automatically adjust the clock for daylight saving time
(DST) changes, if desired.
g. Click OK.
5. Confirm all of the steps prescribed in the hardware specific documents
referenced in the Control Core Services v9.6 Release Notes (B0700TL) have
been performed before proceeding, including updating drivers such as the
Network Interface Card drivers.

Notes on Installing Control Core Services on PDC

Before you install Control Core Services, verify the server is physically connected to
the Off-Control Network and, if needed, that any network interface card drivers are
updated.
• The server must be connected to the Off-Control Network before installing
Control Core Services software.
• On servers with the Windows Server 2016 Standard operating system, it is
recommended no roles be added to the system which are not necessary for the
operation of the server. Adding unnecessary roles (for example, adding the
Remote Desktop Services role when the server is not to be used as a remote
session host) can create cybersecurity weaknesses in the overall system.

Installing CCS Software on PDC

NOTE: If you unplugged any non-control network cables before performing the
Day 0 installation, plug in the non-control network cables at this time.

Assigning a Static IPv4 Address to Off-Control Network Adapter

1. Right-click on Start and from the menu that appears, select Control Panel.
2. Click Network and Internet.
3. Click Network and Sharing Center.

B0700TK, Rev C 89
 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

4. Click Change Adapter settings on the left pane.

5. Select the network adapter that represents the off-control network, right-click on
the adapter and select Properties from the menu.
6. Clear Internet Protocol Version 6 (TCP/IPv6).
7. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
8. Set a static IP address and preferred DNS server.
NOTE: The IP address shown in your case does not need to match the IP
address shown in this image.

Continuing the PDC Installation

1. Install Windows Server 2016 Local Group Policies. For instructions, see
Appendix N: Security by Local Group Policies, page 304.
2. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.
3. If McAfee ENS is installed, confirm these McAfee ENS components are up to
date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
4. Run a full scan of the system to confirm no viruses are present in the system
before work begins.

90 B0700TK, Rev C
Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

5. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD” (K0177DX).
6. Navigate to the DVD drive and double-click setup.exe.
7. When the User Account Control (UAC) prompt appears, click Yes.

This will install Microsoft Visual C++ 2015 Redistributables. After installing, the
CCS installer will be launched.
8. A dialog box appears that allows you to select whether you are installing Local
Edition Control Core Services or for an Enterprise Edition system.
• Select Install Enterprise Edition Control Core Services
• Select the installation type as Active Directory Domain Services (AD DS)
• Select the network connectivity as Off Control Network

B0700TK, Rev C 91
 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

NOTE: Click Cancel in any screen during the installation to cancel the
installation procedure. The installation can be resumed from where it was
stopped by relaunching the Setup.exe application.
9. Click Next.
10. The next dialog box requests you load the committed configuration install files.
Click Load.

92 B0700TK, Rev C
Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

The browser for the folder containing the committed configuration install files
opens. If the installation media with your Commit files is on the server’s hard drive
or a network, browse to the location of the media and click Select Folder.

11. Click Next. The Server platform setup dialog box appears. Leave the “Install as a
Primary Domain Controller (PDC)” choice selected.
If there is no SDC plan, click Skip and proceed.

B0700TK, Rev C 93
 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

12. If a Secondary Domain Controller (SDC) server is planned for this Control Core
Services system, add the SDC servers from the list by selecting the Add Off-
Mesh checkbox. The dialog box shown in the subsequent figure opens to indicate
where the IP addresses for SDC stations can be set. Enter each of the known
SDC IP addresses and click Done.

94 B0700TK, Rev C
Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

13. When the SDC IP addresses are added, click Set to select the SDC IP addresses
or Skip to select no SDC station IP addresses. If this server does not have
exactly one statically set NIC adapter, this message appears. When the NIC
settings are corrected, you can click Set or Skip again to continue.

14. Enter this information:

a. Enter a new DSRM password and re-enter the same password in the
Confirm Password text box under the section Passwords.
The DSRM password is required to boot the domain controller into Directory
Services Restore Mode to recover Active Directory.
b. Enter a new Built-in Admin password and re-enter the same password in the
Confirm Password text box under the section Passwords.
c. Select the "AD Database path", "AD Log Files Path" and "AD SYSVOL path"
under the section "Path Information". You can use the default values or
change the paths by clicking on the ellipses.
d. Clicking on this will show the Browse For Folder dialog box. You can select
the existing path or create a new path by clicking Make New Folder, click
OK to select the folder.
e. In the section “Enter domain information for ….”, enter a new domain name,
site name and net BIOS name. These are defaulted to “offmesh”.

B0700TK, Rev C 95
 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

NOTE: The NetBIOS domain name is the name which you see when you log
into the domain. It is generated by the installation application and appears in
the text box “NetBIOS Name”. The generated NETBIOS name is based on
the domain name specified. The rules for generating a NETBIOS name are:
• The maximum length of the name must be 15 characters.
• The minimum length of the name must be 2 characters.
• It can contain any combination of upper and lower case letters and
numbers as well as these special characters: !, @, #, $, %, ^, &, ), (, -, _,
{, }, and ~.
• These special characters are not allowed: \, /, :, *, ?, “, <, >, and |. If the
generated name does not conform with these rules or is not suitable to
your requirements, you are free to change it in the text box. Note that
generally, this value is set to the same name as the last segment of the
domain name.
15. Click Prepare.

96 B0700TK, Rev C
Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

16. The CCS Installation dialog box appears. Make sure at this time the name you
have chosen for your Active Directory domain is correct and will not conflict with
another domain on the same network. Click OK to continue.

17. Click Install to load the Active Directory Domain Services onto this server and to
promote the server to the role of Primary Domain Controller.

A DOS window appears while Active Directory is being installed.

The DOS window shows the progress while the system is promoted to Primary
Domain Controller status and DNS is installed. Some detected error messages

B0700TK, Rev C 97
 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

are shown in the DOS window during the promotion of the domain controller.
These detected error messages pertain to static IP addresses, the delegation of
DNS, or default security settings for the Windows Server 2016 operating system.
These detected error messages can be ignored.

18. After the server is promoted to the Primary Domain Controller role, the “You’re
about to be signed out” window appears. After a few minutes, the server will
automatically reboot.

19. After the server reboots, log into the “Administrator” account with the password
that has been set in the Server Platform Setup screen.
20. Restart the installation by launching Setup.exe from the DVD drive, as described
in Step 2. The Setting up the platform for a secure CCS installation dialog box
appears. Click Apply.

98 B0700TK, Rev C
Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

A DOS window appears while the Active Directory is ready to be configured.

During this stage it is normal to see detected errors that Active Directory is not yet
functional. The Active Directory verification process attempts to make it functional
and proceeds to the next step of configuring the Active Directory.

As part of the Active Directory configuration process, a DOS window appears

while the Active Directory domain settings are applied.

NOTE: The XML file indicated in this dialog box is correct to reference CCS
v9.5. The Active Directory group policies have not changed since CCS v9.5.
NOTE: If this command prompt indicates there are any detected errors, save
the indicated log file to an external drive for any possible analysis by
Schneider Electric. Reimage the server and start the installation again.

B0700TK, Rev C 99
 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

21. When the configuration of Active Directory is complete, the command prompt
shows if the process completed successfully, or with detected errors. The
command prompt also shows the path to the log file which is: c:\windows
\temp\2016OffMeshPDC_Config_Day0_CCS_9.6.log. The command
prompt waits for any key to be pressed to proceed further. Press Enter to dismiss
the command prompt.

22. The CCS Secure User Accounts dialog box opens. Enter in the usernames and
passwords for the CCS domain accounts and click Create.
NOTE: Before you click Create, select the Show Password checkbox to
verify the passwords.

NOTE: The password has to meet this complexity criteria:

• Must not contain the user's account name or parts of the user's full name
that exceed two consecutive characters
• An 8-character minimum password length
• Contain characters from three of these four categories
◦ English uppercase characters (A-Z)
◦ English lowercase characters (a-z)
◦ Base 10 digits (0-9)
◦ Non-alphabetic characters (for example: !, $, #, %)

100 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

23. Click Done to complete the installation. The Workstation Reboot Request
dialog box appears. Click Reboot.

24. The operating system shows a reboot message and after some time
automatically reboots the server.

25. At this point, the installation of PDC is complete. You can login with
CCSDomainAdmin to perform any further actions.

NOTICE
POTENTIAL DATA LOSS
At this point the default Administrator account (which is internally renamed as
IAManager) on the PDC is disabled for security reasons. You will be unable to
login with this account on the PDC. The only domain administrator at this point
will be the CCSDomainAdmin user. If you want to enable the Administrator (a.k.
a IAManager) on the PDC, you can use Active Directory Users and Computers
console to enable the user.
Failure to follow these instructions can result in data loss.

NOTE: Day 0 installation of pre-Control Core Services v9.5 clients is not

allowed when the PDC is running CCS v9.5. This operation is an exception,
but if you still have to perform this action, see Appendix L: Day 0 Installation
of Pre-CCS v9.5 Clients on a System with a PDC Installed with Enterprise
Edition CCS v9.5 or v9.6, page 295.

Restarting Your PDC

1. Click Start > Shut Down. Select Restart from the list and click OK.
2. After the restart, logon as CCSDomainAdmin.

Installing Additional Optional Software

After installing Control Core Services software and restarting the station, you can
install any optional software that is desired. See Appendix H: Installing Optional
Software, page 273.

B0700TK, Rev C 101

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

NOTE: Install the “Foxboro Classic Software Support” media to use ICC, Operator
Action Journal, PLB Monitor, or PLB Editor. If you already have Control Core
Services v9.4, it is not necessary to install Foxboro Classic Software Support to
use these features. If you previously installed “Foxboro Classic Software Support”
on CCS v9.5, it is not necessary to install it again on CCS v9.6.

Primary Domain Controller Post-Installation Procedures

NOTICE
POTENTIAL DATA LOSS
• The default Administrator account (internally renamed as CCSManager) on the
PDC is disabled due to security reasons. You will be unable to login with this
account on the PDC. The only domain administrator at this point will be the
CCSDomainAdmin user.
• If you want to enable the Administrator (aka CCSManager) on the PDC, you can
use Active Directory Users and Computers console to enable the user. We
advise to create another domain administrator user who can act as a domain
and enterprise administrator. The other domain admin account can be useful in
an event the first two domain admin accounts get locked or become unusable.
Failure to follow these instructions can result in data loss.

Changing Passwords
1. Click Start > Run and enter ntdsutil.exe:

2. Click OK.
3. Enter this text in the command prompt window:
set dsrm password
reset password on server <SERVERNAME>
<password>
<password>
quit
quit
<SERVERNAME> is the actual name of your SDC server. <Password> is the
newly chosen Active Directory Restore Mode password.
Document this password and save it in a trusted place for future retrieval. Without
this password you will not be able to recover Active Directory.

102 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

Creating Users in Active Directory

These steps can be used to create an Operator account in the Active Directory
domain. This is a default group. Similar steps can be taken to create other customized
accounts, such as Maintenance and Engineer accounts. For information on creating
customized accounts, see Foxboro DCS Security Implementation Guide (B0700HM).
1. Click Start > Windows Administrative Tools > Active Directory Users and
Computers.
2. Under the Foxboro\Accounts\Users\Standard OU, right-click Standard, and
select New > User:

The users are created under the Accounts\Users\Standard OU, including IA Plant
Engineers, IA Plant Operators, and IA Plant Maintenance.
The New Object - User dialog box opens.

B0700TK, Rev C 103

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

3. Enter the First name, Full name, and User logon name as the same value (for
example, Operator1).
4. Click Next.
5. In the New Object - User dialog box, clear the User must change password at
next logon checkbox. Select the Password never expires checkbox.
6. Enter the password and confirm the password.
7. Click Next.

104 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

8. Click Finish.

9. Double-click on the new username in the Active Directory Users and

Computers dialog box to open the Properties dialog box.

B0700TK, Rev C 105

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

10. Select the Member Of tab.

11. Click Add.

12. Enter the text IA Plant and click Check Names.

106 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

13. Select the desired Control Core Services standard user group (for example, IA
Plant Operators) and click OK.

14. Click OK to close the Select Groups dialog box.

B0700TK, Rev C 107

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

15. Click OK to close the Properties dialog box.

16. Repeat these steps for as many users as desired. The different standard user
groups provide different policy settings and system access.

Tombstone Lifetime Attribute in Active Directory

By default the Active Directory tombstone lifetime is 180 days. Having a longer
tombstone lifetime decreases the chance a deleted object remains in the local
directory of a disconnected Domain Controller beyond the time when the object is
permanently deleted from online DCs.
It is highly recommended you review information regarding the tombstone lifetime
attribute in “Backing Up Active Directory on Domain Controllers” in Foxboro DCS
Security Implementation Guide (B0700HM). If you want to alter the default value, use
the procedure “Changing the Tombstone Lifetime Attribute in Active Directory” in
Foxboro DCS Security Implementation Guide (B0700HM).

Backing Up Active Directory

Back up your Active Directory at regular intervals on Control Core Services domain
controller stations. Backing up Active Directory provides a smooth restoration of
Control Core Services system operations after an unexpected hardware or software
suboptimal condition. For additional information, see “Backing Up Active Directory on
Domain Controllers” in Foxboro DCS Security Implementation Guide (B0700HM).

108 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

Continuing the PDC Installation

If you have a secondary domain controller on the same separate network, proceed to
Off-Control Network Secondary Domain Controllers, page 109.
If a SDC is not planned, proceed to Chapter 8: Installing Enterprise Edition Control
Core Services v9.6 for Domain Clients, page 149 for the installation procedure for the
domain clients.
Also, you can install any Control Core Services v9.6 trailers that are available at this
time. Trailers are provided with their own installation instructions.

Off-Control Network Secondary Domain Controllers

This section describes how to install Enterprise Edition Control Core Services v9.6 on
secondary domain controller servers on a separate network from the control network.
The steps required for this scenario are shown in this image:

Figure 4 - Steps to Install Enterprise Edition Control Core Services v9.6 on Off-
Control Network Secondary Domain Controller Servers

B0700TK, Rev C 109

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

Preparing the SDC Server

The secondary domain controller (SDC) has to be a server-class station installed with
the Windows Server 2016 Standard operating system. For this procedure, it is
assumed the SDC is installed on a separate network (which is called “Off-Control
Network”), not connected to the control network.
Perform these steps to set up the hardware, restore the Windows operating system,
and update drivers for your workstation.
1. See Control Core Services v9.6 Release Notes (B0700TL) for hardware
requirements specific to the v9.6 release. Obtain and use the latest hardware and
software user guides referenced in these release notes for each workstation
being installed with Control Core Services v9.6.
2. For instructions on installing memory upgrades, PCI cards, and so forth, see the
latest hardware user guides for your Schneider Electric hardware.
3. If this is a new station shipped from the Schneider Electric factory, it is not
necessary to install the operating system. See the instructions in the hardware
and software user’s guide to load all required drivers.
If it is not a new station, using the v9.6 Restore Media, restore the Windows
operating system on this workstation. See the instructions in the hardware and
software user’s guide to load all required drivers.
Only use the media kits listed in Foxboro DCS Control Core Services v9.6
Platform Specific Media Kits, page 19 to restore the operating system of a station
for Control Core Services v9.6.
4. Set the time and date.
a. Open the Windows Date and Time applet by clicking the Date and Time icon
in the Control Panel.
b. Click Change Date and Time.
c. Adjust the date and time.
d. Click OK.
e. Click Change time zone.
f. Select the correct time zone from the list and select the checkbox (if not
already selected) to automatically adjust the clock for daylight saving time
(DST) changes, if desired.
g. Click OK.
While installing an SDC, it is vital to maintain that the UTC system time matches
the UTC system time on the domain (as viewed on the PDC). The date and time
have to match, though the time which Windows displays might differ if the time
zones are not the same on the two stations.
Be careful when changing the time zone before adjusting the system time as this
can cause the AM/PM setting to change.
Also, be aware the checkbox included for some time zones which defines
whether or not the time will be automatically adjusted for Daylight Saving Time
can cause the system time to differ by an hour.
5. Confirm all of the steps prescribed in the hardware specific documents
referenced in the Control Core Services v9.6 Release Notes (B0700TL) have
been performed before proceeding, including updating drivers such as the
Network Interface Card drivers.

110 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

Notes on Installing Control Core Services on SDC

Before you install Control Core Services, verify the server is physically connected to
the network and that the PDC is on-line and attached to the same Off-Control
Network.
• The server must be connected to the Off-Control Network before installing
Control Core Services software.
• The network interface drivers might need updating before installing Control Core
Services v9.6. If upgrades are not completed before installation, it might lead to
unstable or unavailable communications.
• On servers with the Windows Server 2016 Standard operating system, it is
recommended no roles be added to the system which are not necessary for the
operation of the server. Adding unnecessary roles (for example, adding the
Remote Desktop Services role when the server is not to be used as a remote
session host) can create cybersecurity weaknesses in the overall system.

Installing CCS Software on SDC

NOTE: If you unplugged any non-control network cables before performing the
Day 0 installation, plug in the non-control network cables at this time.

Assigning a Static IPv4 Address to Off-Control Network Adapter for SDC

1. Right-click on Start and from the menu that appears, select Control Panel.
2. Click Network and Internet.
3. Click Network and Sharing Center.
4. Click Change Adapter settings on the left pane.
5. Select the network adapter that represents the off-control network, right-click on
the adapter and select Properties from the menu.
6. Clear Internet Protocol Version 6 (TCP/IPv6).
7. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
8. Set a static IP address and preferred DNS server.
NOTE: The IP address shown in your case does not need to match the IP
address shown in this image.

B0700TK, Rev C 111

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

9. Confirm the PDC is pingable from this server using the off-control static IPv4
address assigned to the PDC. If it is not, you might have to reboot the server and
attempt the ping again. If the ping works after the reboot, proceed.

Continuing the SDC Installation

1. Install Windows Server 2016 Local Group Policies. For instructions, see
Appendix N: Security by Local Group Policies, page 304.
2. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.

112 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

3. If McAfee ENS is installed, confirm these McAfee ENS components are up to

date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
4. Run a full scan of the system to confirm no viruses are present in the system
before work begins.
5. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD” (K0177DX).
6. Navigate to the DVD drive and double-click setup.exe.
7. When the User Account Control (UAC) prompt appears, click Yes.

8. A dialog box appears that allows you to select whether you are installing Local
Edition Control Core Services or for an Enterprise Edition system.
• Select Install Enterprise Edition Control Core Services
• Select the installation as Active Directory Domain Services (AD DS)
• Select the network connectivity as Off Control Network

B0700TK, Rev C 113

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

NOTE: Click Cancel in any screen during the installation to cancel the
installation procedure. The installation can be resumed from where it was
stopped by relaunching the Setup.exe application.
9. Click Next.
10. The next dialog box requests you load the committed configuration install files.
Click Load.

114 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

The browser for the folder containing the committed configuration install files
opens. If the installation media with your Commit files is on the server’s hard drive
or a network, browse to the location of the media and click Select Folder.

B0700TK, Rev C 115

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

11. Confirm the PDC is pingable from this server using the off-control static IPv4
address assigned to the PDC. If it is not, you might have to cancel the installation,
reboot the server and reattempt the ping. If the ping works after the reboot, restart
the installation and proceed to Step 12.

12. Click Next. The Server platform setup dialog box appears. Leave Install as a
Secondary Domain Controller (PDC) selected.

116 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

13. In the “Provide information for the domain joining account and click Authorize”
field:

a. Enter the IP Address of the Off-Control Network PDC server.

b. Enter the domain administrator username qualified with the domain name
(for example, offmesh.local\CCSDomainAdmin).
c. Enter the password for this account and click Authorize.
14. If the local system time does not match the PDC system time, the CCS
Installation dialog box appears. Click OK. Fix the local system time to match the
PDC time (see Preparing the Server, page 42) and click Authorize again.

In some cases, it will not be possible to determine the remote system time. In this
case, the dialog box shown in this figure appears. It is vital to verify that the local
and remote system times match (including date, time, AM/PM, timezone) before
continuing. Note that the checkbox displayed for some time zones which allows
the system to automatically adjust for Daylight Saving Time can affect the time
displayed by the system by one hour.

B0700TK, Rev C 117

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

15. When clicking Authorize results in a successful domain rights verification, a

message indicating this appears.

16. If there are more SDCs planned, select Add Off-Mesh from the “Select the
Secondary Domain Controller Stations” list. Select the highlighted option if there
are additional SDCs on the network.

17. In the dialog box that appears, add the off-control IP addresses of those SDCs,
and click Done.

18. Click Set.

118 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

19. If there are no SDCs planned, click Skip.

20. Confirm the PDC is pingable.

• FQDN (Fully Qualified Domain Name) of the PDC (ex:- <Hostname>.off-
mesh.local)
• IP address of the PDC
• Domain name

B0700TK, Rev C 119

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

21. Verify the name of the domain and click Connect.

22. A message appears to indicate the connection to the domain has succeeded. If
unsuccessful, a reason it did not succeed appears. Click OK.
NOTE: If after connecting the domain client to an SDC and the software
installation does not continue after the reboot, the system time might not have
been set correctly. See Setting Time Correctly Software Installation Cannot
Continue After Reboot (SDC or Domain Client), page 260 to correct this.
23. When the Schneider Electric CCS Software Install: Workstation Reboot
Request dialog box appears, click Reboot.

120 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

24. The “You’re about to be signed out” screen appears. After a few minutes, the
server will automatically reboot.

25. After the server reboots, log on with the “CCSDomainAdmin” account using the
password as it was set during the PDC server's installation.
26. After a few minutes, the installation process restarts automatically. The Server
platform setup dialog appears.
a. Enter a new DSRM password and re-enter the same password in the
Confirm Password text box under the section Passwords.
The DSRM password is required to boot the domain controller into Directory
Services Restore Mode to recover Active Directory.
b. Enter a new Built-in Admin password and re-enter the same password in the
Confirm Password text box under the section Passwords.
c. Select the “AD Database path” ,”AD Log Files Path” and “AD SYSVOL path”
under the section “Path Information”. You can use the default values or
change the paths by clicking on the ellipses.
d. Clicking on this will show the Browse For Folder dialog box.
27. You can select the existing path or create a new path by clicking on Make New
Folder, click Ok to select the folder.
28. Verify the Domain Name and Site Name fields. If satisfied, click Prepare.

B0700TK, Rev C 121

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

To verify the site name, perform these actions on the PDC:

a. Log in as CCSDomainAdmin.
b. Open the command prompt.
c. Execute the command dsquery site.
29. If you are satisfied with the domain and site names, click Prepare.

122 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

30. If the domain name or site do not match with those provided during PDC
installation, the dialog box appears.

NOTE: Click Cancel and correct the Domain/Site Name. Click Prepare.
Clicking OK and proceeding with incorrect domain/site name will cause the
installation to be unsuccessful.
31. If the site name and domain name matches with those provided during PDC
installation, the CCS Installation dialog box appears just to give you one more
chance to recheck. Check at this time the name you have chosen for your Active
Directory domain is correct and will not conflict with another domain on the same
network. Clicking OK will cause the installation to not succeed.

32. To assist with a smooth installation process, verify the PDC fully qualified domain
name is pingable and verify there is no firewall between the PDC and this server.
This helps to confirm PDC and SDC data replication and synchronization.
a. Open command prompt.
b. Ping the PDC using its off-control network IP address with –a option.
c. The result of ping must show a fully qualified name of the PDC, as shown in
this figure.

B0700TK, Rev C 123

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

33. Click Install to load the Active Directory Domain Services onto this server and to
assign the server to the role of Secondary Domain Controller.

A DOS window appears while Active Directory is being installed.

124 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

34. After the Active Directory Domain Services are installed, this launches a DOS
prompt which promotes the server to the Secondary Domain Controller (SDC)
role.

NOTE: It is normal to see detected errors during promotion to domain

controller. These system messages pertain to DNS delegation, a default
security setting for Windows Server 2016 DCs, etc. These can be ignored.

NOTE: If the promotion to the domain controller is unsuccessful, a system

message is shown. Details about the system message can be found in two
files:
• C:\windows\temp\promote2dc.txt
• C:\windows\debug\dcpromo.log

B0700TK, Rev C 125

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

If this occurs, reimage the machine and restart the installation process.

The “You’re about to be signed out” screen appears. After a few minutes, the
server will automatically reboot.

The server reboots automatically after Active Directory has been installed.
35. After the server reboots, log into the “IAInstaller” account with the password as
set in the CCS Secure User Accounts dialog box.
36. After a few minutes, the installation process restarts automatically. The dialog box
appears. Click Apply.

A DOS window appears while the Active Directory is ready to be configured.

During this stage, it is normal to see detected errors indicating the Active

126 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

Directory is not yet functional. The Active Directory verification process attempts
to make it functional and proceeds to the next step of configuring the Active
Directory.

As part of the Active Directory configuration process, a DOS window appears

which will configure the Active Directory domain.
37. When the configuration of Active Directory is complete, the command prompt
shows if the process completed successfully, or with detected errors. The
command prompt also shows the path to the log file which is: c:\windows
\temp\2016offmeshsdc_config.log. The command prompt waits for any
key to be pressed to proceed further. Press Enter to dismiss the command
prompt.

NOTE: If this command prompt indicates there are any detected errors, save
the indicated log file to an external drive for any possible analysis by
Schneider Electric. Reimage the server and start the installation again.

B0700TK, Rev C 127

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

38. Click Done to complete the installation.

Restarting Your SDC

Click Start > Shut Down. Select Restart from the list and click OK.

Installing Additional Optional Software

After installing Control Core Services software and restarting the station, you can
install any optional software that is desired. See Appendix H: Installing Optional
Software, page 273.
NOTE: Install the “Foxboro Classic Software Support” media to use ICC, Operator
Action Journal, PLB Monitor, or PLB Editor. If you already have Control Core
Services v9.4, it is not necessary to install Foxboro Classic Software Support to
use these features. If you previously installed “Foxboro Classic Software Support”
on CCS v9.5, it is not necessary to install it again on CCS v9.6.

128 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

Secondary Domain Controller Post-Installation Procedures

Changing Passwords
1. Click Start > Run and enter ntdsutil.exe:

2. Click OK.
3. Enter this text in the command prompt window:
set dsrm password
reset password on server <SERVERNAME>
<password>
<password>
quit
quit
<SERVERNAME> is the actual name of your SDC server. <Password> is the
newly chosen Active Directory Restore Mode password.
Document this password and save it in a trusted place for future retrieval. Without
this password you will not be able to recover Active Directory.

Backing Up Active Directory

Back up your Active Directory at regular intervals on Control Core Services domain
controller stations. Backing up Active Directory provides a smooth restoration of
Control Core Services system operations after an unexpected hardware or software
suboptimal condition. For additional information, see “Backing Up Active Directory on
Domain Controllers” in Foxboro DCS Security Implementation Guide (B0700HM).

B0700TK, Rev C 129

 Chapter 6: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for New Off-Control Network Domain Controllers

Adding Foxboro Stations to Active Directory Post-Installation

When first installed, the Off-Control Network PDC contains objects in Active Directory
for the Foxboro stations in the system. If stations are added to the Control Core
Services system at a later time, new objects have to be created manually in this
PDC’s Active Directory.
1. Click Start > Windows Administrative Tools > Active Directory Users and
Computers. You might need to scroll down to see this menu selection.
2. From Active Directory Users and Computers, right-click on the IA Computers
OU and select New > Computer.

3. Enter the name of the new workstation in the Computer name field and click OK.
The OU for Pre-8.8 workstations on migrated systems will be named “Pre-8.8 IA
Computers”.

130 B0700TK, Rev C

Chapter 6: Installing Enterprise Edition Control Core Services
v9.6 for New Off-Control Network Domain Controllers Control Core Services v9.6 Software Installation Guide

Finishing Post-Installation
For the installation procedure for the domain clients, see Chapter 8: Installing
Enterprise Edition Control Core Services v9.6 for Domain Clients, page 149.

B0700TK, Rev C 131

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers

Chapter 7: Installing Enterprise Edition Control Core

Services v9.6 for Existing Off-Control Network
Primary Domain Controllers
You can install Enterprise Edition Control Core Services v9.6 on an existing primary
domain controller server with Windows Server 2016 Standard on a separate network
(not on the Foxboro DCS Control Network).
If you already have a PDC with Windows Server 2016 Standard on which you want to
install the Control Core Services components for Active Directory, see the instructions
in this chapter to perform this installation.
For Off-Control Network PDCs, no upgrade is needed, as Control Core Services
software is not installed. It is not advisable to perform the Local Edition install for off-
Control Network PDCs.
We recommend you have a Secondary Domain Controller (SDC) in place in order to
maintain high availability of the domain services in case the PDC is down for any
reason.
Be aware this scenario does not include installation of an SDC. If you have an SDC,
replicate the Active Directory to that SDC after the Control Core Services installation
to the PDC.
If a SDC is not installed and you want to add one now, you can purchase a Schneider
Electric-supplied SDC and install Control Core Services v9.6 on it as described in Off-
Control Network Secondary Domain Controllers, page 109. Alternately, you can use a
non-Schneider Electric server as your SDC and install only the appropriate Microsoft
Active Directory software.

Notes on Installing Control Core Services

Before you install Control Core Services, verify the server is physically connected to
the Off-Control Network and, if needed, that any network interface card drivers are
updated.
• On servers with the Windows Server 2016 Standard operating system, it is
recommended no roles be added to the system which are not necessary for the
operation of the server. Adding unnecessary roles (for example, adding the
Remote Desktop Services role when the server is not to be used as a remote
session host) can create cybersecurity weaknesses in the overall system.
• Use the CCSInstaller account for the installation tasks. However, due to the
permissions assigned to CCSInstaller, it is not to be used for any other role, such
as operation of the domain controllers.
This image shows the steps required for this scenario.

132 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide
Figure 5 - Steps Needed for Installing Control Core Services

Installing CCS Software for this Configuration

NOTE: It is recommended you perform backups of all existing software and
settings on the existing primary domain controller before proceeding with these
steps.
1. Install Windows Server 2016 Local Group Policies. For instructions, see
Appendix N: Security by Local Group Policies, page 304.
2. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.
3. If McAfee ENS is installed, confirm these McAfee ENS components are up to
date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
4. Run a full scan of the system to confirm no viruses are present in the system
before work begins.
5. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD” (K0177DX).
6. Navigate to the DVD drive and double-click setup.exe. If autoplay is enabled, the
autoplay dialog appears, from which you can directly run the setup.exe.
7. If UAC is enabled, you either are asked for a consent (Yes/No) or asked for
administrator credentials. Provide the necessary information for the UAC. Enter
the built-in administrator credentials when the UAC prompt appears.
This installs Microsoft Visual C++ 2015 Redistributables. After installing it
launches the Installer dialog box.
8. A dialog box appears that allows you to select whether you are installing Local
Edition Control Core Services or for an Enterprise Edition system.
• Select Install Enterprise Edition Control Core Services
• Select the installation type as Active Directory Domain Services (AD DS)
• Select the network connectivity as Use existing Non-Foxboro DCS AD

B0700TK, Rev C 133

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers

NOTE: Click Cancel in any screen during the installation to cancel the
installation procedure. The installation can be resumed from where it was
stopped by relaunching the Setup.exe application.
9. Click Next.
10. The next dialog box requests you load the committed configuration install files.
Click Load.

134 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide

The browser for the folder containing the committed configuration install files
opens. If the installation media with your Commit files is on the server’s hard drive
or a network, browse to the location of the media and click Select Folder.

B0700TK, Rev C 135

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers

NOTICE
POTENTIAL DATA LOSS
The installation program attempts to copy some GPO templates into the
SYSVOL folder in next screen when you click Apply. The installation assumes
the default SYSVOL path (c:\windows\SYSVOL) for this purpose. If you have
installed SYSVOL at a different path, perform these steps so the installation
program copies the GPO templates to the correct SYSVOL path.
Failure to follow these instructions can result in data loss.

11. If you have installed SYSVOL at a non-default path as specified in the NOTICE,
perform these substeps before proceeding with the actual installation, so the
installation program copies the GPO templates to the correct SYSVOL path.
a. Open the File Explorer and browse to the path: C:\ProgramData
\Invensys\IASeries\Installer\SupportFiles\Configurations
b. Remove the read only flag on the file ExistingDomain_2016OffMeshPDC_
Config.xml and by right clicking the file, selecting Properties, and clearing
the Read-Only checkbox.
c. Open Notepad using RunAsAdmin (right-click the Notepad icon and select
Run As Administrator).
d. Open the file ExistingDomain_2016OffMeshPDC_Config.xml in Notepad
application.
e. Look for the XML line:

f. Replace the text c:\windows\sysvol in the line with the actual SYSVOL
path. For example, if you have installed SYSVOL at the location F:
\ADSYSVOL, the modified command will look like this:

g. Save and close the file. Proceed with the installation.

136 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide
12. Click Next. The CCS Software Installation dialog box appears. Click Apply.

When the Active Directory is ready to be configured, a DOS window appears.

During this stage, it is normal to see detected errors indicating the Active
Directory is not yet functional. The Active Directory verification process attempts
to make the directory functional, and proceeds to the next step of configuring the
Active Directory.

13. A command prompt appears while the Active Directory domain settings are
applied.

NOTE: The XML file indicated in this dialog box is correct to reference CCS
v9.5. The Active Directory group policies have not changed since CCS v9.5.
NOTE: If this command prompt indicates there are any detected errors, save
the indicated log file to an external drive for any possible analysis by
Schneider Electric. Reimage the server and start the installation again.

B0700TK, Rev C 137

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers
14. When the configuration of Active Directory is complete, the command prompt
shows if the process completed successfully, or with detected errors. The
command prompt also shows the path to the log file which is: c:\windows
\temp\ExistingDomain_2016offmeshsdc_config.log. The command
prompt waits for any key to be pressed to proceed further. Press Enter to dismiss
the command prompt.

15. The CCS Secure User Accounts dialog box opens. Enter in the username and
password for the Control Core Services domain account and click Create.

NOTE: The names of these accounts can be changed from their default
values. The password has to meet this complexity criteria:
• Must not contain the user’s account name or parts of the user's full name
that exceed two consecutive characters.
• An 8-character minimum password length
• Contain characters from three of these four categories
◦ English upper case characters (A-Z)
◦ English lower case characters (a-z)
◦ Base 10 digits (0-9)
◦ Non-alphabetic characters (for example: !, $, #, %)

138 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide
16. The Workstation Reboot Request dialog box appears. Click Reboot to reboot the
server.

17. An operating system reboot dialog box appears. Wait several minutes, and the
station automatically reboots.

18. Log in as the default administrator to perform any other manual configurations,
such as creating users and groups.
NOTE: In this version of the PDC installation, the default administrator is
enabled and the CCSDomainAdmin user is not created.
NOTE: Day 0 installation of pre-Control Core Services v9.5 clients is not
allowed when the PDC is running CCS v9.6. This operation is an exception,
but if you still have to perform this action, see Appendix L: Day 0 Installation
of Pre-CCS v9.5 Clients on a System with a PDC Installed with Enterprise
Edition CCS v9.5 or v9.6, page 295.

Restarting Your VM Server

If the server is a virtual machine, shut it down and set its MAC addresses to be static,
and start the VM again. For instructions, see Virtualization for Windows Server 2016
User's Guide (B0700HD).
If this server is a physical machine, reboot the server at this time. Click Start > Shut
Down. Select Restart from the list and click OK.

Primary Domain Controller Post-Installation Procedures

Creating Users in Active Directory
These steps can be used to create an Operator account in the Active Directory
domain. This is a default group. Similar steps can be taken to create other customized
accounts, such as Maintenance and Engineer accounts. For information on creating
customized accounts, see Foxboro DCS Security Implementation Guide (B0700HM).

B0700TK, Rev C 139

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers
1. Click Start > Windows Administrative Tools > Active Directory Users and
Computers. You might need to scroll down to see this menu selection.
2. Under the Accounts\Users\Standard OU, right-click Standard, and select New >
User.

Users are created under the Accounts\Users\Standard OU, including IA Plant

Engineers, IA Plant Operators, and IA Plant Maintenance. The New Object - User
dialog box shown opens.

140 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide

3. Enter the First name, Full name, and User logon name as the same value (for
example, Operator1).
4. Click Next.
5. In the New Object - User dialog box, clear the User must change password at
next logon checkbox. Select the Password never expires checkbox.
6. Enter the password and confirm the password.

B0700TK, Rev C 141

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers
7. Click Next.

8. Click Finish.

142 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide
9. Double-click on the new username in the Active Directory Users and
Computers dialog box to open the Properties dialog box.

B0700TK, Rev C 143

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers
10. Select the Member Of tab.

11. Click Add.

144 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide
12. Enter the text IA Plant and click Check Names.

13. Select the desired Control Core Services standard user group (for example, IA
Plant Operators) and click OK.

14. Click OK to close the Select Groups dialog box.

B0700TK, Rev C 145

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers
15. Click OK to close the Properties dialog box.

16. Repeat these steps for as many users as desired. The different standard user
groups provide different policy settings and system access.

Adding Foxboro Stations to Active Directory Post-Installation

When first installed, the Off-Control Network PDC contains objects in Active Directory
for the Foxboro stations in the system. If stations are added to the Control Core
Services system at a later time, new objects have to be created manually in this
PDC’s Active Directory.
1. Click Start > Windows Administrative Tools > Active Directory Users and
Computers. You might need to scroll down to see this menu selection.

146 B0700TK, Rev C

Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Controllers Control Core Services v9.6 Software Installation Guide
2. From Active Directory Users and Computers, right-click IA Computers and
select New > Computer.

3. Enter the name of the new workstation in the Computer name field and click OK.
The OU for Pre-8.8 workstations on migrated systems will be named “Pre-8.8 IA
Computers”.

B0700TK, Rev C 147

 Chapter 7: Installing Enterprise Edition Control Core Services
v9.6 for Existing Off-Control Network Primary Domain
Control Core Services v9.6 Software Installation Guide Controllers

Tombstone Lifetime Attribute in Active Directory

By default the Active Directory tombstone lifetime is 180 days. Having a longer
tombstone lifetime decreases the chance a deleted object remains in the local
directory of a disconnected Domain Controller beyond the time when the object is
permanently deleted from online DCs.
It is highly recommended you review information regarding the tombstone lifetime
attribute in “Backing Up Active Directory on Domain Controllers” in Foxboro DCS
Security Implementation Guide (B0700HM). If you want to alter the default value, use
the procedure “Changing the Tombstone Lifetime Attribute in Active Directory” in
Foxboro DCS Security Implementation Guide (B0700HM).

Backing Up Active Directory

Back up your Active Directory at regular intervals on Control Core Services domain
controller stations. Backing up Active Directory provides a smooth restoration of
Control Core Services system operations after an unexpected hardware or software
suboptimal condition. For additional information, see “Backing Up Active Directory on
Domain Controllers” in Foxboro DCS Security Implementation Guide (B0700HM).

Finishing Post-Installation
For the installation procedure for the domain clients, see Chapter 8: Installing
Enterprise Edition Control Core Services v9.6 for Domain Clients, page 149.

148 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

Chapter 8: Installing Enterprise Edition Control Core

Services v9.6 for Domain Clients
Preparing the Workstation or Server
You can install Enterprise Edition Control Core Services v9.6 on your domain clients
and connect them to the appropriate On-Control Network or Off-Control Network
domain controller.
This section applies to the Windows 10 and Windows Server 2016 Standard stations
that are being installed as domain clients. The domain client can be connected to a
domain controller either on the Foxboro DCS Control Network (which is a dedicated
Foxboro maintained network) or on another network (either an “Off-Control Network”
or an “Auxiliary Communication Network (ACN)” - this procedure is for “Off-Control
Networks” - see the virtualization manuals for connections to ACNs).
Dialog boxes on these two types of platforms might differ slightly, but will be
functionally identical, with minor exceptions as documented.
Perform these steps to set up the hardware, restore the Windows operating system,
and update drivers for your workstation.
1. See Control Core Services v9.6 Release Notes (B0700TL) for hardware
requirements specific to the v9.6 release. Obtain and use the latest hardware and
software user guides referenced in these release notes for each workstation
being installed with Control Core Services v9.6.
2. For instructions on installing memory upgrades, PCI cards, and so forth, see the
latest hardware user guides for your Schneider Electric hardware.
3. If this is a new station shipped from the Schneider Electric factory, it is not
necessary to install the operating system. See the instructions in the hardware
and software user’s guide to load all required drivers.
If it is not a new station, using the v9.6 Restore Media, restore the Windows
operating system on this workstation. See the instructions in the hardware and
software user’s guide to load all required drivers.
Only use the media kits listed in Foxboro DCS Control Core Services v9.6
Platform Specific Media Kits, page 19 to restore the operating system of a station
for Control Core Services v9.6.
4. Set the time and date.
a. Open the Windows Date and Time applet by clicking the Date and Time icon
in the Control Panel.
b. Click Change Date and Time.
c. Adjust the date and time.
d. Click OK.
e. Click Change time zone.
f. Select the correct time zone from the list and select the checkbox (if not
already selected) to automatically adjust the clock for daylight saving time
(DST) changes, if desired.
g. Click OK.
While installing an Active Directory domain client, it is vital to maintain that the
UTC system time matches the UTC system time on the domain (as viewed on the
PDC). The date and time have to match, though the time which Windows displays
might differ if the time zones are not the same on the two stations.

B0700TK, Rev C 149

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

Be careful when changing the time zone before adjusting the system time as this
can cause the AM/PM setting to change.
Also, be aware that the checkbox included for some time zones which defines
whether or not the time will be automatically adjusted for Daylight Saving Time
can cause the system time to differ by an hour.
5. Confirm all of the steps prescribed in the hardware specific documents
referenced in the Control Core Services v9.6 Release Notes (B0700TL) have
been performed before proceeding, including updating drivers such as the
Network Interface Card drivers.

Notes on Installing Control Core Services on Domain Clients

Before you install Control Core Services, verify the station is physically connected to
the control network and that the PDC is on-line and attached to the control network or
a secondary (non-Foxboro) network for an Off-Control Network PDC.
If the PDC is on the control network, verify the station is disconnected from any
secondary (non-Foxboro) networks (with the exception of the ACN if used). However,
these network cards have to have their adapters enabled (i.e. not disabled).
On servers with the Windows Server 2016 Standard operating system, it is
recommended no roles be added to the system which are not necessary for the
operation of the server. Adding unnecessary roles (for example, adding the Remote
Desktop Services role when the server is not to be used as a remote session host)
can create cybersecurity weaknesses in the overall system.
NOTE: Use the CCSInstaller account or IAInstaller or any account which member
of IA Installer Group for the installation tasks. However, due to the permissions
assigned to this account, it is not to be used for any other role, such as operation
of the station.

Changing the Station Name

The Windows workstation or server name has to match the workstation or server
letterbug name as it was configured in SysDef and saved onto your Commit
installation media before you install the Control Core Services. For instructions on
modifying the computer name of your workstation or server, see Appendix B:
Changing the Station Name, page 254.

Installing CCS Software for Domain Clients On-Control

Network
1. Verify the Primary Domain Controller (for this domain client) has been installed
and is attached to the control network.
2. Verify the domain client’s object is under the correct Control Core Services v9.6
Organizational Unit (OU) in the Active Directory.
3. Verify the domain client workstation is attached to the control network.
4. Install Local Group Policies appropriate to OS of the client. For instructions, see
Appendix N: Security by Local Group Policies, page 304.
5. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.

150 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

6. If McAfee ENS is installed, confirm these McAfee ENS components are up to

date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
7. Run a full scan of the system to confirm no viruses are present in the system
before work begins.
8. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD” (K0177DX).
9. Navigate to the DVD drive and double-click setup.exe.
NOTE: If a dialog box appears indicating Microsoft®.NET Framework is
required, you have used incorrect restore media. Restore the station using
the proper V9.6 Restore media. See Workstation Specific Operating System
Media, page 19.
10. When the User Account Control (UAC) prompt appears, click Yes.

This installs the Microsoft Visual C++ 2015 Redistributables. After installing, the
CCS installer is launched.
11. A dialog box appears that allows you to select whether you are installing Local
Edition Control Core Services or for an Enterprise Edition system.
• Select Install Enterprise Edition Control Core Services
• Select the installation type as Control Core Services (CCS) Client:

B0700TK, Rev C 151

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

NOTE: Click Cancel in any screen during the installation to cancel the
installation procedure. The installation can be resumed from where it was
stopped by relaunching the Setup.exe application.
12. Click Next.
13. The next dialog box requests you load the committed configuration install files.
Select Use an On-CONTROL Domain Controller. Click Load.

152 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

The browser for the folder containing the committed configuration install files
opens. If the installation media with your Commit files is on the server’s hard drive
or a network, browse to the location of the media and click Select Folder.

14. When the installation files have been loaded, click Bind to launch the Control
Network Configurator dialog box.

B0700TK, Rev C 153

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

15. From the Control Network Configurator dialog box, select the two network
cards representing the control network and click Next. Be certain to pick the
correct NICs as this selection cannot be changed later in the installation.

The Control Network Configurator dialog box shown is for an On-Control Network
domain client, and is provided to illustrate the concept of the NIC Adapter Device
Number only.
NOTE: For help in determining the correct network adapters) to select Start >
Settings > Network & Internet > Change Adapter Settings. The Network
Connections dialog box appears. Identify the NIC adapter device number for
the NIC to be connected to the Domain Controller’s network (in optimal
cases, it has an entry in the Connectivity column).
Be advised the NIC Adapter Device Number selected in the Control Network
Configurator aligns with the NIC Adapter Device Number shown. It is not
advisable to confuse this with the Local Area Connection number.

Figure 6 - Network Connections

A Local Area Connection Number

B NIC Adapter Device Number
C Indicates if there is a physical cable connection to this NIC

154 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

16. Confirm the PDC is pingable from this server using the on-control static IPv4
address assigned to the PDC. If it is not, you might have to cancel the installation,
reboot the server and reattempt the ping. If the ping works after the reboot, restart
the installation and proceed to Step 17.

17. The Ready to connect this workstation to the Control Core Services domain
dialog box appears.
• Enter the name (letterbug) of the domain controller server.
• In the Authorized Account text box, enter <domainname>
\<installeraccountname> where <domainname> is the actual domain name
specified during PDC installation and <installeraccountname> is the actual
name of the installation account created during the PDC installation.
• In the Authorize Password text box, enter the password for the
<installeraccountname> user.
NOTE: Before clicking Authorize, confirm the server’s time and time
zone match with that of the PDC.
• Click Authorize.

B0700TK, Rev C 155

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

18. If the local system time does not match the PDC system time, the CCS
Installation dialog box appears. Click OK. Fix the local system time to match the
PDC time (see Preparing the Workstation or Server, page 21) and click
Authorize again.

In some cases, it will not be possible to determine the remote system time. In this
case, the next CCS Installation dialog box appears. It is vital you verify the local
and remote system times match (including date, time, AM/PM) before continuing.
Be advised the checkbox displayed for some time zones which allows the system
to automatically adjust for Daylight Saving Time can affect the time displayed by
the system by one hour.

156 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

NOTE: If after connecting the domain client to a Control Core Services

domain and the software installation does not continue after the reboot, the
system time might not have been set correctly. See Setting Time Correctly
Software Installation Cannot Continue After Reboot (SDC or Domain Client),
page 260 to correct this.
19. Click Next.
20. If a Secondary Domain Controller (SDC) is planned for this Control Core Services
system, select the SDC from the “Select the Secondary Domain Controller
Stations” list and click Set. If no SDC station is planned, click Skip.

B0700TK, Rev C 157

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

21. Confirm the PDC is pingable from this server using the on-control static IPv4
address assigned to the PDC. If it is not, you might have to cancel the installation,
reboot the server and reattempt the ping. If the ping works after the reboot, restart
the installation and proceed to Step 22.

22. Confirm the nslookup command shows the on-control PDC’s fully qualified
domain name or the domain name and its IPv4 address. If the nslookup
command shows the desired result, proceed to Step 23.

NOTE: If the nslookup command does not show the On-Control Network
PDC name or the domain name, the DNS resolution is not working correctly.
Perform these steps:
• Verify the client’s REDL network adapter has the first DNS address
pointing to the PDC (for instance, the PDC’s on-control IP address).
• Cancel the installation.
• Reboot the client.
• Restart the installation.
23. Confirm the domain name is pingable from the client.

158 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

24. Fill in the name of the host domain (foxboro.local is the default) and click
Connect.

25. If the workstation is successfully connected to the domain, the dialog box
appears. Click Reboot.

The “You’re about to be signed out” dialog box indicates the server will be
rebooted.

26. When the station reboots, log into the domain using the account belonging to “IA
Installer” group.
a. Restart the installation by navigating to the CCS media and double-clicking
on Setup.exe.
b. A dialog box will appear. Provide the password for the Local Administration
Account “Account1”. Always set the “Account1” passwords differently on the
Local Edition workstations and the Enterprise Edition domain client
workstations. After setting the password, click Configure.
c. If the commit has SNMP3 information, the dialog box will also request the
SNMPv3 configuration key. Specify the SNMPv3 Key and confirm key if the
workstation is a switch host and SNMPv3 switches have been configured on
your system. Note the SNMPv3 Configuration Key entries will not be appear
unless the workstation is a switch host and at least one switch is configured
for SNMPv3 in System Definition.

B0700TK, Rev C 159

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

160 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

27. Click Install to run the installation process.

B0700TK, Rev C 161

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

28. If the OS1FDB package is configured on this server, the Media Request dialog
box appears.
To install this package, insert the first OS1FDB package diskette and click Load.
After the first disk has been loaded, insert the second OS1FDB package diskette
and click Load.
To bypass the installation of this package, click Skip. The installation continues,
but this dialog box appears again for each of the OS1FDB stations configured on
this station.
This will occur one time for each OS1FDB station configured.

29. If you selected Load, the media folder browser opens.

If your installation media for the OS1FDB package is not on a floppy diskette,
browse to the location of your stamped media and click Select Folder.
If your installation media for the OS1FDB package is on a floppy diskette, click
Use Diskette. The diskette has to be in the diskette drive (A:\). When Use
Diskette is clicked, the diskette will be read.

162 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

30. If you selected Use Diskette in Step 29, the Media Request dialog box appears.
Insert the second diskette in the OS1FDB set and click Load. The diskette has to
be inserted in drive A:\.

31. Click Finish when the installation process is finished.

At the end of the installation, the installation log appears. You can view the
installation log at any time by clicking Start > Foxboro DCS Control Core
Services > Log Viewer.

32. Click Setup Log, Pkg Log, and Init Log to view these logs. These logs can also
be printed.
33. Proceed to Completing the Domain Client Installation, page 180.
NOTE: On Windows 10, and Windows Server 2016 domain clients, the
default administrator who is internally renamed to IAManager is disabled by
the end of client installation for cybersecurity reasons. The only administrator
available for local login will be “Account1”.

B0700TK, Rev C 163

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

Installing CCS Software for Domain Clients Off-Control

Network
NOTE: Do not set up the Off-Control Network NIC manually before installing the
Control Core Services. This is handled automatically during the installation.
1. Verify the Primary Domain Controller (for this domain client) has been installed
and is attached to the control network.
2. Verify the domain client’s object is under IA Computers Organizational Unit (OU)
in the Active Directory.
3. Verify the domain client workstation is attached to the control network.
4. Verify the domain client is attached to the secondary (non-Foxboro) network.
5. Install Local Group Policies appropriate to OS of the client. For instructions, see
Appendix N: Security by Local Group Policies, page 304.
6. Install anti-malware software such as McAfee ENS. See Related Documents,
page 10 for the latest McAfee ENS and ePO Installation Guide.
7. If McAfee ENS is installed, confirm these McAfee ENS components are up to
date. See Related Documents, page 10 for the latest McAfee ENS and ePO
Installation Guide:
• ES AMCore DAT file
• Exploit Prevention Content
8. Run a full scan of the system to confirm no viruses are present in the system
before work begins.
9. Insert the DVD labeled “Foxboro DCS Control Core Services v9.6 Windows 10/
Server 2016 Day 0 DVD” (K0177DX).
10. Navigate to the DVD drive and double-click setup.exe.
NOTE: If a dialog box appears indicating Microsoft®.NET Framework is
required, you have used incorrect restore media. Restore the station using
the proper V9.6 Restore media. See Workstation Specific Operating System
Media, page 19.

164 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

11. When the User Account Control (UAC) prompt appears, click Yes.

This will install Microsoft Visual C++ 2015 Redistributables. After installing, the
CCS installer will be launched.

B0700TK, Rev C 165

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

12. A dialog box appears that allows you to select whether you are installing Local
Edition Control Core Services or for an Enterprise Edition system.
• Select Install Enterprise Edition Control Core Services
• Select the installation type as Control Core Services (CCS) Client:

13. Click Next.

14. The Load committed configuration install files dialog box appears. Select the
Use an Off-CONTROL Domain Controller. Enter the IP address for the Off-
Control Network PDC. Enter the IP address and net mask for the local Off-Control
Network NIC card or select the Use DHCP checkbox. Click Select.

166 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

15. Click Load to load the committed configuration files. The browser for the folder
containing the committed configuration install files opens. If the installation media
with your Commit files is on the server’s hard drive or a network, browse to the
location of the media and click Select Folder.

B0700TK, Rev C 167

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

16. When the Commit files have been loaded, click Bind to launch the Control Core
Services/I/A Series network installation.

NOTE: If after clicking Bind, the installation does not proceed and Bind is still
enabled, it is likely that the Off-Control Network NIC card was configured with
the desired IP address before running the Control Core Services installation.
If this is the case, reset the Off-Control Network NIC settings to use DHCP
and click Bind again.

NOTE: If after clicking Bind, the install does not proceed and Load is
enabled, it is likely that there is a mismatch in the configuration between your
NIC hardware and your network system configuration. Verify and fix the
committed configuration install files as necessary and reload these install files
in order to continue.

168 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

17. The DC Network Installation dialog box appears. Select the onboard NIC that
communicates with the PDC and the SDC on the secondary network (that is, the
Off-Control Network NIC). Click Next.

The DC Network Installation dialog box shown is for an On-Control Network

domain client and is provided to illustrate the concept of the NIC Adapter Device
Number only.
NOTE: Be certain to pick the correct NICs as this selection cannot be
changed later in the installation. For help in determining the correct network
adapters) to select Start > Settings > Network & Internet > Change
Adapter Settings. The Network Connections dialog box appears. Identify
the NIC adapter device number for the NIC to be connected to the Domain
Controller’s network (in optimal cases, it has an entry in the Connectivity
column).
Be advised the NIC Adapter Device Number selected in the DC Network
Installation aligns with the NIC Adapter Device Number shown. It is not
advisable to confuse this with the Local Area Connection number.

Figure 7 - Network Connections

A Local Area Connection Number

B NIC Adapter Device Number
C Indicates if there is a physical cable connection to this NIC

B0700TK, Rev C 169

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

18. Select the NICs that communicate with the control network (that is, the On-
Control Network NICs). Click Next.

19. Confirm the PDC is pingable from this server using the on-control static IPv4
address assigned to the PDC. If it is not, you might have to cancel the installation,
reboot the server and reattempt the ping. If the ping works after the reboot, restart
the installation and proceed to Step 20.

20. Click Next.

21. The Ready to connect this workstation to the Control Core Services/I/A
Series domain dialog box appears.
• Enter the IP address of the domain controller server.
• In the Authorized Account text box, enter <domainname>
\<installeraccountname> where <domainname> is the actual domain name
specified during PDC installation and <installeraccountname> is the actual
name of the installation account created during the PDC installation.

170 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

• In the Authorize Password text box, enter the password for the
<installeraccountname> user.
Note these points:
◦ Before clicking Authorize, confirm the server’s time and time zone match
with that of the PDC.
◦ There are instances in which “offmesh.local” will not be your domain,
such as if your domain controllers were migrated off of the control
network.
◦ It might be necessary to use a different account in this dialog box if
migrating to an existing Off-Control Network domain. In this case, the
Administrator account might be necessary depending on how the “IA
Installer” group member has been configured.
• Click Authorize.

22. If the local system time does not match the PDC system time, the CCS
Installation dialog box appears. Click OK. Fix the local system time to match the
PDC time (see Preparing the Workstation or Server, page 149) and click
Authorize again.

B0700TK, Rev C 171

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

In some cases, it will not be possible to determine the remote system time. In this
case, the next CCS Installation dialog box appears. It is vital you verify the local
and remote system times match (including date, time, AM/PM) before continuing.
Be advised the checkbox displayed for some time zones which allows the system
to automatically adjust for Daylight Saving Time can affect the time displayed by
the system by one hour.

23. Click Next.

24. If SDC stations are planned for this Control Core Services system, perform these
substeps. If no SDC station is planned, click Skip and proceed to Step 25.
a. Expand the list from the “Select the Secondary Controller Domains”
selection.
b. Select Add Off-Mesh.

c. The Collecting SDC Machine Info dialog box appears. Add the IP
addresses of the SDCs one after the other using the “add” hyperlink in the
dialog box. After the IP addresses are added, click Done in the dialog box.

172 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

d. Click Set.
25. Confirm the PDC is pingable from this server using the off-control static IPv4
address assigned to the PDC. If it is not, you might have to cancel the installation,
reboot the server and reattempt the ping. If the ping works after the reboot, restart
the installation and proceed to Step 26.

26. Confirm the nslookup command shows the on-control PDC’s fully qualified
domain name or the domain name and its IPv4 address. If the nslookup
command shows the desired result, proceed to Step 27.

NOTE: If the nslookup command does not show the Off-Control Network
PDC name or the domain name, the DNS resolution is not working correctly.
Perform these steps:
• Verify the client’s REDL network adapter has the first DNS address
pointing to the PDC (for instance, the PDC’s off-control IP address).
• Cancel the installation.
• Reboot the client.
• Restart the installation.

B0700TK, Rev C 173

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

27. Confirm the domain name is pingable from the client.

28. Fill in the name of the host domain (foxboro.local is the default) and click
Connect. This value is pre-populated for you with the same value as the one
present in the “Provide information for the domain joining….” area.

174 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

29. If the workstation is successfully connected to the domain, the dialog box
appears. Click Reboot.

The “You’re about to be signed out” dialog box indicates the server will be
rebooted.

30. When the station reboots, log into the domain using the account belonging to “IA
Installer” group.
a. Restart the installation by navigating to the CCS media and double-clicking
on Setup.exe.
b. A dialog box will appear. Provide the password for the Local Administration
Account “Account1”. Always set the “Account1” passwords differently on the
Local Edition workstations and the Enterprise Edition domain client
workstations. After setting the password, click Configure.
c. If the commit has SNMP3 information, the dialog box will also request the
SNMPv3 configuration key. Specify the SNMPv3 Key and confirm key if the
workstation is a switch host and SNMPv3 switches have been configured on
your system. Note the SNMPv3 Configuration Key entries will not appear
unless the workstation is a switch host and at least one switch is configured
for SNMPv3 in System Definition.

B0700TK, Rev C 175

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

31. Click Install to run the installation process.

176 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

32. This will launch the installation wizard. Click Next > Install. When the installation
is complete, click Finish to close the installation process.

33. If the OS1FDB package is configured on this server, the Media Request dialog
box appears.
To install this package, insert the first OS1FDB package diskette and click Load.
After the first disk has been loaded, insert the second OS1FDB package diskette
and click Load.
To bypass the installation of this package, click Skip. The installation continues,
but this dialog box appears again for each of the OS1FDB stations configured on
this station.
This will occur one time for each OS1FDB station configured.

B0700TK, Rev C 177

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

34. If you selected Load, the media folder browser opens.

If your installation media for the OS1FDB package is not on a floppy diskette,
browse to the location of your stamped media and click Select Folder.
If your installation media for the OS1FDB package is on a floppy diskette, click
Use Diskette. The diskette has to be in the diskette drive (A:\). When Use
Diskette is clicked, the diskette will be read.
35. If you selected Use Diskette in Step 34, the Media Request dialog box appears.
Insert the second diskette in the OS1FDB set and click Load. The diskette has to
be inserted in drive A:\.

178 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

NOTE: The DNS entries for the Off-Control Network NIC sometimes are not
saved during the domain client installation. After completing the Control Core
Services installation, but before rebooting the domain client, open the Off-
Control Network NIC card settings in the Internet Protocol Version 4 (TCP/
IPv4) Properties dialog box:
Click Start > Settings > Network & Internet > Change AdapterSettings.
Right-click on the adapter and click Properties. In this same dialog box,
select Internet Protocol Version 4 (TCP/IPv4) and click Properties. In the
Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, set the first
DNS entry to be the IP address of the Off-Control Network PDC station. Set
the additional DNS entries to be the IP addresses of the Off-Control Network
SDC stations.
The Preferred DNS server is the PDC IP Address and the Alternate DNS
server is the SDC IP Address.

B0700TK, Rev C 179

 Chapter 8: Installing Enterprise Edition Control Core Services
Control Core Services v9.6 Software Installation Guide v9.6 for Domain Clients

36. Click Finish when the installation process is finished.

At the end of the installation, the installation log appears. You can view the
installation log at any time by clicking Start > Foxboro DCS Control Core
Services > Log Viewer.

37. Click Setup Log, Pkg Log, and Init Log to view these logs. These logs can also
be printed.
38. Proceed to Completing the Domain Client Installation, page 180.

Completing the Domain Client Installation

Restarting Your Domain Client
A system restart is required to begin using the Foxboro DCS Control Core Services
software. However, some optional software can be installed before the restart of the
workstation. Review the optional software which is to be installed on this workstation.
This software can be installed before the system restart: System Manager v2.15,
FoxView/FoxDraw v10.6.1, and Foxboro Classic Software Support v1.0.
If the server is a virtual machine, shut it down and set its MAC addresses to be static,
and start the VM again. For instructions, see Virtualization for Windows Server 2016
User's Guide (B0700HD).
If this server is a physical machine, reboot the server at this time. Click Start > Shut
Down. Select Restart from the list and click OK.

Installing Additional Optional Software

After installing Control Core Services software and restarting the station, you can
install any optional software that is desired. See Appendix H: Installing Optional
Software, page 273.

180 B0700TK, Rev C

Chapter 8: Installing Enterprise Edition Control Core Services
v9.6 for Domain Clients Control Core Services v9.6 Software Installation Guide

NOTE: Install the “Foxboro Classic Software Support” media to use ICC, Operator
Action Journal, PLB Monitor, or PLB Editor. If you already have Control Core
Services v9.4, it is not necessary to install Foxboro Classic Software Support to
use these features. If you previously installed “Foxboro Classic Software Support”
on CCS v9.5, it is not necessary to install it again on CCS v9.6.

Setting Date and Time on Domain Client

For an internally sourced Master TimeKeeper (MTK), set the local date and time with
either System Manager (default) or SMDH. For instructions on how to set the date and
time with System Manager, see the section “Date and Time Tools” in System Manager
User’s Guide (B0750AP).
For an active externally sourced MTK, the Set Date and Time display is unavailable.
The date and time are automatically established and synchronized by an external
GPS satellite. See Time Synchronization User’s Guide (B0700AQ) for the description
of the time synchronization subsystem.

NOTICE
POTENTIAL DATA LOSS
Account1 is the administrator account on Windows 10 and Windows Server 2016
domain clients. If this account is renamed on any domain client, the renamed
account name must be added to the group policy on the Primary Domain Controller
as described in this Notice. Failing to follow this procedure will cause the user to not
be able to log in onto the workstation as a local user. See Local Administrator Login
on Windows 10 or Windows Server 2016 Stations, page 287 for further instructions.
Failure to follow these instructions can result in data loss.

Finishing Post-Installation for Domain Clients

To complete the installation, see Chapter 11: Post-Installation and Migration, page
237.

B0700TK, Rev C 181

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

Chapter 9: Upgrading Control Core Services v9.4 and

v9.5 to v9.6
There are two choices to upgrade to CCS v9.6 for all configurations.
• “Perform a Day 1 operation on this CCS workstation (includes Release Update)”
◦ Use this if you have commit changes in your system
◦ If you select this, you must perform a reconciliation procedure outlined in
Generating Reconcile Media, page 182, before actually upgrading the domain
controller/client. The Reconciliation procedure sets the install status of the
CCS packages appropriately thus avoiding unnecessary confirmation dialog
boxes and warning messages during the upgrade.
• “Perform a Release Update operation on this CCS workstation”
◦ Use this if there are no commit changes in the system.
NOTE: Upgrading a Primary Domain Controller (PDC) to CCS v9.6 is only
possible from CCS v9.5. If your PDC is at a CCS/IA version earlier than v9.5, first
upgrade to CCS v9.5 using the Control Core Services v9.5 Software Installation
Guide (B0700TC). The upgrade procedure to CCS v9.5 from an earlier version is
documented in the Chapters 7-11 in the Control Core Services v9.5 Software
Installation Guide (B0700TC).
NOTE: Day 0 installation of pre-Control Core Services v9.5 clients is not allowed
when the PDC is running CCS v9.6. This operation is an exception, but if you still
have to perform this action, see Appendix L: Day 0 Installation of Pre-CCS v9.5
Clients on a System with a PDC Installed with Enterprise Edition CCS v9.5 or
v9.6, page 295.

Updating the Commit Media

This procedure is applicable when you select to upgrade Control Core Services v9.5
using Day 1 (which includes Release Update). This needs updated Commit files.
Before creating the updated Commit files using System Definition, it is recommended
you perform the reconciliation procedure using the steps described in this section to
generate Reconcile media. It can be performed from a single workstation. You will
take the reconcile files to System Definition in order to create Day 1 Commit
installation media.

Generating Reconcile Media

NOTE: While retrieving reconcile information, a station might not connect with this
message: ERROR_SESSION_CREDENTIAL_CONFLICT. If this message
appears, confirm if the workstation is externally mapped as a network drive in
Windows/File Explorer. If the workstation is externally mapped, disconnect the
mapped drive and retry. If the workstation is not externally mapped, the
workstation needs to be rebooted.
1. Log onto the workstation as a user belonging to the “IA Plant Admins” group on
domain client workstations or as the Local Engineering user account on Local
Edition workstations.
2. Open the CCS Reconcile Media Utility. Click Start > Foxboro DCS Control Core
Services > Reconcile.

182 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

3. When the User Account Control (UAC) prompt appears, click Yes.
The CCS Reconcile Media Utility opens.

4. To generate Reconcile media for Enterprise Stations:

a. Provide Domain Controller Name, Domain Name. If the PDC is Off-Control,
provide its IP address instead of the name.
b. Enter the username belonging to the “IA Plant Admins” group and its
password.
c. Click Get Domain Stations.
5. To generate Reconcile media for Local Edition Stations:
a. Provide Workgroup User Name 1, Workgroup Password 1. Enter the Local
Engineering User Account name and its password for these fields.
b. Entries can also be provided for Workgroup User Name 2 and Workgroup
Password 2. This could include the “Fox” account credentials from earlier
versions of I/A Series or Control Core Services software. Account1 is not a
valid account for collecting reconcile data.
c. Click Get Local Edition.
6. A list of CCS stations that are reachable on the network is populated on the left
side of the dialog box.

B0700TK, Rev C 183

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

7. Select the stations that need to be reconciled from the checklist on the left side of
the dialog box.

8. Make the appropriate selection at the top of the dialog box: Create new
reconcile media or Append to existing reconcile media.
9. Click Create to write to the media. The folder browser dialog box appears.

10. If you want to write the installation files to a diskette, be aware the diskette has to
already be in .tar format.
a. To write to a .tar format floppy diskette in the diskette drive (A:\), click Use
Diskette.
b. To write the installation files to a folder location, select a folder and click
Select Folder.

184 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

11. If you previously selected “Appending to existing reconcile media”, and Reconcile
installation media (with media number 201) is not provided in the A:\ floppy
drive, this dialog box appears.

12. Use the Reconcile media generated with this utility within System Definition to
update the commit media.

Upgrading Off-Control Network PDC or Existing Corporate

PDC Running CCS v9.4 to CCS v9.5
The PDC must be upgraded to CCS v9.5 first using the CCS v9.5 media as described
in Control Core Services 9.5 Software Installation Guide (B0700TC). After this is
completed, if necessary, a Day 1 operation can be performed on this station. This is
only needed if workstation have been added to the system. The Day 1 operation
updates Active Directory with the new station names so they can be installed.

Upgrading Off-Control Network PDC or Existing Corporate

PDC Running CCS v9.5 to CCS v9.6
Foxboro DCS Control Core Services v9.6 Installation does not support a direct
migration of Active Directory settings.
If starting from an Active Directory installation that is pre-CCS v9.4, first upgrade the
domain controller to v9.4 according to the documentation provided in the Control Core
Services 9.4 Software Installation Guide (B0700SX). When the PDC is at v9.4, it can
then be updated to v9.5 according to the documentation provided in the Control Core
Services 9.5 Software Installation Guide (B0700TC).
If a configuration change has been made, it is possible to perform a Day 1 operation
on an Off-Control Network Primary Domain Controller which is at CCS v9.5. However,
no Active Directory settings or group policy changes are made. A Day 1 operation is
only needed if a configuration change has been made to the system in System
Definition which has added workstation to the network.
You are not expected to perform a Day 1 or Release update on an Off—Control
Network SDC. If you attempt to run it, you receive this message.

B0700TK, Rev C 185

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

NOTE: It is recommended you perform backups of all existing software and

settings on the existing primary domain controller before proceeding with these
steps.

Performing Day 1 Operations for Off-Control Network PDC or

Existing Corporate PDC Running CCS v9.5
This procedure is only needed if there has been an update to the configuration in
System Definition which has added new workstations.
1. Log in as domain administrator user.
2. Insert the CCS v9.6 Day 0 DVD in the PDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.

186 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

5. Select “Perform a Day 1 operation on this CCS workstation (includes Release

Update)”.

6. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

B0700TK, Rev C 187

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

7. Click Next.

8. Click Apply. A confirmation dialog appears.

9. As part of the Active Directory configuration process, a Command window
appears showing the status of Active Directory domain settings execution.

When the script has executed, you must press any key to close the dialog box
and continue with the installation. For detected errors, review the log file C:
\Windows\Temp\OffmeshDay1CreateComputersObj.log folder.

188 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

10. Press any key to close the window. This dialog box appears.

11. Click Done.

Upgrading On-Control Network PDC Running CCS v9.4 to

CCS v9.5
The PDC must be upgraded to CCS v9.5 first using the CCS v9.5 media as described
in Control Core Services v9.5 Software Installation Guide (B0700TC). After this is
completed, the PDC along with all domain client workstations can be updated with a
Day 1 or Release Update installation procedure. On the PDC, this only updates Active
Directory if new stations have been added to the system.

Upgrading On-Control Network PDC Running CCS v9.5 to

CCS v9.6
Foxboro DCS Control Core Services v9.6 Installation does not support a direct
migration of Active Directory settings.
If starting from an Active Directory installation that is pre-CCS v9.4, first upgrade the
domain controller to v9.4 according to the documentation provided in the Control Core
Services 9.4 Software Installation Guide (B0700SX). When the PDC is at v9.4, it can
then be updated to v9.5 according to the documentation provided in the Control Core
Services 9.5 Software Installation Guide (B0700TC).

B0700TK, Rev C 189

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

When the On-Control Network Primary Domain Controller is at v9.5, it can be updated
by a Release Update or Day 1 operation.
NOTE: It is recommended you perform backups of all existing software and
settings on the existing primary domain controller before proceeding with these
steps.

Performing Day 1 Operations for On-Control Network PDC Running

CCS v9.5
1. Log in as domain administrator user.
2. Insert the Day 0 DVD in the PDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

190 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

6. After the machine reboots, login as a domain administrator user and restart
setup.exe..

7. Select “Perform a Day1 operation on this workstation (includes Release Update)”.

B0700TK, Rev C 191

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

8. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

9. Click Install.
10. The software update proceeds:
a. The Welcome dialog box appears. Click Next.

b. Click Install to install the Control Core Services packages.

192 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

c. As part of the Active Directory configuration process, a Command prompt

appears showing the status of Active Directory domain settings update.

When the script has executed, press any key to close the dialog box and
continue with the installation.
d. The installation summary log appears when the installation completes.

B0700TK, Rev C 193

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

e. The Completed dialog box appears. Click Finish to close the dialog box.

The Day 1 installation is complete.

For detected errors, review the log file C:\Windows\Temp
\2016OnMeshPDC_Config_Day1_CreateComputerObjects.log
folder.

194 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

Performing Release Update Operations for On-Control Network

PDC Running CCS v9.5
1. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

2. Click Yes and reboot the workstation manually.

3. After the machine reboots, login as a domain administrator user and restart
setup.exe.

B0700TK, Rev C 195

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

4. Select “Perform a Release Update operation on this CCS workstation”.

5. Click Install.

196 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

6. The software update proceeds

a. The Welcome dialog box appears. Click Next.

b. Click Install to install the Control Core Services packages.

c. The Completed dialog box appears. Click Finish to close the dialog box.

B0700TK, Rev C 197

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

The Release Update installation is complete.

Upgrading Domain Client, Local Edition and On-Control

Network SDC Workstations Running CCS v9.4 or v9.5
Before performing this installation procedure, on a domain client workstation, an On-
Control Network Primary Domain Controller (PDC) must have been updated already
to CCS v9.6. For an Off-Control Network PDC, update it through a Day 1 process if
any workstations have been added to the system in System Definition.

Performing Day 1 Operations on Domain Client, Local Edition and

On-Control Network SDC Workstations Running CCS v9.4 or v9.5
1. For domain client workstations, log in to the client as a user belonging to the “IA
Installer” group. For Local Edition workstations, use the Local Engineering User
Account. For SDC workstations, use a Domain Administrator account.
2. Insert the Day 0 DVD in the client workstation.
3. Run setup.exe.

198 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

6. After the client reboots, login as the same user logged in previously. For domain
client workstations, log in to the client as a user belonging to the “IA Installer”
group. For Local Edition workstations, use the Local Engineering User Account.

This installs Microsoft Visual C++ 2015 Redistributables. After installing, the CCS
installer is launched. If starting from CCS v9.5, this dialog might not be displayed.

B0700TK, Rev C 199

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

7. Select “Perform a Day1 operation on this workstation (includes Release Update)”.

8. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

9. If the workstation is a switch host and there is at least one SNMPv3 switch
configured in System Definition, Next will appear. Otherwise, proceed to Step 11.
If upgrading from CCS v9.5, Next might not appear. Proceed to Step 11.

200 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

10. Click Next. A dialog box appears requesting SNMP3 key information. Specify the
SNMPv3 Key and Confirm Key. Click Configure. The SNMPv3 key will be
configured on the workstation and Install will become enabled.

B0700TK, Rev C 201

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

11. Click Install to start the installation.

12. Click Next. Click Install to install the Control Core Services packages.

202 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

13. Click Finish when the installation is complete.

After the installation is complete, the installation summary appears.

14. If an earlier version of FoxView/FoxDraw is installed, you must install the latest
version (10.6.x).

B0700TK, Rev C 203

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

15. Optionally, if an earlier version of System Manager is installed, install the latest
version.
NOTE: For domain client workstations, if the client requires a reboot, confirm
the PDC is online and running. When the client restarts, it is vital the PDC is
online and running because some of the services related to CCS v9.6 require
the PDC to be online at the machine startup.
NOTE: If Control Software and Control HMI are already installed on the client,
after performing a Day1 operation, the Control HMI Process and System
options will appear in Cyan color.

To display the correct status:

• Restart the Control Software Configurator.
• Select Control HMI Startup and press Configure.
• Reboot the machine.

Performing Release Update Operations on Domain Client, Local

Edition and On-Control Network SDC Workstations Running CCS
v9.4 or v9.5
1. For domain client workstations, log in to the client as a user belonging to the “IA
Installer” group. For Local Edition workstations, use the Local Engineering User
Account. For SDC workstations, use a Domain Administrator account.
2. Insert the Day 0 DVD in the client workstation.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

204 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

6. After the client reboots, login as the same user logged in previously. For domain
client workstations, log in to the client as a user belonging to the “IA Installer”
group. For Local Edition workstations, use the Local Engineering User Account.
Restart setup.exe.

This installs the Microsoft Visual C++ 2015 Redistributables. After installing, the
CCS installer is launched. If starting from CCS v9.5, this dialog might not be
displayed.
7. Select Perform a Release Update operation on this CCS workstation. Click
Install to start the installation.

B0700TK, Rev C 205

 Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
Control Core Services v9.6 Software Installation Guide v9.6

8. Click Next. Click Install to install the Control Core Services packages.

9. Click Finish when the installation is complete.

10. If an earlier version of FoxView/FoxDraw is installed, you must install the latest
version (10.6.x).

206 B0700TK, Rev C

Chapter 9: Upgrading Control Core Services v9.4 and v9.5 to
v9.6 Control Core Services v9.6 Software Installation Guide

11. Optionally, if an earlier version of System Manager is installed, install the latest
version.
NOTE: For domain client workstations, if the client requires a reboot, confirm
the PDC is online and running. When the client restarts, it is vital the PDC is
online and running because some of the services related to CCS v9.5 require
the PDC to be online at the machine startup.
NOTE: If Control Software and Control HMI are already installed on the client,
after performing a Day1 operation, the Control HMI Process and System
options will appear in Cyan color.

To display the correct status:

• Restart the Control Software Configurator.
• Select Control HMI Startup and press Configure.
• Reboot the station.

B0700TK, Rev C 207

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

Chapter 10: Updating Control Core Services v9.6 for

Commit Changes or Repairing
Updating the Commit Media
This procedure is applicable when you want to update CCS v9.6 using Day 1. This
needs updated Commit files. Before creating the updated Commit files using System
Definition, it is recommended you perform the reconciliation procedure using the steps
described in this section to generate Reconcile media. It can be performed from a
single workstation. Take the reconcile files to System Definition in order to create the
Day 1 Commit installation media.
NOTE: Day 0 installation of pre-Control Core Services v9.5 clients is not allowed
when the PDC is running CCS v9.6. This operation is an exception, but if you still
have to perform this action, see Appendix L: Day 0 Installation of Pre-CCS v9.5
Clients on a System with a PDC Installed with Enterprise Edition CCS v9.5 or
v9.6, page 295.

Generating Reconcile Media

NOTE: While retrieving reconcile information, a station might not connect with this
message: ERROR_SESSION_CREDENTIAL_CONFLICT. If this message
appears, confirm if the workstation is externally mapped as a network drive in
Windows/File Explorer. If the workstation is externally mapped, disconnect the
mapped drive and retry. If the workstation is not externally mapped, the
workstation needs to be rebooted.
1. Log onto the workstation as a user belonging to the “IA Plant Admins” group on
domain client workstations or as the Local Engineering user account on Local
Edition workstations.
2. Open the CCS Reconcile Media Utility. Click Start > Foxboro DCS Control Core
Services > Reconcile.
3. When the User Account Control (UAC) prompt appears, click Yes.
The CCS Reconcile Media Utility opens.

208 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

4. To generate Reconcile media for Enterprise Stations:

a. Provide Domain Controller Name, Domain Name. If the PDC is Off-Control,
provide its IP address instead of the name.
b. Enter the username belonging to the “IA Plant Admins” group and its
password.
c. Click Get Domain Stations.
5. To generate Reconcile media for Local Edition Stations:
a. Provide Workgroup User Name 1, Workgroup Password 1. Enter the Local
Engineering User Account name and its password for these fields.
b. Entries can also be provided for Workgroup User Name 2 and Workgroup
Password 2. This could include the “Fox” account credentials from earlier
versions of I/A Series or Control Core Services software. Account1 is not a
valid account for collecting reconcile data.
c. Click Get Local Edition.
6. A list of CCS stations that are reachable on the network is populated on the left
side of the dialog box.
7. Select the stations that need to be reconciled from the checklist on the left side of
the dialog box.

8. Make the appropriate selection at the top of the dialog box: Create new
reconcile media or Append to existing reconcile media.

B0700TK, Rev C 209

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

9. Click Create to write to the media. The folder browser dialog box appears.

10. If you want to write the installation files to a diskette, be aware the diskette has to
already be in .tar format.
a. To write to a .tar format floppy diskette in the diskette drive (A:\), click Use
Diskette.
b. To write the installation files to a folder location, select a folder and click
Select Folder.
11. If you previously selected “Appending to existing reconcile media”, and Reconcile
installation media (with media number 201) is not provided in the A:\ floppy
drive, this dialog box appears.

12. Use the Reconcile media generated with this utility within System Definition to
update the commit media.

Updating Off-Control Network PDC Running CCS v9.6

NOTE: It is recommended you perform backups of all existing software and
settings on the existing primary domain controller before proceeding with these
steps.

210 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

Performing Day 1 Operations for Off-Control Network PDC Running

CCS v9.6
1. Log in as domain administrator user.
2. Insert the Day 0 DVD in the PDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
5. The CCS Software Installation dialog box appears. Select “Perform a Day1
operation on this CCS workstation”.

B0700TK, Rev C 211

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

6. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

7. Click Next.

212 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

8. Click Apply.

As part of the Active Directory configuration process, a Command window

appears showing the status of the Active Directory domain settings execution.

When the script has executed, press any key to close the dialog box and continue
with the installation. For detected errors, review the log file C:\Windows\Temp
\OffmeshDay1CreateComputersObj.log folder.

B0700TK, Rev C 213

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

9. Press any key to close the window. The Setting up the platform... dialog box
appears.

10. Click Done to complete the installation.

You are not required to perform Day1/Release update on OFF Control SDC. If
you attempt to run it, you will receive this message.

Updating On-Control Network PDC/SDC Running CCS v9.6

NOTE: It is recommended you perform backups of all existing software and
settings on the existing primary domain controller before proceeding with these
steps.

214 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

Performing Day 1 Operations for On-Control Network PDC Running

CCS v9.6
1. Log in as domain administrator user.
2. Insert the Day 0 DVD in the PDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

6. After the station reboots, log in as the domain administrator user and restart
setup.exe.

B0700TK, Rev C 215

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

7. The CCS Software Installation dialog box appears. Select Perform a Day 1
operation on this CCS workstation (includes Release Update).

8. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

9. Click Install to install the Control Core Services packages.

216 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

10. A command window appears. Press any key to close the command window after
its execution is complete.
For detected errors, review the log file C:\Windows\Temp\2016OnMeshPDC_
Config_Day1_CreateComputerObjects.log folder.

The installation summary log appears.

B0700TK, Rev C 217

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

11. Click Finish on the dialog box that appears.

The Day 1 installation is complete.

Performing Repair Operations for On-Control Network PDC

Running CCS v9.6
1. Log in as domain administrator user.
2. Insert the Day 0 DVD in the PDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

218 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

6. After the machine reboots, log in as the domain administrator user and restart
setup.exe.
7. The CCS Software Installation dialog box appears. Select Perform a Repair
operation on this CCS workstation.

8. Click Install.

B0700TK, Rev C 219

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

9. Click Finish to close the dialog box.

The Repair installation is complete.

Performing Day 1 Operations for On-Control Network SDC Running

CCS v9.6
1. Log in as domain administrator user.
2. Insert the Day 0 DVD in the SDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

220 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

6. After the machine reboots, log in as the domain administrator user and restart
setup.exe.
7. The CCS Software Installation dialog box appears. Select Perform a Day1
operation on this CCS workstation.

8. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

B0700TK, Rev C 221

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

9. Click Install to install the Control Core Services packages.

The installation summary log appears.

10. Click Finish to close the dialog box.

The Day 1 installation is complete.

When the script has executed, press any key to close the dialog box and continue
with the installation. For detected errors, review the log file C:\Windows\Temp
\2016OnMeshPDC_Config_Day1_CreateComputerObjects.log folder.

222 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

Performing Repair Operations for On-Control Network SDC

Running CCS v9.6
1. Log in as domain administrator user.
2. Insert the Day 0 DVD in the SDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

6. After the machine reboots, log in as the domain administrator user and restart
setup.exe.

B0700TK, Rev C 223

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

7. The CCS Software Installation dialog box appears. Select Perform a Repair
operation on this CCS workstation.

8. Click Install.
9. Click Finish to close the dialog box.

The Repair installation is complete.

224 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

Updating an Existing Corporate PDC Running CCS v9.6

NOTE: It is recommended you perform backups of all existing software and
settings on the existing primary domain controller before proceeding with these
steps.

Performing Day 1 Operations for an Existing Corporate PDC

Running CCS v9.6
NOTE: Day 1 operation for Off Control PDC is only going to update Active
Directory components for any addition/deletion of CCS workstations configured in
the commit. That is the reason this workflow requires commit files.
1. Log in as domain administrator user.
2. Insert the Day 0 DVD in the PDC.
3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
5. The CCS Software Installation dialog box appears. Select Perform a Day 1
operation on this workstation.

B0700TK, Rev C 225

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

6. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

7. Click Next.
8. Click Apply.

As part of the Active Directory configuration process, a Command window

appears showing the status of the Active Directory domain settings execution.

226 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

When the script has executed, press any key to close the dialog box and continue
with the installation. For detected errors, review the log file C:\Windows\Temp
\OffmeshDay1CreateComputersObj.log folder.
9. Press any key to close the window. The Setting up the platform... window
appears.

10. Click Done to complete the installation.

Updating Domain Clients or Local Edition Workstations

Running CCS v9.6
Performing Day 1 Operations on a Domain Client or Local Edition
Workstation Running CCS v9.6
1. For domain client workstations, log in to the client as a user belonging to the “IA
Installer” group. For Local Edition workstations, use the Local Engineering User
Account.
2. Insert the Day 0 DVD in the client workstation.

B0700TK, Rev C 227

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

3. Run setup.exe.
4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

6. After the client reboots, login as the same user logged in previously. For domain
client workstations, log in to the client as a user belonging to the “IA Installer”
group. For Local Edition workstations, use the Local Engineering User Account.
Restart setup.exe.
7. The CCS Software Installation dialog box appears. Select Perform a Day1
operation on this CCS workstation.

228 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

8. Click Load. The browse dialog box appears. Select the desired Commit folder
and click Select Folder.

9. If the workstation is a switch host and at least one switch has been configured as
SNMPv3 in System Definition and after loading the commit files, Next will appear.
Click Next and a dialog box appears that asks for SNMP3 key information.
If no SNMPv3 information is required, proceed to Step 12. Note that in the dialog
box, the Local Edition Engineering User Account fields will only be dis-played for
a Local Edition installation.
If the SNMPv3 key information has already been set previously, the Reset the
SNMPv3 Key checkbox appears. Select this checkbox to modify the SNMPv3
key. The Key and Confirm Key fields will become enabled. If the SNMPv3 key has
not previously been set, the checkbox will not be present and the Key and
Confirm Key fields must be filled in.
Click Configure to configure the SNMPv3 key on the workstation. Alternatively, if
the key has already been set and does not need to be changed, proceed to Step
10.

B0700TK, Rev C 229

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

10. Click Install to start the installation.

230 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

11. Click Next. Click Install to install the Control Core Services packages.

12. Click Finish when the installation is complete.

After the installation is complete, the installation summary appears.

B0700TK, Rev C 231

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

NOTE: For domain client workstations, if the client requires a reboot, confirm
the PDC is online and running. When the client restarts, it is vital the PDC is
online and running because some of the services related to CCS v9.6 require
the PDC to be online at the machine startup.

Displaying the Correct Status

NOTE: If Control Software and Control HMI are already installed on the client,
after performing a Day 1 operation, the Control HMI Process and System options
appear in Cyan color.

1. Restart the Control Software Configurator.

2. Select Control HMI Startup and press Configure.
3. Reboot the machine.

Performing Repair Operations on a Domain Client Running CCS

v9.6
1. For domain client workstations, log in to the client as a user belonging to the “IA
Installer” group. For Local Edition workstations, use the Local Engineering User
Account.
2. Insert the Day 0 DVD in the client workstation.
3. Run setup.exe.

232 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

4. When the User Account Control (UAC) prompt appears, click Yes.
If Control Core Services are running, this dialog box appears.

5. Click Yes and reboot the workstation manually.

6. After the client reboots, login as the same user logged in previously. For domain
client workstations, log in to the client as a user belonging to the “IA Installer”
group. For Local Edition workstations, use the Local Engineering User Account.
Restart setup.exe.
7. The CCS Software Installation dialog box appears. Select Perform a Repair
operation on this CCS workstation.

B0700TK, Rev C 233

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

8. If the workstation is a switch host and at least one switch has been configured as
SNMPv3 in System Definition, after loading the commit files, Next will appear.
Click Next and a dialog box appears that asks for SNMP3 key information.
If no SNMPv3 information is required, proceed to Step 9. Note that in the dialog
box, the Local Edition Engineering User Account fields will only be dis-played for
a Local Edition installation.
If the SNMPv3 key information has already been set previously, the Reset the
SNMPv3 Key checkbox appears. Select this checkbox to modify the SNMPv3
key. The Key and Confirm Key fields will become enabled. If the SNMPv3 key has
not previously been set, the checkbox will not be present and the Key and
Confirm Key fields must be filled in.
Click Configure to configure the SNMPv3 key on the workstation. Alternatively, if
the key has already been set and does not need to be changed, proceed to Step
9.
9. Click Install to start the installation.

234 B0700TK, Rev C

Chapter 10: Updating Control Core Services v9.6 for Commit
Changes or Repairing Control Core Services v9.6 Software Installation Guide

10. Click Next. Click Install to install the Control Core Services packages.

11. Click Finish when the installation is complete.

NOTE: For domain client workstations, if the client requires a reboot, confirm
the PDC is online and running. When the client restarts, it is vital the PDC is
online and running because some of the services related to CCS v9.6 require
the PDC to be online at the machine startup.

B0700TK, Rev C 235

 Chapter 10: Updating Control Core Services v9.6 for Commit
Control Core Services v9.6 Software Installation Guide Changes or Repairing

Displaying the Correct Status

NOTE: If Control Software and Control HMI are already installed on the client,
after performing a Day 1 operation, the Control HMI Process and System options
appear in Cyan color.

1. Restart the Control Software Configurator.

2. Select Control HMI Startup and press Configure.
3. Reboot the machine.

236 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

Chapter 11: Post-Installation and Migration

Restoring the CSA Database
If you took a backup of CSA, restore the CSA files using the CSA_Merge utility as
described in Restoring CSA (CSA_Merge), page 286.
NOTE: If you perform a Day 1 operation in order to move the Compound
Summary Access (CSA) server package from one workstation with CCS v9.6 to
another workstation with CCS v9.6 and you have performed deployments to CNI
stations involving CNI hosted alarm destinations, this special action is needed.
Move the C:\ProgramData\Invensys\IASeries\AccessListEditor
\cs_devmon_CNI.cfg file from the old CSA workstation to the new CSA
workstation before initiating any subsequent deployments to the CNI stations.
Furthermore, you have to copy these CNI configuration files to the new CSA
server workstation:
• C:\ProgramData\Invensys\IASeries\AccessListEditor
\NamespaceMap.xml
• C:\ProgramData\Invensys\IASeries\AccessListEditor
\ConnectionSettings\CNI-Config.xml

Configuring Display Color Settings

The workstation and server platforms supported by Control Core Services v9.6 have
to use the “Highest (32 bit)” color quality display property value for the displays.
For H90 and H91 servers, see the information in the “Quick Restore” chapter of the
server’s applicable user’s guide.
For H92 workstations, see the “Installing and Updating Drivers” chapter of the
workstation’s applicable user’s guide.

Updating FCP270s, ZCP270s, FCP280s, and ATS Images

Perform an IMAGE UPDATE for Control Processor 270s (FCP270 and ZCP270),
FCP280s, and Address Translation Stations (ATSs) hosted by stations with Control
Core Services v9.6. For control processors, see the applicable user’s guide. You can
perform an image upgrade to the Control Core Services v9.6 image of the FCP280,
FCP270, or ZCP270 without initializing its database.
For ATSs, see Address Translation Station User's Guide (B0700BP) for instructions.
When the update process is finished, verify the station is at the correct image level.
For the latest EEPROM and image revision levels for Control Core Services v9.6, see
the appendix “EEPROM Revision Levels” in Control Core Services v9.6 Release
Notes (B0700TL).
For legacy control processors, see this same appendix in B0700TL for the latest
image version numbers for these modules supported by Control Core Services v9.6.

B0700TK, Rev C 237

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

Performing EEPROM Updates

Perform an EEPROM update of the FCMs and FBMs that are not at the revision level
specified for v9.6 software. For more information, see the appendix “EEPROM
Revision Levels” in Control Core Services v9.6 Release Notes (B0700TL).

Backing Up Hard Disks

See Veritas System Recovery 2016 Desktop, Server and Virtual Editions User’s
Guide (B0700HH) or Veritas System Recovery 18 User’s Guide (B0700HS) for
instructions.

Reconciling the Configuration

The last phase of the software installation process is the reconciliation phase.
Reconciliation is needed after every committed install (Day 0 or Day 1). The reconcile
process is used to update the software install status of each Control Core Services
package on each Schneider Electric station in the system configuration for the
Foxboro DCS system. The reconcile media is created on the Foxboro DCS system
after installation and imported into System Definition.
More information on the reconcile process can be found in “Reconciling the System
Configuration” in System Definition User's Guide (B0193WQ) for a complete
description of reconciliation.

Alarm Manager Multi-Head Video Configurations

By default, the Alarm Manager selects its window size based on the size of the overall
desktop. In a dual or quad-headed configuration, this choice might not be optimal.
After Control Core Services is installed, there are two methods that can be used to
change the size and position of the Alarm Manager:
• Use the graphical Alarm/Display Manager configurator, which is described in
Workstation Alarm Management (B0700AT)
• Manually edit the Alarm Manager configuration file.
1. Save a backup of this file:
D:\usr\fox\customer\alarms\cfg\am_def.cfg
2. Open the original am_def.cfg file in an editor (such as Wordpad or vi).
3. Corresponding to each type of Alarm Manager window is a line that contains the
string: WinSizPos.
These lines determine the size and position of each window, and can be edited to
provide a more desirable layout. The table provides the parameters available to
you to use in this string.
For example, in a configuration with four heads arranged in a 2x2 array, a good
choice is to make the windows quarter screen. To do this, change every
WinSizPos line to QUR for quarter screen, upper right. You can search and
replace these settings as long as case sensitivity is on.

238 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

Table 6 - WinSizPos Parameters

String Meaning
F Full
D__ Default size (__- see below)
_T_ Top
_L_ Lower
__L Left
__R Right
Q__ Quarter size (__- see below)
I__ Intermediate size (__- see below)
_U_ Upper
_L_ Lower
__L Left
__R Right

You have completed installation and configuration of the dual-head video card
drivers. Proceed to Installing the Control Core Services v9.6 Trailer Media (If
Provided), page 84 to install Control Core Services on your workstation.

Other Migration Considerations

Control Processor 270 and FCP280 Upgrade Recommendation
After the installation of the workstation software, it is recommended that Control
Processor 270s (FCP270 and ZCP270) and FCP280s hosted by workstations with
Control Core Services v9.6 have an image update. If this action is desired, careful
planning is needed.
For replacing workstations/servers with Windows 7 or earlier operating systems with
workstation/servers with later operating systems without rebooting their CPs and
without loading a different image version in them, see Procedure for Workstation
Upgrade without Control Processor (CP) Reboot (B0860CP).
For legacy control processors, see the appendix “EEPROM Revision Levels” in
Control Core Services v9.6 Release Notes (B0700TL) for the latest image version
numbers for these modules.

Migrating a FCP270 or ZCP270 Control Database from a System

with I/A Series Software v8.6 or Earlier
I/A Series software v8.7-v8.8 and Control Core Services v9.0 and later versions
include the LASTGV parameter, which enables the Last Good Value functionality in
the RIN and RINR blocks, as mentioned in V8.7 Release Notes and Installation
Procedures (B0700SE). When enabled, this functionality causes the previous value of
MEAS to be retained, and the value obtained from the current cycle to be ignored for
the block. See the sections called “Last Good Value” in the RIN and RINR chapters of

B0700TK, Rev C 239

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

Integrated Control Block Descriptions (B0193AX) for more information with regards to
this functionality.
Before I/A Series software v8.7, the LASTGV parameter did not exist for the RIN and
RINR blocks.
This LASTGV parameter defaults to a value of 1, which activates the Last Good Value
functionality (default setting, is not backward compatible with I/A Series software v8.6
or earlier). Therefore, when migrating control databases from systems with I/A Series
software v8.6 or earlier, the LASTGV parameter on RIN and RINR blocks will default
to 1, activating the Last Good Value functionality on these blocks where this
functionality did not previously exist.
Review your RIN and RINR blocks to determine the desired LASTGV parameter value
and update the parameter in your desired control configurator appropriately.
For more information on the RIN and RINR blocks, see Integrated Control Block
Descriptions (B0193AX).

Updating Sequence Block Code after Migration to a New Operating

System or NutCracker Version
You might encounter suboptimal conditions if you are using sequence blocks and
migrating from workstations running the Solaris operating system to workstations
running the Windows workstation or vice versa. You might also encounter similar
conditions when migrating between different versions of NutCracker software.
Before I/A Series software v8.2, preprocessor software behaved identically on both
Windows and Solaris platforms. Pre-v8.2 MKS NutCracker software was compatible
with the Solaris C preprocessor software.
However, I/A Series software v8.2-v8.8 and Control Core Services for the Windows
operating system was released with a newer version of MKS NutCracker. This version
of MKS caused some interoperability suboptimal conditions with Windows platforms
running the older version of the MKS NutCracker software, as well as with Solaris
workstations running the native Solaris C preprocessor software.
These tables give an overview of these conditions you might encounter when
migrating High Level Batch Language (HLBL) and Sequential Function Chart (SFC)
files between platforms and configurators, and general considerations for migrating
sequence block code.

Table 7 - General Migration Considerations

Foxboro DCS
ICC on Solaris ICC on Windows IACC on Windows Control Editors on
Description Platform Platform Platform Windows Platform
Precompiler Yes Yes Yes Yes
supports reserved
words
Precompiler No No No No
supports long
comments
Precompiler No No Yes Yes
supports long IF
statements

240 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

Table 8 - HLBL Migration Considerations

Foxboro DCS
ICC on Solaris ICC on Windows IACC on Windows Control Editors on
Description Platform Platform Platform Windows Platform
Precompiler is case Yes Yes No No
sensitive
Precompiler Yes No No No
replaces strings
included in single
quotes correctly
Precompiler Yes No No No
correctly expands
#define statements
Precompiler Yes No No No
correctly expands
#define statements
with comments
Precompiler needs No No Yes Yes
that a value is added
to #define
statements
Precompiler Yes Yes No No
supports “#if
defined” statements
Precompiler Yes Yes No No
supports redefinition
of #define values
Precompiler Yes Yes No No
supports conditional
inclusion
Precompiler Yes Yes No Yes
supports a directory
structure
Precompiler No Yes Yes Yes
removes white
space

B0700TK, Rev C 241

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

Table 8 - HLBL Migration Considerations (Continued)

Foxboro DCS
ICC on Solaris ICC on Windows IACC on Windows Control Editors on
Description Platform Platform Platform Windows Platform
Precompiler exhibits N/A N/A Yes N/A
text editor
suboptimal
conditions
Precompiler N/A N/A No Yes
supports spaces
behind #endif macro
Precompiler support Yes Yes No No
multi-line macros
separated by a
backslash ('\')
character at the end
of the line

Table 9 - SFC Migration Considerations

Foxboro DCS
ICC on Solaris ICC on Windows IACC on Windows Control Editors on
Description Platform Platform Platform Windows Platform
Precompiler has No Yes Yes Yes
suboptimal
conditions with
carriage return, line
feed, and tab
characters
Precompiler has No No Yes Yes
suboptimal
conditions with
single quotes

For additional information on control configuration, sequence blocks, and their

compilation, see these documents:
• High Level Batch Language (HLBL) User’s Guide (B0400DF)
• I/A Series Configuration Component (IACC) User's Guide (B0700FE)
• Sequence Block SFC Editor User's Guide (B0750AM)
• Sequence Block HLBL Editor User's Guide (B0750AL)
• Integrated Control Configurator (B0193AV)
• Sequential Function Chart/Structured Text Configurator and Display Manager for
Sequence Blocks (B0193UZ)

General Considerations
Using Reserved Words
Before migrating from a Solaris to a Windows workstation, confirm you have not
redefined any reserved words, such as AUTO, MANUAL, or FUNCTION. If you are
using a case-sensitive configurator and reserved words have been redefined, you can
resolve the concern by changing the case of the defined word (for example, auto,
manual, or function). This affects the SENDMSG command.

242 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

For a list of reserved words, see the “Keywords” section in High Level Batch
Language (HLBL) User’s Guide (B0400DF).

Using Long Comments and If Statements

The compiler cannot find labels if comments are too long or if the text is too long within
an IF loop. To resolve this concern, enter a carriage return after approximately 60
characters. Additionally, for a list of other sequence compiler limits, see “Sequence
Compiler Limits” in High Level Batch Language (HLBL) User’s Guide (B0400DF).

HLBL Code
These subsections describe the concerns with HLBL code that might appear when
migrating code between configurators and operating systems:

Case Sensitivity
When compiling code depending on which control configuration tool you are using,
you might want to know whether your code has maintained case-sensitivity.
NOTE: If you are upgrading from a non-case-sensitive configurator (ICC on
Solaris or Windows platforms) to a case-sensitive configurator (IACC or the
Control Editors), make certain your code does not contain tokens that differ only in
case, such as an uppercase macro name and a lowercase variable name.
ICC running on both Solaris and Windows platforms is case-sensitive, whereas the
IACC and the Foxboro DCS Control Editors applications (which both run on Windows
platforms) are not case-sensitive. For example, you might have case-sensitivity
suboptimal conditions if you are upgrading from ICC running on a Solaris platform to
the Control Editors running on a Windows platform, as shown in the example.
This code does not compile in the non-case-sensitive control configurators because
the uppercase BATCHTIME macro conflicts with the lower case batchtime variable:

Alternatively, this code will compile, because the batchtime variable has been
changed to batchtime1:

Replacement of Strings Included in Single Quotes

For ICC running on Solaris platforms, the precompiler will replace strings included in
single quotes, as in device := 'CHARG_VLV'. However, this is not the case for ICC
running on a Windows platform or for IACC and the Control Editors. The precompilers

B0700TK, Rev C 243

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

for these applications will not replace strings enclosed in single quotes. If you are
upgrading from a Solaris platform to a Windows platform, you will have a suboptimal
condition if the code contains strings enclosed in single quotes that are meant to be
replaced by macros, as shown in the example.
In this code snippet, the precompiler will not substitute RX_101:XV101_1A wherever
CHARG_VLV appears, because the CHARG_VLV string is within single quotes. This
condition occurs for ICC running on a Windows platform, as well as IACC and the
Control Editors.

Alternatively, if the code was changed, the precompiler will substitute RX_101:
XV101_1A wherever sCHARG_VLV appears, and RX_101:XV101_1A wherever
CHARG_VLV appears.

TIP: If you are upgrading from ICC running on the Solaris platform to ICC, IACC,
or the Control Editors running on a Windows platform, confirm the code does not
contain strings enclosed in single quotes that are meant to be replaced by macro
text. Include the single quotes in the macro definition instead.

Expansion of #define Statements

Expansion of #define Statements Precompilers on Solaris platforms and Windows
platforms expand #define macros in the code differently. The Windows operating
systems take everything after the macro name and blindly substitutes it into the code,
where the Solaris operating system will remove comments of the type {} and will
recognize that substitution not be made if the macro name is included in a string. For
example, consider this code:

On a Windows operating system this code expands:

The comment included in the H2O_SetPt line is not standard coding practice, but the
text will compile and run on both Windows and Solaris platforms. However, the
substitution that the Windows precompiler makes on the MESSAGE line is incorrect.

244 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

Expansion of #define Statements with Comments

If there are spaces between the #define declaration and a comment, suboptimal
conditions might occur.
For example, consider this code:

On a Windows operating system, this code expands:

TIP: If you are upgrading from an ICC on Solaris platforms to ICC, IACC, or the
Control Editors on a Windows platform, make certain all the macros contained in
define statements are expanded properly in the Sequence code. If there are
spaces before comments, remove the spaces. For example, modify the code to
read:

Value Added to #define Statements

For precompilers associated with ICC on both Windows and Solaris platforms, define
statements do not need to have a value assigned:

However, for IACC and the Control Editors, a value has to be added to the define
statement in order for the code to compile:

In the example, macros without a value assigned are not supported for the
precompilers associated with IACC and the Control Editors, whereas the statements
are valid for ICC on Windows and Solaris platforms.

In the modified example, a value is assigned to the BATCHTIME macro, so the code is
accepted by the precompilers:

B0700TK, Rev C 245

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

TIP: If you are upgrading from a ICC on Solaris or Windows platforms to IACC or
the Control Editors on a Windows platform, make certain all the macros contained
in define statements are assigned a value.

Conditional Inclusion Support

The precompilers associated with ICC running on Solaris and Windows platforms
provide conditional inclusion support. However, you might need to make modifications
if you are migrating from ICC on Solaris or Windows platforms to IACC or the Control
Editors on Windows platforms, or vice versa.
Conditional inclusion commands like if, ifdef, or ifndef, allow parts of the source code
to be included or ignored during compilation. The condition can be tested based on
the value of a constant expression or on whether a macro name is defined. If the
conditional inclusion command tests for equality, the test has to contain only one
equal sign (‘=’) if you are using IACC or the Control Editors.
For example, the code containing conditional “if” statements does not compile on
IACC or the Control Editors:

In the modified example, only one ‘=’ character is used in the equality test. This code
compiles on IACC and the Control Editors.

TIP: If you are using conditional inclusion statements and you are upgrading to
IACC or the Control Editors, make certain equality tests only use one equal sign.

246 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

Directory Structure
The ICC running on Solaris and Windows platforms and the Control Editors allow a
directory structure for individual include files, whereas IACC does not allow a directory
structure.
For example, these images show an example of a directory structure that could have
been used with ICC or the Control Editors and the sequence code that references the
files in the directory structure. Specifically, the #include statements are referencing
files that reside in the D:\opt\HLBL\Global and D:\opt\HLBL\SBR directories,
such as book_release.s and msg_disp.sbr.

B0700TK, Rev C 247

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

However, the directory structure shown in the first figure is not supported when you
are migrating from ICC or the Control Editors to IACC. To work around this, you can
use the “Text Objects” names in IACC to mimic the original file structure.

Creating a Text Object

Text objects are library objects that contain Structured Text (ST) code and can be
inserted into the sequence block code. To mimic the original file structure in IACC,
perform these steps to create a text object and add code to it.
1. In the IACC Project Navigator, expand System > Libraries > Text Objects.
2. Right-click Text Objects and select New Text Object from the menu.
3. A new object with a default name is added under the Text Objects branch. The
default name is highlighted, and you can change the name at this point.
4. Give the Text Object a new name using the convention <pathname>_<filename>.
For example, give the D:\opt\HLBL\SBR\msg_disp.sbr file the name opt_
HLBL_S-BR_MsgDisp.sbr.

248 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

5. Add code to the Text Object:

a. Double-click the object to open the ST Code Editor.
b. Copy the text from the included file and paste it into the Text Object in IACC.
c. Update the filenames in throughout the sequence code. You could do this by
performing a find and replace operation to replace “/opt/HLBL/SBR/” with
“opt_HLBL_SBR_”.
d. Verify, compile, and save the code in the Text Object.

NOTE: If you are migrating to IACC, manually copy and paste the files into
the IACC configurator and use the “Text Objects” library name to mimic the
old file structure. See “Creating and Editing Text Objects” in I/A Series
Configuration Component (IACC) User's Guide (B0700FE).

Text Editor Concerns

The Structured Text (ST) Code Editor is a text editor built into IACC for creating and
editing HLBL code for sequence blocks. The ST Code Editor in IACC does not allow
you to edit the first line in the sequence block. To work around this condition, you have
to import the proper code manually on a per-block basis, rather than compiling
sequence blocks using the bulk HLBL block compiler.

B0700TK, Rev C 249

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

NOTE: If you are migrating to IACC, import the code manually on a per-block
basis. See “Compiling the HLBL Code” in I/A Series Configuration Component
(IACC) User's Guide (B0700FE).

Space Behind #endif Macro

In IACC, spaces behind endif statements lead to compilation detected errors. This
suboptimal condition does not occur for ICC on Solaris and Windows platforms or the
Control Editors.
Because there is a space after the endif statement, the code in the example will not
compile in IACC:

IACC accepts the code in this example:

NOTE: If you are migrating to IACC, remove spaces after endif statements.

SFC Code
These subsections describe the concerns with SFC code that might appear when
migrating code between configurators and operating systems.

250 B0700TK, Rev C

Chapter 11: Post-Installation and Migration Control Core Services v9.6 Software Installation Guide

Carriage Return, Line Feed, Tab

If you attempt to migrate code from a Solaris platform (ICC) to a Windows platform
(ICC, IACC, or the Control Editors), the carriage return, line feed, and tab characters
appear in the migrated text:

NOTE: After migrating code from Solaris to Windows, replace the carriage return,
line feed, and tab characters that are not imported correctly into SFC/ST Display
Manager. See SFC V2.0 Release Notes (Windows XP and Windows Server 2003
Platforms) (B0400QR) or SFC V2.0 Release Notes (Solaris Platform) (B0400QS)
for information on migrating sequence blocks between Windows and Solaris
platforms.

Single Quote Concerns

In IACC, the SFC code will not compile because there is a single quote in the
comment.

If a single quote appears in a comment, the detected error message in this image
appears.

However, this SFC code with the single quote removed will compile in IACC:

Alternately, the Control Editors deal with this detected issue internally by removing
any single quotes embedded in comments before compilation. The source code is not
changed and successfully compiles, but the single quote characters have been
removed from the compiled code.

B0700TK, Rev C 251

Control Core Services v9.6 Software Installation Guide Chapter 11: Post-Installation and Migration

NOTE: After migrating code to IACC, make certain there are no single quotes
embedded in comments. To work around this suboptimal condition, you could
either replace the single quote with another character or remove the single quote
character, for example “can’t” would become “cant” or “cannot”.
If you are migrating code to the Control Editors, keep in mind the compiled code
will not contain the single quote character if it was embedded in a comment.

Migrating a Control Database to an FCP280, FCP270, or

ZCP270
You can migrate a control database from a CP60 to an FCP280, FCP270 or ZCP270
provided the database is configured correctly. Database validation logic in the
FCP280, FCP270 or ZCP270 has been improved since the CP60, and databases
containing configuration detected errors that are undetected by a CP60 will not load
correctly into an FCP280, FCP270 or ZCP270. Before performing the control
database migration and loading the database for use with an FCP280, FCP270 or
ZCP270, you have to correct these configuration detected errors to improve proper
system performance.
First, check the periods and phases of the ECB200/ECB202 blocks and their
associated DCI blocks to make certain there are no phasing discrepancies. DCI block
execution frequency cannot be faster than its associated parent ECB200/ECB202
execution frequency. The period/phase of the associated child ECB201 is irrelevant to
the DCI block execution. DCI blocks have to be configured to run on a multiple of both
the ECB200/ECB202 phase and the phase of the compound containing the DCI block.
For example, an invalid configuration can include a DCI block configured for 0.5
second execution, but the block’s parent ECB200/ECB202 is configured for 1 second
execution. This invalid configuration condition goes undetected in the CP60, but will
disallow the database from being loaded on an FCP280, FCP270 or ZCP270. Before
I/A Series software v8.0 the entire set of DCI blocks is: BIN, BINR, BOUT, IIN, IOUT,
PAKIN, PAKOUT, PLSOUT, RIN, RINR, ROUT, STRIN, and STROUT.
Second, if you are migrating a control database from a Nodebus CP to an FCP280,
FCP270 or ZCP270, note that databases containing the MVC (Multivariable Controller
Block) and MVL (Multivariable Loop Block) blocks will not load into an FCP280,
FCP270 or ZCP270.

Validating FCM100E and FCM100Et Settings (ZCP270 Only)

The validation for FCM100E and FCM100Et ECBs has been tightened with I/A Series
software v8.5-v8.8 or Control Core Services v9.0 and later to confirm the correct files
are downloaded during any FCM software updates. The software type and the
hardware type in the FCM ECB are separately validated, and each is needed to be set
to 210. If either is incorrectly set during creation of the FCM ECB, a “E28 - INVALID
SOFTWARE/HARDWARE TYPE” system message will result. This E28 system
message also occurs when loading the control database where the incorrect values
have been saved from less stringent systems.
If such a detected error occurs during a LoadAll, neither the FCM nor the FBMs below
it appears in system management software. To recover, perform one of these:
• Before saving the control database, correct the FCM ECB’s by setting the
Hardware Type and Software Type to 210.
• After the LoadAll completes, re-enter the ECB with the corrected values in place.
With the corrected FCM ECB in place, the FBMs automatically re-attached.

252 B0700TK, Rev C

Appendix A: Startup Options Control Core Services v9.6 Software Installation Guide

Appendix A: Startup Options

• For Local Edition Control Core Services installations, see “Control Core Services
Startup and Security Options” in Control Core Services v9.6 Release Notes
(B0700TL).
• For Enterprise Edition Control Core Services installations, see “Control Core
Services v9.x Startup and Logon Options” in Foxboro DCS Security
Implementation Guide (B0700HM).

B0700TK, Rev C 253

Control Core Services v9.6 Software Installation Guide Appendix B: Changing the Station Name

Appendix B: Changing the Station Name

The Windows workstation or server name has to match the workstation or server
letterbug name as it was configured in SysDef and saved onto your Commit
installation media before you install the Control Core Services. For systems with
multiple workstations or servers, you have to change the default workstation/server
names.
The Foxboro DCS workstation/server letterbug is an uppercase six-character
alphanumeric workstation name recognized by the Control Core Services. The
letterbug is defined during System Definition and is written to the Commit installation
media.
To make your workstation or server letterbug name match your host name, perform
these steps.
1. Right-click on This PC on the desktop and select Properties.
2. In the System Properties dialog box, select the Computer Name tab.

254 B0700TK, Rev C

Appendix B: Changing the Station Name Control Core Services v9.6 Software Installation Guide

3. In the Computer Name tab, click Change. The Computer Name Changes dialog
box opens.

4. In the Computer Name Changes dialog box, click Computer Name and (using
only uppercase characters) change the name to the applicable letterbug
assignment on the Commit. Click OK.
NOTE: The Computer Name field has to contain six (6) uppercase characters
and numbers.
5. Click Workgroup in the “Member of” section of the Computer Name Changes
dialog box and confirm the workgroup name is WORKGROUP.
6. In the Computer Name Changes dialog box, click OK.
7. Click OK to close the System Properties dialog box.
8. This message box opens asking if you want to restart your computer. Click OK.

9. When the system restarts, it logs you on as the “Account1” user account.
Proceed with the Control Core Services installation.

B0700TK, Rev C 255

Control Core Services v9.6 Software Installation Guide Appendix C: Control Network Configurator

Appendix C: Control Network Configurator

The Control Network Configurator application installs the COMEX protocol and
Redundant Ethernet Data Link (REDL) virtual adapter, and configures Internet
Protocol (IP) addresses for stations on the control network. A station, such as a
workstation with Windows 10 or server with Windows Server 2016 Standard, can have
one or two connections to the control network (if it has one or two switch connections
in System Definition).
The Control Network Configurator provides a user interface to select the Network
Interface Cards (NICs) for these connections.

Selecting NICs
In Windows 10 and Windows Server 2016 Standard, it is no longer possible
programmatically to determine the slot of each NIC, so the Control Network
Configurator attempts to map the location of each NIC, based on the platform and
BIOS settings. If this mapping does not succeed, the location of each NIC is listed as
“Unknown”.

When NIC locations are “Unknown”, you need to manually select the NICs for the
control network connections. This procedure is recommended.

256 B0700TK, Rev C

Appendix C: Control Network Configurator Control Core Services v9.6 Software Installation Guide

1. Disconnect each of the Ethernet cables except those from the control network
(and from the Off-Control Network Domain Controller, if one is in use).
NOTE: It is not advisable to assign static IP addresses to the workstation
NICs before running the Control Network Configurator. If the configurator
reports an IP conflict, find the adapter with the duplicate IP address, change it
to use DHCP, and run the configurator again.
2. Display the Network Connections (Start > Network and Sharing Center >
Change adapter settings or by entering view network connections from the
Start menu search bar) and set the view to Details.

3. By default, the columns are not wide enough to display the necessary
information. Resize the Device Name column so it is wide enough to show the
entire text:

4. Identify and record the Device Names that lack a red X next to their icons. Select
these Device Names in the Control Network Configurator.
NOTE: Take care not to confuse Names with Device Names. In the example,
the Allied Telesis adapter 2 is not the same NIC as Local Area Connection 2.

B0700TK, Rev C 257

Control Core Services v9.6 Software Installation Guide Appendix C: Control Network Configurator

5. If installing with an Off-Control Network Domain Controller, you are prompted to

select the NIC connected to the Domain Controller’s network.

6. After selecting the NIC for the Off-Control Network Domain Controller (or if
installing without one), you are prompted to select the NIC(s) connected to the
control network.

NOTE: A NIC selected for the Off-Control Network Domain Controller will be
removed from the list of available NICs when selecting the control network
connection(s).
Unless there is a detected error or further user interaction is needed, the Control
Network Configurator exits silently. If no system message is returned, this
indicates a successful installation.

Post Day 0 Operations

After adding, replacing, or moving a NIC, run the Control Network Configurator to
maintain proper network bindings.
NOTE: You must run the Control Network Configurator after restoring a
workstation image from a backup created on different hardware (for example,
when replacing hardware that has suboptimal conditions).
Open the configurator (Start > Foxboro DCS Control Core Services > Control
Network Configurator or by entering “Control Network Configurator” from the Start
menu search bar).

258 B0700TK, Rev C

Appendix C: Control Network Configurator Control Core Services v9.6 Software Installation Guide

• The Control Network Configurator cannot run while the control networking is
enabled. If necessary, it will turn off Control Core Services and restart the
workstation before running.
• The Control Network Configurator can only be run by users with administrator
credentials.
The configurator remembers the selections made on previous installations. Previously
selected NIC(s) will be checked; you can leave them checked or select new NIC(s). If
you originally installed The Control Network Configurator with an Off-Control Network
Domain Controller, it prompts you to select the NIC connected to the Domain
Controller’s network.
NOTE: The Control Network Configurator does not support Post Day 0 Operations
on single-NIC configurations.

Changing the IP Address of the Off-Control Network NIC

On Enterprise Edition installations using Off-Control Network Domain Controllers, run
the Control Network Configurator to change the static IP address of the Off-Control
Network NIC.
1. Turn off the Control Core Services and restart the workstation.
2. Open a command prompt in an elevated mode by opening Start, searching for
cmd.exe, and then right-clicking it and selecting Run as administrator.
3. In the command prompt, navigate to the directory C:\Drivers\Schneider
Electric.
4. Execute the command mesh_netcfg.exe -i <ip_address>-m <netmask> to start
the Control Network Configurator.
<ip_address> is the new IP address and <netmask> is the corresponding
netmask.
5. When prompted, leave the previously selected NIC(s) selected and click Next.
6. When the configurator is done, turn on the Control Core Services and restart the
workstation.
To configure a workstation to use DHCP instead of a static IP address for its Off-
Control Network NIC, use these steps but replace the mesh_netcfg.exe command
in Step 4 with mesh_netcfg.exe -d.

Identifying Cable A and Cable B

When two connections to the control network are configured, the connection in the
lower numbered slot is considered Cable A, while the connection in the higher
numbered slot is considered Cable B. (If the slots are not numbered, the top slot is
Cable A, while the bottom slot is Cable B.)
If one Ethernet port is a PCI slot and the other is an Integrated port, the PCI Slot is
Cable A and the Integrated port is Cable B. This configuration is not recommended.
Due to operating system limitations, if the locations are “Unknown”, the Cable A and
Cable B selection will be non-deterministic, and might change each time you run the
configurator. In this case, the cables have to be manually identified by unplugging
each cable and noting which cable is marked “bad” in your System Management
tools. For details, see “Workstations, Peripherals, and Network Printers” in System
Manager User’s Guide (B0750AP) or “Monitoring the System” in System Management
Displays (B0193JC).

B0700TK, Rev C 259

Control Core Services v9.6 Software Installation Guide Appendix D: Troubleshooting

Appendix D: Troubleshooting
Setting Time Correctly Software Installation Cannot
Continue After Reboot (SDC or Domain Client)
If after connecting an SDC or an Active Directory domain client to a Control Core
Services domain and the software installation does not continue after a reboot, the
system time might not have been set correctly. An indication this has occurred is that
the software installation attempts to continue but will not until a username and
password is provided for an account with administrative privileges.
To verify if the time has not been properly set, confirm the group policies are being
applied.
1. On a Windows Server 2016 Standard server, click Start, and in the Search
programs and files text box, enter rsop.msc and double-click the application
when it appears in the list.
2. In the Resultant Set of Policy window, right-click on Computer Configuration
and select Properties. The red X on the Computer Configuration entry indicates
a suboptimal condition occurred when applying policies on this station.

3. In the Computer Configuration Properties dialog box, select the Error

Information tab to view the detected errors for this policy set. The detected error
indicates the time does not match the time on the domain controller: “The clocks
on the client and server machine are skewed.”

260 B0700TK, Rev C

Appendix D: Troubleshooting Control Core Services v9.6 Software Installation Guide

4. If the detected error is found on your system, fix the time on the SDC or domain
client as described in the “Preparing the Server” of the appropriate chapter for
your station in this document and reboot. After rebooting, the software installation
can be restarted by running Setup.exe on the installation DVD.
Accept the UAC request in order to start the installation.

System Message During NIC Binding

Occasionally, the message in this figure might appear while binding the NIC cards
during the Control Core Services v9.6 installation. Upon encountering this message,
retry the NIC binding operation. Retrying a NIC binding will be successful in most
cases. An upcoming patch from Microsoft will resolve this issue in the Windows
operating system. However as of the publication of this document, no date has been
announced yet for the release of this patch.

B0700TK, Rev C 261

Control Core Services v9.6 Software Installation Guide Appendix D: Troubleshooting

262 B0700TK, Rev C

Appendix E: SNMP Community String Configuration (SNMPv1
Only) Control Core Services v9.6 Software Installation Guide

Appendix E: SNMP Community String Configuration

(SNMPv1 Only)
You can configure the SNMP community string for workstations with Windows 10 and
servers with Windows Server 2016 Standard running SNMPv1.
NOTE: This legacy appendix only applies to workstations and servers with
SNMPv1.
SNMP (Simple Network Management Protocol) is an Internet protocol used in network
management systems to monitor network-attached devices such as workstations,
servers, routers, switches, and so forth.
The SNMP community string is a text string that acts as a password to authenticate
messages that are sent between the management software and the device (the
SNMP agent). This string has to be configured in two places: the SNMP service
(included with the Windows operating system) and the Server Manager configuration
file. Configure it only after the Control Core Services have been installed on the
workstation or server.
NOTE: The community string is case-sensitive and has to be identical in both
places.

Configuring the SNMP Service

1. Log on with an account that has administrative privileges.
2. Right-click Start > Control Panel > Administrative Tools > Services.
3. Scroll down to the SNMP Service, right-click on it, and then click Properties.
4. In the SNMP Service Properties dialog box, select the Security tab.
5. During the initial installation of the Control Core Services, a default “Inven5s5”
community string is added to the workstation/server. If this default string is
present in the Accepted community names field, you have to remove it. After the
initial installation of the Control Core Services, this default string is listed in the
servm.cfg file.
a. Using Windows/File Explorer, navigate to the D:\usr\fox\sysmgm\smat\
folder.
b. If present, open the text file named: servm.cfg
If this file is not present, it is likely that the default string has already been
removed at an earlier time, and you can skip to Step 8.
c. In the servm.cfg file, locate the default string, adjacent to the text “default_
string: ”. Now you can close the servm.cfg file.
d. When you know the default string, click that string in the Accepted
community names field in the SNMP Service Properties dialog box, and click
Remove.

B0700TK, Rev C 263

 Appendix E: SNMP Community String Configuration (SNMPv1
Control Core Services v9.6 Software Installation Guide Only)

6. Under “Accepted community names” area, click Add….

7. Select the appropriate permission level for the community string in the
“Community Rights” list to specify how the host processes SNMP requests from
the selected community. Normally, READ ONLY is recommended.
8. In the “Community Name” box, enter your community string.
NOTE: Be aware your community string is case-sensitive.
9. Click Add.
To limit the acceptance of SNMP packets, click the Accept SNMP packets from
these hosts bullet. Click Add…, and enter the appropriate host name, IP address
or IPX address in the Host name, IP or IPX address box. You can restrict the
access to the local host (127.0.0.1) or only specific servers by using this setting.
10. Click OK when done.
11. For the settings to take effect, right-click the SNMP service from the Services
window. Stop and restart the SNMP service.

Configuring the Server Manager Configuration File

1. Using Windows/File Explorer, navigate to the D:\usr\fox\sysmgm\smat\
folder.
2. Open (or create) the text file named: servm.cfg

264 B0700TK, Rev C

Appendix E: SNMP Community String Configuration (SNMPv1
Only) Control Core Services v9.6 Software Installation Guide

3. Enter the community string using this format:

default_string: yourcommunitystring
(Enter the same string you used in Configuring the SNMP Service, page 263)
4. Save the file and reboot.

Community String Recommendation

For cybersecurity purposes, it is highly recommended a well-known default
community string such as “public” is not used. Use a string that is compliant with your
site’s password complexity policy.

B0700TK, Rev C 265

Control Core Services v9.6 Software Installation Guide Appendix F: Telnet Installation

Appendix F: Telnet Installation

You can install the optional application telnet on systems with Windows 10 and
Windows Server 2016 Standard operating systems.
By default, telnet is not installed on systems with Windows 10 and Windows Server
2016 Standard operating systems.

Installing Telnet on Workstations with Windows 10

Operating System
1. Log on to the workstation using an account with administrative privileges.
2. Right-click Start > Control Panel > Programs and Features.
3. Click Turn Windows features on or off in the left pane.
4. Scroll down and select the Telnet Client checkbox.

5. Click OK to close the Windows Features dialog box. The telnet application is
installed.
To use the telnet application, open a command prompt window and enter telnet
to start a session.

Installing Telnet on Servers with Windows Server 2016

Standard Operating System
1. Log on to the server using an account with administrative privileges.
2. Right-click Start > Control Panel > Programs and Features.

266 B0700TK, Rev C

Appendix F: Telnet Installation Control Core Services v9.6 Software Installation Guide

3. Click Turn Windows features on or off in the left pane. The Server Manager
window opens.

4. Click Features in the left pane

5. Click Add Features in the right pane. The Add Features Wizard opens.
6. Scroll down and select the Telnet Client checkbox.

B0700TK, Rev C 267

Control Core Services v9.6 Software Installation Guide Appendix F: Telnet Installation

7. When Confirm Installation Selections opens, click Install.

8. A dialog box appears indicating the installation progress. When the installation is
completed, click Close.
To use the telnet application, open a command prompt window and enter telnet
to start a session.

268 B0700TK, Rev C

Appendix G: Printer Sharing Control Core Services v9.6 Software Installation Guide

Appendix G: Printer Sharing

As with previous Microsoft operating systems, Windows 10 and Windows Server 2016
Standard allow a printer to be shared by multiple stations. However, to do this,
Microsoft needs the Windows Firewall service to be enabled.
NOTE: Enabling this service does not mandate the Microsoft Windows Firewall to
be used. For Foxboro DCS workstations and servers, Schneider Electric provides
the McAfee configurable firewall as the preferred firewall and recommends the
Microsoft Windows Firewall not be used.

Turning On the Windows Firewall Service

1. Log on to the workstation or server using an account that has administrative
privileges.
2. Right-click Start > Run. Enter Services.msc to open Services windows.
3. In the Services window, scroll down to the Windows Firewall service, right-click
on it, and click Properties.
4. Change the “Startup type” to Automatic. Click Apply.
5. Click Start.
6. Click OK.
7. Close the Services window.
The Windows firewall is automatically turned on when this service is enabled. The
firewall has to be turned off as described in Turning Off the Windows Firewall
Service, page 269.

Turning Off the Windows Firewall Service

1. Right-click Start > Control Panel > System and Security > Windows Firewall.
2. At the left edge of the window, click Turn Windows Firewall on or off.

B0700TK, Rev C 269

Control Core Services v9.6 Software Installation Guide Appendix G: Printer Sharing

3. In each section, select Turn off Windows Firewall (not recommended).

4. Click OK.
5. Close the Windows Firewall window.
NOTE: If you are on an Enhanced Security system, you will also see a
category for Domain network location settings.
In an Enhanced Security system, these settings are managed through Group
Policies and might not be modifiable on the client station.

Sharing a Printer
1. Click Start > Devices and Printers.
2. Right-click the icon of the printer that is to be shared and select Printer
properties.
3. In the Properties dialog box, click the Sharing tab.

270 B0700TK, Rev C

Appendix G: Printer Sharing Control Core Services v9.6 Software Installation Guide

4. Click Change Sharing Options if it appears.

5. Select the Share this printer checkbox and enter a Share name.
6. If this printer will be shared with a station that has a 32-bit OS (such as an x86
version of Windows), install additional drivers (before setting up the station with
Windows) by clicking Additional Drivers… and by selecting the x86 checkbox.
Otherwise, click OK. If you see this system message, the Windows Firewall
service has not been turned on as described in the previous section:
Operation could not be completed (Error 0x000006D9)

Connecting to a Shared Printer on Another Control Core

Services Station
To use the shared printer from another Control Core Services station, run the “Add
Printer” wizard on that station. For a station with Windows 10 and Windows Server
2016 Standard:
1. Click Start > Devices and Printers.
2. Click Add a printer at the top (or right-click in the window and select Add a
printer).

B0700TK, Rev C 271

Control Core Services v9.6 Software Installation Guide Appendix G: Printer Sharing

3. Click Add a network, wireless or Bluetooth printer.

4. In the Add Printer dialog box, click The printer that I want isn't listed.
5. Click Select a shared printer by name.
6. Enter the location of the printer, e.g., \\computername\printername, where
“computername” is the name of the computer hosting the printer and
“printername” is the share name you chose in Sharing a Printer, page 270.
7. Click Next. If prompted to install drivers to finish the install, click Yes and respond
to the prompts.

272 B0700TK, Rev C

Appendix H: Installing Optional Software Control Core Services v9.6 Software Installation Guide

Appendix H: Installing Optional Software

You can install optional software on your workstation/server/domain client. After
installing Control Core Services installation and restarting the station, you might need
to perform one or more of these tasks:
• If not already installed, install FoxView and FoxDraw software from the FoxView/
FoxDraw CD. See FoxView and FoxDraw Software V10.6.1 Release Notes
(B0700TE) for installation instructions.
• Install Wonderware® Historian according to the instructions provided in
Wonderware® FactorySuite® IndustrialSQL Server™ Installation Guide. Perform
one of these actions:
◦ The Wonderware Historian can be installed on workstations/servers with
Control Core Services or on “off-platform” workstations/servers that is,
stations without Control Core Services.
◦ Install AIM*Historian software according to the instructions provided with the
AIM*Historian media.
• If desired, install Foxboro DCS Control Software according to the instructions
provided with the Control Software Installation Guide (B0750RA). This might
include the Control Editors and Control HMI applications:
◦ Control HMI and its components has to be installed on workstations/servers
with Control Core Services installed.
◦ The Control Editors and Galaxy Repository can be installed on workstations/
servers with Control Core Services or on “off-platform” workstations/servers
that is, stations without Control Core Services.
• It is highly recommended you install FERRET software after installing Control
Core Services v9.6. See FERRET User's Guide (B0860BU) for installation
instructions and FERRET Installation and Release Notes (B0860RU) for
information on using the FERRET software. These documents are available in
PDF format on the FERRET CD.
• Install System Manager. On stations that have at least the IASVCS package
configured in System Definition, System Manager can be installed. During
installation, System Manager Service is cleared by default. Only select to install
the System Manager server on a limited number of workstations on your network.
Also note the System Manager client can only connect to a System Manager
service of the same version. See System Manager User’s Guide (B0750AP) for
more details.
• To use ICC, Operator Action Journal, PLB Monitor, or PLB Editor in Control Core
Services v9.6, you need to install the independent package “Foxboro Classic
Software Support” media. Foxboro Classic Software Support is separately
purchasable media from Control Core Services and not required for all
configurations. If the system has been updated from Control Core Services v9.4,
Foxboro Classic Software Support media is not required.

B0700TK, Rev C 273

 Appendix I: InBatch/Batch Management Installation on
Control Core Services v9.6 Software Installation Guide Windows 10 and Windows Server 2016

Appendix I: InBatch/Batch Management Installation

on Windows 10 and Windows Server 2016
Workarounds are required to install batch software on Windows 10 and Server 2016
machines when using Control Core Services v9.6 or Control Software 7.3.
Be advised the name of our batch software has changed beginning with the v12.0
version. The product is now known as Batch Management. The InBatch name is only
used for versions up to and including v11.5.1.
Two types of batch software installations are available:
• Batch with IA Components - an InBatch or Batch Management installation where
the AIM* API is the interface between the batch software and the Foxboro DCS.
This installation can still be using the Control Editors within the Galaxy, but the
runtime interface is through AIM* API.
• Batch with System Platform - installing InBatch or Batch Management together
with the Control HMI. The interface between the batch software and the Object
Manager is through the Control Software DI Object.
Each type of batch installation requires a different version of batch software as an
incompatibility exists with Batch Management v12.1 and the version of System
Platform that is used with Control Software 7.x.

Table 10 - InBatch/ Batch Management Compatibility

Installation Type Foxboro DCS Versions Batch Version

Batch Management with CCS 9.6 12.1
IA Components
InBatch with System CCS 9.6, CS 7.3 11.5
Platform

InBatch 11.5 has been qualified for use with Windows Server 2016, provided the
installation procedure discussed in this appendix is performed.
Be advised some Domain Policies might interfere with the InBatch reporting package
when installing all versions of Batch Management or InBatch software.

Additional Steps When Installing Batch Software on

Foxboro DCS
The InBatch Compatibility Matrix with Foxboro DCS v11 spreadsheet informs you
about what version of InBatch is compatible with each version of I/A Series, Control
Core Services (CCS), and Control Software. It is part of article KA000005721 on the
Global Customer Support website.
1. (InBatch v11.5 only) Update the Registry to indicate the level of Control Core
Services that is installed. On all machines where IA Components will be installed,
confirm the Registry contains this specific key:
HKLM\SOFTWARE\Foxboro\IA Series\CurrentVersion\Version
If necessary, use RegEdit to create this key. You do not have to add content to
this key. This key is required by InBatch to trigger the installation of the IA
Components software.

274 B0700TK, Rev C

Appendix I: InBatch/Batch Management Installation on Windows
10 and Windows Server 2016 Control Core Services v9.6 Software Installation Guide

2. (InBatch v12.1 only) Installation of Historian Server.

It is recommended the Historian Server software be installed directly from the
Wonderware System Platform DVD. The installation process within Control
Software will install a Platform on the Historian server. This version of the
Platform is not compatible with Batch Management 12.1.
3. (InBatch v11.5 only) Installation of InBatch Reporting Package.
a. Install IIS URL Rewrite Module2 (64 bit). This needs to be downloaded from
Microsoft:
https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-
BE2A-5859ED1D4592/rewrite_amd64_en-US.msi
When installing this package, right-click this package and select Run as
Administrator.
b. Install InBatch.
4. (All batch software) Modify the policies for the Reporting Server. To generate
Reports on the Reporting Server, the policies affecting Internet Explorer need to
be updated. If the system is using a Domain Controller (Enterprise Edition),
proceed to Modifying Domain Policy for Enterprise Edition CCS v9.6, page 275. If
the system is using local security policies (Local Edition), proceed to Modifying
Local Policies for Local Edition CCS v9.6, page 278.

Modifying Domain Policy for Enterprise Edition CCS v9.6

1. Log on to the PDC using your domain administrator credentials (ex:-
CCSDomainAdmin).
2. Open the Group Policy Management console by selecting Start > Run and typing
gpmc.msc.
3. Edit the GPO “SE Win10 Computer Security Compliance v1.0”:
a. In the left pane of the Group Policy Management console, expand the nodes:
Group Policy Management > Forest:<forest name> > Domains >
<domain name> > Group Policy Objects.
b. Right-click on the GPO SE Win10 Computer Security Compliance v1.0
and from the menu, select Edit…. The Group Policy Management editor
opens.
c. Expand the nodes: Computer Configuration > Administrative Templates
> Windows Components > Internet Explorer > Internet Control Panel >
Security Page > Trusted Sites Zone.
d. On the right pane, select and double-click the setting Turn on Protected
mode.
e. Select Enabled.
f. In the “Protected Mode” combo box, set the value to Disable.

B0700TK, Rev C 275

 Appendix I: InBatch/Batch Management Installation on
Control Core Services v9.6 Software Installation Guide Windows 10 and Windows Server 2016

g. Click OK to close this dialog box.

h. In the same right pane, double-click Logon options.
i. Change the value in the “Logon options” combo box to “Automatic logon with
current username and password”.

j. Click OK to close this dialog box.

k. Close the Group Policy Management Editor dialog box.
4. Repeat Step 3 for the GPO “SE Server 2016 Member Server Security
Compliance v1.0”.

276 B0700TK, Rev C

Appendix I: InBatch/Batch Management Installation on Windows
10 and Windows Server 2016 Control Core Services v9.6 Software Installation Guide

5. On each Windows 10/Windows Server 2016 domain client, run gpupdate:

a. Log on to the Windows 10/Windows Server 2016 domain client using
“iainstaller” credentials.
b. Open a command prompt in Administrator mode - search for cmd.exe, right-
click it, and select Run as Administrator.
c. In the command prompt, enter gpupdate /force and press Enter.
6. Add sites to Trusted Sites:
a. Log into the machine as a local administrator (ex:- IAInstaller).
b. Start Internet Explorer.
c. Open Tools > Internet Options, or select the Gear icon and select Internet
Options.

d. Select the Security tab.

e. Select the Trusted Sites icon.

f. Click Sites.

B0700TK, Rev C 277

 Appendix I: InBatch/Batch Management Installation on
Control Core Services v9.6 Software Installation Guide Windows 10 and Windows Server 2016

g. Clear the Require server verification (https:) for all sites in this zone
checkbox.

h. Add these sites to the list by entering each URL and clicking Add.
• http://localhost
• http://127.0.0.1
• https://localhost
• https://127.0.0.1
• http://<machinename>
• http://<machinename>
i. Click Close to close the Trusted Sites dialog box.
j. Click OK to close the Internet Options dialog box.
k. Restart Internet Explorer to apply the changes.

Modifying Local Policies for Local Edition CCS v9.6

1. Log on to the Windows 10/Windows Server 2016 machine using Account1
credentials.
2. Open the Local Group Policy Editor console by selecting Start > Run and typing
gpedit.msc.
3. Expand the nodes: Computer Configuration > Administrative Templates >
Windows Components > Internet Explorer > Internet Control Panel >
Security Page > Trusted Sites Zone
4. On the right pane, select and double-click the setting Turn on Protected mode.
5. Select Enabled.

278 B0700TK, Rev C

Appendix I: InBatch/Batch Management Installation on Windows
10 and Windows Server 2016 Control Core Services v9.6 Software Installation Guide

6. In the “Protected Mode” combo box, set the value to Disable.

7. Click OK to close this dialog box.

8. In the same right pane, double-click Logon options.
9. Change the value in the “Logon options” combo box to “Automatic logon with
current username and password”.

10. Click OK to close this dialog box.

11. Close the Local Group Policy Editor dialog box.

B0700TK, Rev C 279

 Appendix I: InBatch/Batch Management Installation on
Control Core Services v9.6 Software Installation Guide Windows 10 and Windows Server 2016

12. Add sites to Trusted Sites:

a. Log into the machine as a local administrator (ex:- Account1).
b. Start Internet Explorer.
c. Open Tools > Internet Options, or select the Gear icon and select Internet
Options.

d. Select the Security tab.

e. Select the Trusted Sites icon.

f. Click Sites.

g. Clear the Require server verification (https:) for all sites in this zone
checkbox.

280 B0700TK, Rev C

Appendix I: InBatch/Batch Management Installation on Windows
10 and Windows Server 2016 Control Core Services v9.6 Software Installation Guide

h. Add these sites to the list by entering each URL and clicking Add.
• http://localhost
• http://127.0.0.1
• https://localhost
• https://127.0.0.1
• http://<machinename>
• http://<machinename>
i. Click Close to close the Trusted Sites dialog box.
j. Click OK to close the Internet Options dialog box.
k. Restart Internet Explorer to apply the changes.

B0700TK, Rev C 281

Control Core Services v9.6 Software Installation Guide Appendix J: Files to Back Up or Restore

Appendix J: Files to Back Up or Restore

Consider backing up the Local Edition Control Core Services files and directories in
this appendix when migrating from I/A Series software v8.8 or earlier or Control Core
Services v9.0-9.5 to Control Core Services v9.6 on a hard drive of a Windows
workstation for restoration onto the Day 0 drive.
You can also back up the user files, and files that support applications.

Saving Files
For workstations running the Windows operating system, files have to be saved to
removable media or some other medium, for example, a recordable CD in order for
the files to be restored after the installation.

Files to Back Up or Restore for Day 0 Migration

Files listed in these subsections can be backed up from your pre-v8.8 Windows
system for later restoration.

CNI Files
On the CSA server workstation:
• C:\ProgramData\Invensys\IASeries\AccessListEditor\cs_
devmon_CNI.cfg
• C:\ProgramData\Invensys\IASeries\AccessListEditor
\NamespaceMap.xml
• C:\ProgramData\Invensys\IASeries\AccessListEditor
\ConnectionSettings\CNIConfig.xml
On the CNI host workstations:
• C:\ProgramData\Invensys\IASeries\AccessListEditor\*.xml
{For the entire set of Access List configuration files}

Application Databases
Consider backing up these application database files. These files reside on the D:
drive of a Windows workstation.
Files requiring changes need to be recustomized.
NOTE: It is inadvisable to only replace Day 0 files with older files.

AIM*API
For detailed information on saving the AIM*Historian database, see AIM*Historian
User's Guide (B0193YL) and AIM*AT Installation Guide (B0193YM).
NOTE: Stop the processes that write to the database (Historian, AIM*Historian, or
FoxAMI™, for example).
Consider backing up these application database files:

282 B0700TK, Rev C

Appendix J: Files to Back Up or Restore Control Core Services v9.6 Software Installation Guide

• \opt\aim\bin\an_init.tcp (server file)

• \opt\aim\bin\aimapi.cfg
• \opt\aim\bin\alias.cfg

Control Libraries
• \opt\fox\ciocfg\sequenlibrary
• \opt\fox\ciocfg\sequeninclude
• \opt\fox\ciocfg\plblibrary

Display-Related Files
Back up every customized display file. No display file conversion is necessary when
migrating display files from a pre-V8.x Windows workstation. Display file conversion
might be needed if you have displays from a UNIX-based workstation you would like
to port to a V8.x Windows system. See the appendix titled, “Display Convert Utility” in
FoxDraw Software User’s Guide (B0700FD) for instructions on using the conversion
utility.
Customized markers, fonts, faceplates, and so forth, developed using the FoxDraw
package, are stored in the directory /opt/customer/displib.
Consider backing up these display-related files. These files reside on the D: drive of a
Windows workstation.
NOTE: Before restoration, make sure file names contain the correct workstation’s
logical name.
Files requiring changes need to be recustomized. It is inadvisable to simply
replace Day 0 files with older files.
• \usr\fox\alarms\<logical_name>AAtab
• \usr\fox\alarms\<logical_name>AApan
• \usr\fox\alarms\commgrp.cfg
• \usr\fox\alarms\alarms.fmt
• \usr\fox\alarms\<logical_name>.apc (or <logical_name>.apccr)
• \usr\fox\alarms\horn.cfg
• \usr\fox\wp\data\wp5?_cmds
• \usr\fox\wp\data\wp5?_glbls.1
• \usr\fox\wp\data\wp5?_glbls.all
• \usr\fox\wp\data\am_cmds
• \usr\fox\customer\hi\dmcfg
• \usr\fox\customer\alarms\cfg
• \usr\fox\customer\config
• \opt\menus
• \opt\disp
• \usr\disp
• \opt\customer
• \opt\custom\Initial_Disp.*
• \opt\fox\env\*.*
• Customer Display Files

B0700TK, Rev C 283

Control Core Services v9.6 Software Installation Guide Appendix J: Files to Back Up or Restore

System-Related Files
Consider backing up these system-related files. These files reside on the D: drive of a
Windows workstation.

Application Files
NOTE: New (Day 0) versions of these files might need customization using data
from your older files. It is inadvisable to simply replace the Day 0 files with the
older files.
• \etc\fox\opsys_usr.cfg

Historian or AIM*Historian Files

• \opt\aim\inst
• \opt\aim\myfiles

User Applications and Third-Party Package Files

The databases and configuration files for user applications and third-party packages
have to be backed up. Include Foxboro Industry or Application Group applications
found in /etc/fox/rc.foxapps and /usr/fox/bin/user_apps.dat.
After the Control Core Services installation, these files can be restored and the
applications and third-party packages can be reloaded or installed from user- or
vendor-supplied media.
NOTE: Reinstallation of third-party packages mandates that the original or a
newer version of the package media is available. Consult with the vendor to
determine compatibility and rekeying requirements.

Backing Up and Restoring Compound Summary Access (CSA)

NOTE: It is inadvisable to use other methods of backing up and restoring CSA
database files, such as archiving the data files from or to the /opt/fox/csa
directory.
In these CSA procedures, keep in mind the term “50 Series” applies to workstations
running the UNIX operating system, and the term “70 Series” applies to workstations
running the Windows operating system.
NOTE: This section discusses station types that are no longer supported, as we
support migrations from these unsupported stations to supported stations.
To perform the CSA operations, you need to be in a VT100 session or command
prompt window on the CSA host station.
• On 50 Series (Solaris) stations, use a WYSE terminal or start a VT100 session
from the SftMnt list.
• On 70 Series (Windows) stations, start up a Command Prompt window, and enter
this to get into a Shell mode:
D:
ncenv
sh

284 B0700TK, Rev C

Appendix J: Files to Back Up or Restore Control Core Services v9.6 Software Installation Guide

Backing Up CSA (CSA_Save)

On the CSA host station, perform CSA_Save to back up the CSA database files.
NOTE: The CSA_Save operation might not succeed for individual stations that
have compounds without blocks. When this occurs, remove the empty compound,
using the Integrated Control Configurator, and retry the CSA_Save operation.
1. Back up the CSA database files. Before performing this operation, consider:
• An empty directory has to be available for the CSA_Save operation. The
(CSA_Save) operation might not succeed for stations for which a file already
exists.
• For drive space requirements, assume you need 15 KB of space per control
station. Use the df command to check available drive space in the /usr
partition.
2. Enter:
cd /usr/fox/csa
mkdir save
CSA_Save ./save
This saves the CSA files in the /usr/fox/csa/save directory. There is one text
file for each control station.
3. Verify the contents of the save file(s). Enter:
cd /usr/fox/csa/save
ls -l
Verify each control station has a text file in this directory.
4. Archive the files onto removable media. Enter:
• tar cvf /dev/fd0 /usr/fox/csa/save (50 Series diskette)
• tar cvf a: /usr/fox/csa/save (70 Series diskette)
• tar cvf f: \csa_save.tar /usr/fox/csa/save (70 series USB drive)
The drive letter f:, as shown in the example might vary depending on the other
peripherals attached.

Relocating CSA
After modifying System Definition to move CSA to a new host, you have to perform
these procedures:
1. Perform a CSA_Save operation on the original host. For more information, see
Backing Up CSA (CSA_Save), page 285.
NOTE: If you perform a Day 1 operation in order to move the Compound
Summary Access (CSA) server package from one workstation with CCS v9.5
to another workstation with CCS v9.5 and you have performed deployments
to CNI stations involving CNI hosted alarm destinations, this special action is
required. Move the C:\ProgramData\Invensys\IASeries
\AccessListEditor\cs_devmon_CNI.cfg file from the old CSA
workstation to the new CSA workstation before initiating any subsequent
deployments to the CNI stations.
Furthermore, copy these CNI configuration files to the new CSA server
workstation:
• C:\ProgramData\Invensys\IASeries\AccessListEditor
\NamespaceMap.xml
• C:\ProgramData\Invensys\IASeries\AccessListEditor
\ConnectionSettings\CNIConfig.xml

B0700TK, Rev C 285

Control Core Services v9.6 Software Installation Guide Appendix J: Files to Back Up or Restore

2. Remove CSA from the original host.

a. To remove CSA from a pre-v8.8 workstation, enter cd /usr/fox/bin.
• Use an editor such as vi or Wordpad to open the file fox_apps.dat.
• Delete the record “ACSA”
• Save the file and exit the editor
• Reboot the workstation
b. To remove CSA from a workstation with I/A Series software v8.8 or Control
Core Services v9.0 or later:
• Perform a Day 1 installation on the workstation using the committed
configuration files from updated System Definition.
3. Install CSA on the new host (as part of a Day 0 or Day 1 installation) using the
committed configuration files from the updated System Definition.
4. Perform a CSA_Merge operation on the new host. For more information, see
Restoring CSA (CSA_Merge), page 286.
NOTE: The CSA Server does not start and CSA_Merge utility does not work
on the new host until CSA has been removed from the original host.

Restoring CSA (CSA_Merge)

On the CSA host station, perform CSA_Merge to restore the CSA database files.
1. Extract the CSA files produced by the CSA backup procedure. Insert the
removable media and enter:
• tar xvf /dev/fd0 (50 Series diskette)
• tar xvf a: * (70 Series diskette)
• tar xvf f:\csa_save.tar (70 Series USB drive)
The drive letter f: might vary depending on the other peripherals attached.
2. Restore the CSA database. Enter:
cd /usr/fox/csa
CSA_Merge ./save
3. You can remove the CSA text files at this time to recover drive space.
Enter: rm -r /usr/fox/csa/save

286 B0700TK, Rev C

Appendix K: Control Core Services Local Account Management
Application Control Core Services v9.6 Software Installation Guide

Appendix K: Control Core Services Local Account

Management Application
The Control Core Services Local Account Management Application allows you to
configure Account1 (Local Administration Account) and Account2 (Local Edition
Engineering User Account) for workstations with Windows 10 and servers with
Windows Server 2016 Standard on Foxboro DCS Control. The Local Account
Management Application provides these CCS Local Account Management tasks:
• Change Passwords
• Rename Accounts
• Configure SNMPv3 Key
• Unlock Local Accounts after successive unsuccessful logon attempts
Note these points:
• Repeatedly entering an incorrect existing password while trying to change the
password can also result in account lockout.
• A system restart is required when successful updates are made to any or all of
these: Change Passwords, Rename Accounts, or Configure SNMPv3 Key.
• The Local Engineering User Account username and password have to have the
same value on all Local Edition workstations in order to maintain functionality
between Local Edition workstations.
The Account1 user account is not intended for the operation of the Foxboro DCS
Control Core Services system. Always log in with the Local Edition Engineering
User Account when operating the system.
Always set the Account1 passwords differently on the Local Edition workstations
and the Enterprise Edition domain client workstations.
Also, on each Local Edition workstation, always set the Account1 password and
the Local Engineering User Account password differently.
• Not applicable to On-Control Network domain controller workstations which do
not contain any local accounts. Additionally, switches configured for SNMPv3
cannot be monitored by a System Monitor (SMON) residing on an On-Control
Network domain controller workstation. It is recommended to configure all On-
Control Network domain controllers with only the IAMESH package in System
Definition.

Local Administrator Login on Windows 10 or Windows

Server 2016 Stations
On Windows 10/Windows Server 2016 images supplied by Schneider Electric, the
only administrator is an account named “Account1”. After these machines join the
domain on which Invensys or Schneider Electric GPOs are applied, only local
administrators are allowed for local login. Domain users (even non-administrators)
however are still allowed login.

Renaming Account1 on Windows 10 or Windows Server 2016

In case of any domain connectivity issues, you might need to logon to these machines
using a local account. In this case, you can use Account1. However if you rename this
account, the machine will lose the ability to logon locally using the renamed account.
To keep this from happening, perform these steps immediately after renaming the
account and while the machine is still connected to the domain.

B0700TK, Rev C 287

 Appendix K: Control Core Services Local Account Management
Control Core Services v9.6 Software Installation Guide Application

1. On the Primary Domain Controller, log in as a domain administrator user, such as

CCSDomainAdmin.
2. Open the Group Policy Management Console (gpmc.msc).
3. Navigate to and expand Forest:{ForestName} > Domains -> {DomainName} >
Group Policy Objects.
4. Right click on Foxboro CCS Computers v1.0 GPO and select Edit.
5. Navigate to and click on the Computer Configurations > Policies > Windows
Settings > Security Settings > Restricted Groups.
6. Double-click Administrators on the right side view.
7. Add <name> to “Members of this group” by clicking Add… where <name> is the
renamed account.
8. Close Group Policy Management Control.
9. If the GPO “Foxboro CS Computers v1.0” exists, repeat Step 4 through Step 8.
This helps ensure the renamed account1 user account does not lose logon-
capability on the Windows 10 or Windows Server 2016 station.

Change Passwords
From the Accounts menu in the Change Passwords tab, select the Account type for
which you need to change the password, such as:
• Account1 (Local Administration Account)
• Account2 (Local Edition Engineering User Account)

For each of the accounts you can select from these features:

288 B0700TK, Rev C

Appendix K: Control Core Services Local Account Management
Application Control Core Services v9.6 Software Installation Guide

NOTE: Operations performed in the Local Account Management application

require a system restart. Be advised some functions of the system will not be
available until after the system is restarted. Click OK to continue or Cancel to exit
the application.

• Set this account to Auto Logon on restart. This is only visible and configurable for
the Account2 (Local Edition Engineering User Account).

B0700TK, Rev C 289

 Appendix K: Control Core Services Local Account Management
Control Core Services v9.6 Software Installation Guide Application

• Update: This is enabled when you enter a value for all the required fields.

• Unlock Account: This is enabled after successive unsuccessful logon attempts.

290 B0700TK, Rev C

Appendix K: Control Core Services Local Account Management
Application Control Core Services v9.6 Software Installation Guide

• Show Password: When checked you can see the passwords entered.

• Confirmation Dialog Box: Indicates changing the password was successful.

• System Message for locked account: This message appears when an attempt to
change the password is made on an account that is locked out.

B0700TK, Rev C 291

 Appendix K: Control Core Services Local Account Management
Control Core Services v9.6 Software Installation Guide Application

• System message for successful unlock: When you unlock a locked-out account
by clicking Unlock Account the message indicates success.

• System messages appear when you make an invalid entry such as:
◦ Invalid old password
◦ Password requirement/complexity not met
◦ New password and Confirm password are not the same

Figure 8 - System Messages for Invalid Entries

Renaming Accounts
Only rename accounts on Control Core Services workstations using the Local
Accounts utility. It is inadvisable to use the Computer Management utility provided by
the Windows operating system.
1. Select the account to be renamed from the list.

292 B0700TK, Rev C

Appendix K: Control Core Services Local Account Management
Application Control Core Services v9.6 Software Installation Guide

2. Enter new account name in the “New name” field and click Update.

On successful renaming of an account, a system message appears.

• If there is a duplicate Account name entry or empty value, Update is
disabled.
• If you try to rename an account that is locked out, a system message
appears to inform you.

Configuring SNMPv3 Key Field

The Configure SNMPv3 Key field allows you to enter or verify:
• SNMPv3 Key
• Show Password via checkbox

Storing the SNMPv3 Key

1. In the Configure SNMPv3 Key section, enter the SNMPv3 Key and Confirm Key
values to enable Update.
2. Click Show Password to see the SNMPv3 Key and Confirm Key entered.

B0700TK, Rev C 293

 Appendix K: Control Core Services Local Account Management
Control Core Services v9.6 Software Installation Guide Application

3. Click Update, on successful validation SNMPv3 Key is stored and the Success
dialog appears. Click OK.

If any field was not entered correctly, a system message appears to help you
correct the SNMPv3 Key issue(s).

Mandatory System Restart

A system restart is mandatory if you update one or more of these with the Local
Account Management Utility:
• Change Passwords
• Rename Accounts
• Rename Accounts
You receive a message to restart your system after any update is made.

294 B0700TK, Rev C

Appendix L: Day 0 Installation of Pre-CCS v9.5 Clients on a
System with a PDC Installed with Enterprise Edition CCS v9.5 or
v9.6 Control Core Services v9.6 Software Installation Guide

Appendix L: Day 0 Installation of Pre-CCS v9.5 Clients

on a System with a PDC Installed with Enterprise
Edition CCS v9.5 or v9.6
The Enterprise Edition Control Core Services installation creates a higher-level
Organizational Unit (OU) in the Active Directory. Until CCS v9.4, this higher level OU
was "Invensys". However, it has been renamed to "Foxboro" in CCS v9.5 and v9.6.
This renaming could result in a situation where a user would be required to perform a
few steps by running a script before attempting to join a CCS client running CCS v9.4
or earlier with a Day 0 installation.
For any reason, if you have to perform Day 0 installation of a pre-CCS v9.5 installation
on a client to a Domain Controller running CCS v9.6, perform the procedures in this
appendix.
This procedure involves two steps on the PDC. This workflow is shown here.

Figure 9 - Workflow for Updating Organizational Unit (OU) in the Active Directory

Day 0 Installation of Pre-Control Core Services v9.5 Clients

1. Log on to the PDC as a domain administrator.
2. Insert the CCS v9.6 media on the PDC.
3. Open a command prompt in an elevated mode by opening Start, searching for
cmd.exe, and right-clicking it and selecting Run as administrator.
4. In the command prompt, navigate to the CCS v9.6 PDC’s media drive.
For example: If the media is on the E:\ drive, execute the command E:

B0700TK, Rev C 295

 Appendix L: Day 0 Installation of Pre-CCS v9.5 Clients on a
System with a PDC Installed with Enterprise Edition CCS v9.5
Control Core Services v9.6 Software Installation Guide or v9.6
5. Change the directory to GroupPolicy\BatchFiles using the cd command.

6. Execute the batch file ToggleOUName.bat.

After the execution of the batch file is complete, the message “AD configuration
completed successfully” appears.

7. To complete the execution, press Enter. The command prompt shows the final
step in the process is complete.

8. At this point, the Foxboro OU is renamed back to “Invensys”. You can verify this
by opening the GPMC console (Start and search for gpmc.msc).

296 B0700TK, Rev C

Appendix L: Day 0 Installation of Pre-CCS v9.5 Clients on a
System with a PDC Installed with Enterprise Edition CCS v9.5 or
v9.6 Control Core Services v9.6 Software Installation Guide
9. Now you can perform Day 0 installations of CCS v9.6 clients. For example, you
can perform the Day 0 installation of a CCS v9.5 client or Day 0 installation of an
IA v9.3 client, etc.
NOTE: At this point, Day 0 installations of CCS v9.6 clients are not allowed.

Post-Day 0 Installation of Pre-Control Core Services v9.5

Clients
1. Log on to the PDC as a domain administrator.
2. Insert the CCS v9.6 media on the PDC.
3. Open a command prompt in an elevated mode by opening Start, searching for
cmd.exe, and right-clicking it and selecting Run as administrator.
4. In the command prompt, navigate to the CCS v9.6 PDC’s media drive.
For example: If the media is on the E:\ drive, execute the command E:

5. Change the directory to GroupPolicy\BatchFiles using the cd command.

6. Execute the batch file ToggleOUName.bat.

After the execution of the batch file is complete, the message “AD configuration
completed successfully” appears.

7. To complete the execution, press Enter. The command prompt shows the final
step in the process is complete.

B0700TK, Rev C 297

 Appendix L: Day 0 Installation of Pre-CCS v9.5 Clients on a
System with a PDC Installed with Enterprise Edition CCS v9.5
Control Core Services v9.6 Software Installation Guide or v9.6
8. At this point, the Invensys OU is renamed back to “Foxboro”. You can verify this
by opening the GPMC console (Start and search for gpmc.msc).

9. Now you can perform Day 0 installations of CCS v9.6 clients. However, Day 0
installations of pre-CCS v9.6 clients are not allowed.

298 B0700TK, Rev C

Appendix M: Linking Custom GPOs to Any of the Foxboro
Control Core Services or Control Software Specific OUs Control Core Services v9.6 Software Installation Guide

Appendix M: Linking Custom GPOs to Any of the

Foxboro Control Core Services or Control Software
Specific OUs
Schneider Electric supplied GPOs for Control Core Services (CCS) and Control
Software (CS) products are linked to various OUs. Note:
• The Invensys OU is renamed to “Foxboro” in Foxboro DCS Control Core Services
v9.5.
• All default CCS v9,4 and earlier GPOs are renamed to “_old” in Foxboro DCS
Control Core Services v9.5.
NOTE: If upgrading a domain from CCS v9.5 to CCS v9.6, the “FCS Remote
Desktop Servers” GPO is removed. The settings in the GPO have been moved to
the “Foxboro CS Computers v1.0” or the “Foxboro CS Computers v2.0” GPOs.
This list shows the OUs to which these GPOs are linked:
• \<domain level>
• \<Domain>\Domain Controllers
• \<Domain>\Foxboro
• \<Domain>\Foxboro\Accounts
• \<Domain>\Foxboro\IA Computers
• \<Domain>\Foxboro\IA Computers\Autologon Consoles
• \<Domain>\Foxboro\IA Computers\Remote Desktop Servers
• \<Domain>\Foxboro\IA Computers\Remote Desktop Servers\Thin Client
Accessible Servers
• \<Domain>\Foxboro\Non-IA Servers
• \<Domain>\Foxboro\Non-IA Workstations

NOTICE
POTENTIAL DATA LOSS
• It is important that CCS/CS products with Schneider Electric supplied GPOs are
linked to their respective OUs in the correct linking order. Otherwise, the product
functionality can be unpredictable.
• All GPOs are unlinked in the default OUs as a part of the install. This includes
default and custom GPOs. All custom GPOs and their inheritance order will have
to be completely redone after the CCS v9.6 install. This could have severe
consequences on a multi-unit plant. We recommend you record your OU links
before beginning this upgrade to prevent data loss.
Failure to follow these instructions can result in data loss.

When necessary, you can create custom GPOs and link them to the aforementioned
OUs to meet your own operational needs. If that is the case, be aware of these
guidelines for linking these custom GPOs:
• Confirm the custom GPOs do not have settings that conflict with the settings in
the Schneider Electric-supplied GPOs.
• If you are absolutely certain the settings do not conflict, the custom GPO can be
linked in any order within an OU.

B0700TK, Rev C 299

 Appendix M: Linking Custom GPOs to Any of the Foxboro
Control Core Services v9.6 Software Installation Guide Control Core Services or Control Software Specific OUs

• If any of your custom GPO settings must take precedence over the Schneider
Electric supplied GPO settings, link it at the highest level in the OU.
NOTE: When the custom GPO settings conflict with the Schneider Electric
supplied GPO settings, it is assumed you are fully aware of the potential
consequences to the product functionality. A GPO with the least linking order
takes the highest precedence; that is, its GPO settings overwrite any of the
same GPO settings that were processed before it.
• Regardless of the link order of your custom GPO in an OU, do preserve the
relative linking order of the Schneider Electric supplied GPOs, which is the
sequence of the Schneider Electric supplied GPOs linked to a specific OU.
This is an example of the relative linking order of the Schneider Electric supplied
GPOs to the IA Computers OU. The GPOs include CCS and CS GPOs.

In this figure, the Foxboro Computer Policy v1.0 is applied (processed) first among the
other GPOs linked to the IA Computers OU because its linking order number (Link
Order 6) is the highest. This GPO is followed by the other GPOs in this relative linking
order:
• Foxboro FoxView Environments v1.0 (Link Order 5)
• Foxboro CCS Computers v1.0 (Link Order 4)
• Foxboro Server 2016 Member Server Security Compliance v1.0 (Link Order 3)
• Foxboro Win10 Computer Security Compliance v1.0 (Link Order 2)
• Foxboro CS Computers v1.0 (Link Order 1)
NOTE: To avoid an incorrect relative linking order for the Schneider Electric
supplied GPOs, do not change the sequence of these GPOs being applied.

Custom GPO Linking Order Examples

Example 1 - Correct (Most Common)
In this image, the Custom GPO is at Link Order 1, which means it gets applied last.
Since the relative linking order of the Schneider Electric supplied GPOs (Links 7
through 2) remains unchanged, this link order is acceptable.

300 B0700TK, Rev C

Appendix M: Linking Custom GPOs to Any of the Foxboro
Control Core Services or Control Software Specific OUs Control Core Services v9.6 Software Installation Guide

Example 2 - Correct
In this image, the custom GPO is at Link Order 7 which means it gets applied first.
Since the relative linking order of the Schneider Electric supplied GPOs (Links 6
through 1) remains unchanged, this link order is acceptable.

Example 3 - Correct
In this image, the custom GPO is at Link Order 3 which means it gets applied fifth in
the order from first to last (Link 7 to Link 3). Since the relative linking order of the
Schneider Electric supplied GPOs remains unchanged, this link order is acceptable.

B0700TK, Rev C 301

 Appendix M: Linking Custom GPOs to Any of the Foxboro
Control Core Services v9.6 Software Installation Guide Control Core Services or Control Software Specific OUs

Example 4 - Incorrect
In this image, the custom GPO is at Link Order 3, which means it is applied fifth in the
order from first to last. However, the relative linking order of the Schneider Electric
supplied GPOs is also changed as shown in Link 1 and 2. Observe that Foxboro CS
Computers v1.0 is applied before Foxboro Win10 Computer Security Compliance v1.0
which is incorrect and this reverse order will cause potential conflicts with CS product
behavior. Hence, this linking order is not acceptable.

Example 5 - Correct (Example of a Scenario where CCS v9.4 PDC

having Custom GPOs is Upgraded to CCS v9.5)
In this image, custom GPOs are at Link Order 1 through 3 so they get applied last in
the IA Computers OU. Since the relative linking order of the Schneider Electric
supplied GPOs (Link 4 through 9) remains unchanged, this link order is acceptable.
This example is on a PDC with CCS9.4, CS7.1 installed.

Figure 10 - Link Order: GPOs

A Custom GPOs linked at link order 1-3

B Schneider Electric supplied GPOs at CCS v9.4 linked at link order 4-9

However, when the PDC is upgraded to CCS 9.5 or later (via Day1/Release Update),
the Custom GPO linking is removed as shown in this image. Since the customer’s
custom GPOs are meant to intentionally change settings set by the Schneider Electric
supplied GPOs, these custom GPOs must be relinked back so they can be applied
last.

302 B0700TK, Rev C

Appendix M: Linking Custom GPOs to Any of the Foxboro
Control Core Services or Control Software Specific OUs Control Core Services v9.6 Software Installation Guide

This image shows the corrected and final view of the IA Computers OU when the
custom GPOs are linked back. The custom GPOs take precedence since they are
applied last.

B0700TK, Rev C 303

Control Core Services v9.6 Software Installation Guide Appendix N: Security by Local Group Policies

Appendix N: Security by Local Group Policies

A set of local security policies are designed to enhance the security policy on the
Schneider Electric supplied platform images running Windows 10 and Windows
Server 2016 operating systems. You are strongly recommended to install these local
security policies on these machines before the installation of any Schneider Electric
supplied products. These policies are intended to further enhance the security on the
workstations before the installation of the Control Core Services v9.6 Local Edition or
joining as domain clients to the Active Directory installed and configured by the
Control Core Services v9.6.

Importing Windows 10 Local Group Policy Settings

1. Insert the media “Foxboro DCS Local Group Policy Object for Windows 10”
(K0177BZ) into the CD drive. K0177BZ is part of the OS Image Upgrade kits
K0204AG and K0204AH which are required for the H92 station, and is provided
with new H92 platform orders.
2. Right-click Start and from the menu that appears, click Command Prompt
(Admin).
3. When the User Account Control Confirmation dialog box appears, click Yes.
4. In the command prompt, navigate to the location on the DVD where the
“RunWin10LGPO.bat” file is located.
5. In the command prompt, enter RunWin10LGPO.bat and press Enter.
6. The program asks you to enter Y/N with a question “Do you wish to continue with
the installation”. Click the Y key and press Enter to continue.
The Local Security policy for Windows 10 will be installed.
7. Press Enter to exit the program.
8. The results of the LGPO installation are logged in the files: C:\tmp\lgpo.out
and C:\tmp\lgpo.err. Check for any detected error messages in these files
and contact your system administrator for help resolving them.
9. For a successful installation, reboot or restart the workstation.

Importing Windows Server 2016 Local Group Policy Settings

to H90 or VM
1. Insert the media “Foxboro DCS Local Group Policy Object for Server 2016”
(K0177BY) into the CD drive. K0177BY is part of the OS Image Upgrade kits
K0204AJ, K0204AK, and K0204AW which are required for the H90 and VM
stations, and is provided with new H90 or VM platform orders.
2. Right-click Start and from the menu that appears, click Command Prompt
(Admin).
3. When the User Account Control Confirmation dialog box appears, click Yes.
4. In the command prompt, navigate to the location on the DVD where the
“RunServer2016LGPO.bat” file is located.
5. In the command prompt, enter RunServer2016LGPO.bat and press Enter.

304 B0700TK, Rev C

Appendix N: Security by Local Group Policies Control Core Services v9.6 Software Installation Guide

6. The program asks you to enter Y/N with a question “Do you wish to continue with
the installation”. Click the Y key and press Enter to continue.
The Local Security policy for Windows Server 2016 will be installed.
7. Press Enter to exit the program.
8. The results of the LGPO installation are logged in the files: C:\tmp\lgpo.out
and C:\tmp\lgpo.err. Check for any detected error messages in these files
and contact your system administrator for help resolving them.
9. For a successful installation, reboot or restart the server.

Importing Windows Server 2016 Local Group Policy Settings

to V91 Host
1. Insert the media “Foxboro DCS V91 Security Local Policy Settings Media Host
Server 2016” (K0177CB) into the CD drive. K0177CB is part of the OS Image
Upgrade kits K0204AK, K0204AL, and K0204AT which are required for the V91
host, and is provided with new V91 host orders.
2. Right-click Start and from the menu that appears, click Command Prompt
(Admin).
3. When the User Account Control Confirmation dialog box appears, click Yes.
4. In the command prompt, navigate to the location on the DVD where the
“RunServer2016LGPO.bat” file is located.
5. In the command prompt, enter RunServer2016LGPO.bat and press Enter.
6. Press Enter to exit the program.
7. The results of the LGPO installation are logged in the files: C:\tmp\lgpo.out
and C:\tmp\lgpo.err. Check for any detected error messages in these files
and contact your system administrator for help resolving them.
Some system messages related to Services can be ignored. Examples of such
messages include:
• The service did not respond to the start or control request in a timely fashion.
• Starting service <servicename> did not start.
• The dependency service or group did not start.
8. For a successful installation, reboot or restart the V91 host.

B0700TK, Rev C 305

Control Core Services v9.6 Software Installation Guide

Glossary
A
AD: Active Domain

C
Control Core Services (CCS): Core software environment, formerly known as “I/A
(Intelligent Automation) Series software”.

Control Editors (CE): Control software engineering and configuration tools built on
the ArchestrA® Integrated Development Environment in Foxboro DCS. Formerly
known as “FCS Configuration Tools”, “InFusion Engineering Environment”, and “IEE”.

Control Network: A switch network that facilitates communications among Foxboro

DCS workstations/servers and other stations. Formerly known as “The MESH Control
Network”.

Control Software (CS): Packages built on the ArchestrA Integrated Development

Environment (IDE) that provide expanded functionality to the Foxboro DCS Control
Core Services. Formerly known as “Foxboro Control Software”.

D
Day 0: Installing Control Software (CS) on a machine that does not have an existing
version of Control Software. A Day 0 installation also includes installing Control
Software on a new machine where an existing Galaxy database has been migrated.

Day 1: Upgrading System Definition or Control Software (CS) on a machine that has
an existing version of Control Software.

E
Enterprise Edition Control Core Services: Version of the Control Core Services v9.4
or later for systems requiring Microsoft® Active Directory Domain Controllers.

L
LDAP: Light Weight Directory Access Protocol

Local Edition Control Core Services: Version of the Control Core Services v9.4 or
later for systems not requiring Microsoft® Active Directory Domain Controllers.

O
Off-Control Network: Descriptor applied to stations that are not located on the
Foxboro DCS Control Network and instead connected via a separate customer-
supplied network. The procedures for configuring these stations for a system with the
Enterprise Edition Control Core Services differ significantly from the procedures for
configuring stations on the Foxboro DCS Control Network.

On-Control Network: A descriptor applied to stations which are located on the

Foxboro DCS Control Network (formerly known as The Mesh control network).

OU: Organizational Unit

P
PDC: Primary Domain Controller

306 B0700TK, Rev C

 Control Core Services v9.6 Software Installation Guide

S
SDC: Secondary Domain Controller

SP: Set Point

System Definition (SysDef): A system configurator.

B0700TK, Rev C 307

Schneider Electric Systems USA, Inc.
70 Mechanic Street
Foxboro, Massachusetts 02035–2040
United States of America

Global Customer Support: https://pasupport.schneider-electric.com

As standards, specifications, and design change from time to time,

please ask for confirmation of the information given in this publication.

© 2022 Schneider Electric. All rights reserved.

B0700TK, Rev C