Sunday, September 07, 2025

DCOM callback not working with UAC enabled

 OPC Classic DCOM client not receiving callback when UAC is enabled


The OPC Classic server is running on another node and is running using a specific user, say opcuser. The OPC Classic client is also running as a different user, say user1. The opcuser on the client is a member of the Administrators group but UAC is enabled. The issue is that the client is not receiving a callback due to UAC restrictions. When an account is accessed remotely, UAC gives it a "filtered" token without full administrative rights. This is a common cause of DCOM callback failures in workgroup environments.

To fix this, on the OPC client machine (the one receiving the callback), you need to modify the registry:

  1. Open the Registry Editor (regedit).

  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

  3. Create a new DWORD (32-bit) Value named LocalAccountTokenFilterPolicy.

  4. Set its value to 1.

  5. Reboot the machine.

This change tells Windows to not filter the administrative token for local accounts over the network, allowing DCOM callbacks to function correctly without disabling the core security benefits of UAC.

REF: 20250907


No comments:

DCOM callback not working with UAC enabled

  OPC Classic DCOM client not receiving callback when UAC is enabled The OPC Classic server is running on another node and is running usi...