Product: | Elvis |
Version: | 2.4 |
Booth: | 2005-07-13 |
Summary
This article describes an Elvis network configuration that is easy to set up and works reliably, except in specific exceptional cases. It is specifically designed for smaller networks that are not managed by a network administrator.
It is assumed:
- Elvis 2.4
- Windows 2000, Windows XP Home, or Windows XP Professional operating system
Details
Installation of the process server:
ElvisRun Setup:
Select the following options:
- “Select functions” page: Complete (to be able to start an operator station on the server computer for tests)
- “Elvis Server Options” page: Install as service, leave username and password blank (the service will run under the local system account)
The setup already sets up most of the security settings correctly. However, you have to manually check or change some settings as described below.
Firewall
If the Personal Firewall of Windows XP SP2 is active and should remain active, exceptions must be defined for ElvisSvr so that it can be accessed from the network. This is done via the Windows > Firewall > Exceptions page:
- Select the file “ElvisSvr.exe” from the Elvis directory via “Program” » “Browse” and confirm with “OK” The program will then appear in the firewall exception list.
- In addition, a port must be opened for RPC. To do this, click on “Port…” and enter a name, e.g. “RPC Endpoint Mapper”, as well as “135” as the port number in the subsequent dialog and select the option “TCP” as the port type. After confirming with “OK”, a new entry appears in the exception list.
- By default, for each new entry in the exception list, the range of computers for which the port or program in question is not blocked initially extends to all computers, including those on the Internet. If you want to narrow down the area, select the relevant list entry and select one of the other two options (“Only for your own network” or “Custom list”) via “Edit” ” > Change area”.
For other Personal Firewall products, refer to the appropriate documentation
DCOM configuration
Check the Computer-wide DCOM settings (Windows 2000: Start > Execute: DCOMCNFG > Applications page, Windows XP: Start > Execute: DCOMCNFG > Component > Computer > Context menu of “My Computer” > Features):
- “Default Properties” page: Tick “DCOM… Activate” must be set
- XP SP2 only: COM Security page:
Access permissions > “Edit limits…”: add: Anyone with the permissions “Local access” and “Remote access”.
Launch and activation permissions “Edit limits…”: add: Anyone with “Local Activation” and “Remote Activation” permissions > .
Without this setting, all further access rights for ElvisSvr are ineffective.
In addition, please check the properties for the following applications (Windows 2000: Start > Execute: DCOMCNFG > Applications page, Windows XP: Start > Execute: DCOMCNFG > Component > Computer > Workplace > DCOM configuration > Application name > Features):
- Elvis Server:
> General Authentication Level: None
Security > Access Permissions: Everyone (XP SP2: local and remote)
Security > Boot Permission: Everyone (XP SP2: Local Activation and Remote Activation Only)
Attention: In a peer-to-peer network (workgroup) as well as in XP Home , “ANONYMOUS LOGIN” (with the same rights) must be entered in the limits and the Elvis server settings in addition to “Everyone”, as in these cases no authentication via the network is possible.
Installation of the operator station:
ElvisRun Setup:
Select the following options:
- “Select Functions” page: select only “Operator Station”, the rest can be deselected.
The setup already sets up most of the security settings correctly. However, you have to manually check or change some settings as described below.
Firewall
Same settings as on the process server side, but select the file “ElvisRun.exe” instead of “ElvisSvr.exe”.
DCOM configuration
Computer-wide settings as on the process server side.
Application-specific settings:
- Elvis Terminal/Operator Station:
> General Authentication Level: None
Security > Access Permissions: Everyone (XP SP2: local and remote)
Problem analysis and resolution:
If the connection between the operator station over the network does not work (typical error message “Access denied”), first check whether an operator station running on the same computer as the server gains access.
Then you should use the application described in INF: System Diagnostics for further analysis:
- First, start the server connection test. This provides more detailed error information than the operator station.
- Before contacting our support, please create the diagnostic files with the application on both computers (operator station and process server).