Windows Container OPC DA(Classsic) Server Installation

emrebekar · February 28, 2020, 1:16pm

Hi there.

I’m trying to move my opc server to windows container. In this case, i have made the DCOM configuration with Carbon and install all of the sevices from executable files in slient mode. And i have defined a local user. All of configuration scripts can be found below.

I’m working on swarm mode and i have created and overlay network. Then i started a service with docker service --network .

When everything is alright, i tried to connect to OPC Server through overlay network with its service name. Finally i got an error: “Access is denied. [0x80070005]”. Although all of the configurations were correct when i checked.

Whereas, i have made test with virtual machine which is windows server 2019 and run same scripts and then i could connect directly.

What should i do next? I guess there might be a user definition problem or i have to make additional configuration in order to connect OPC Server within windows container.

Thanks in advance.

DCOM Settings Script

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Ole\' -Name 'EnableDCOM' -Value 'Y';
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Ole\' -Name 'LegacyImpersonationLevel' -Value 2;
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Ole\' -Name 'LegacyAuthenticationLevel' -Value 2;
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Lsa\' -Name 'forceguest' -Value 0;

Copy-Item -Recurse $PSScriptRoot\Carbon\ "C:\Windows\system32\WindowsPowerShell\v1.0\Modules";
Import-Module 'Carbon';
Grant-ComPermission -Access -Identity 'Anonymous Logon' -Allow -Default -Local -Remote;
Grant-ComPermission -Access -Identity 'Everyone' -Allow -Default -Local -Remote;
Grant-ComPermission -Access -Identity 'Interactive' -Allow -Default -Local -Remote;
Grant-ComPermission -Access -Identity 'Network' -Allow -Default -Local -Remote;
Grant-ComPermission -Access -Identity 'System' -Allow -Default -Local -Remote;
Grant-ComPermission -Access -Identity 'Anonymous Logon' -Allow -Limits -Local -Remote;
Grant-ComPermission -Access -Identity 'Everyone' -Allow -Limits -Local -Remote;
Grant-ComPermission -Access -Identity 'Interactive' -Allow -Limits -Local -Remote;
Grant-ComPermission -Access -Identity 'Network' -Allow -Limits -Local -Remote;
Grant-ComPermission -Access -Identity 'System' -Allow -Limits -Local -Remote;
Grant-ComPermission -LaunchAndActivation -Identity 'Anonymous Logon' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'Everyone' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'Interactive' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'Network' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'System' -Default -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'Anonymous Logon' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'Everyone' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'Interactive' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'Network' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Grant-ComPermission -LaunchAndActivation -Identity 'System' -Limits -Allow -LocalLaunch -RemoteLaunch -LocalActivation -RemoteActivation;
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa' -Name 'everyoneincludesanonymous' -Value 1;

Installlation Script

Start-Process "$PSScriptRoot\bin\2005_sp1_x64.exe" -ArgumentList "/q:a" -PassThru -Wait;
Start-Process "$PSScriptRoot\bin\2010_sp1_x64.exe" -ArgumentList "/q" -PassThru -Wait;
Start-Process "$PSScriptRoot\bin\2010_sp1_x86.exe" -ArgumentList "/q" -PassThru -Wait;
Start-Process "$PSScriptRoot\bin\opc_core_components.msi" -ArgumentList "/q" -PassThru -Wait;
Set-Service OpcEnum -StartupType Automatic -PassThru;
Start-Process "$PSScriptRoot\bin\opc-server.exe" -ArgumentList "/s", "/f1""$PSScriptRoot\bin\setup.iss.install""" -PassThru ;
$nid=(Get-Process opc_server).id ;
Wait-Process -Id $nid;

Dockerfile

FROM mcr.microsoft.com/windows/servercore:1809-amd64
SHELL ["powershell","-command"]

RUN mkdir C:\\install
COPY .\\install C:\\install
RUN	NET USER "user" "password" /ADD;\
	NET USER "user" /logonpasswordchg:no;\
	NET LOCALGROUP "Administrators" /ADD "user";\
	WMIC useraccount WHERE Name=`'user`' SET Disabled=false;\
	WMIC useraccount WHERE Name=`'user`' SET PasswordExpires=false;

RUN C:\install\opc-server\<installation-script>.ps1;\
    C:\install\dcom_config\<config-script>.ps1;
	
RUN Remove-Item -Recurse -Force C:\install

ENTRYPOINT $nid = (Get-Process opcserver-service).id;\
           Wait-Process -Id $nid;

EXPOSE 135

Topic		Replies	Views
Network configuration and ODBC configuration Docker Desktop	1	579	August 8, 2023
Cannot join to swarm of windows server 2016 to docker data center Docker Desktop	3	1999	April 21, 2017
COM+ Assemblies in Container Docker Desktop windows	4	3877	June 21, 2023
Target machine actively refused it Docker Hub	0	1868	May 21, 2020
How to configure docker/container to access corporate services over Microsoft DirectAcess Docker Desktop	0	504	February 28, 2021

Windows Container OPC DA(Classsic) Server Installation

Related topics