The following information below was provided by Kepware. Source: https://www.ptc.com/en/support/article/CS350729
Kepware.com Support Assistant
Request
Cannot find any info on Microsoft DCOM Hardening effects on Kepware and OPC DA. Are there patches or recommended mitigation?
Document - CS350729
"Unable to establish OPC DA communication after installing Microsoft DCOM Hardening patches (CVE-2021-26414) with PTC Kepware Products"
Description
Will Microsoft's phased rollout of tightened DCOM security impact KEPServerEX?
Effect of the Microsoft DCOM update on KEPServerEX communications
Will the DCOM updates impact OPC UA/DA connections or any other protocols?
Resolution
General Information:
OPC-DA Clients and Servers must utilize the same DCOM authentication level. Once the Kepware software DCOM authentication level is changed, the DCOM authentication level used by third-party clients and servers on remote workstations must also be updated.
Temporary Workaround:
Following application of Microsoft’s June 14, 2022 Windows cumulative update, customers may use the temporary workaround Microsoft describes in MS KB5004442 to disable the Microsoft DCOM Hardening patch.
Important: This mitigation can only be employed until Microsoft releases the final patch update to address CVE-2021-26414 on March 14, 2023. After deploying Microsoft’s final update on or after March 14, 2023, it will no longer be possible to disable Microsoft’s DCOM Hardening patch. After deploying Microsoft’s March 14, 2023 update, the only mitigation available is to reconfigure DCOM appropriately to establish communication to affected products.
For Classic OPC-DA communications consider moving clients and servers to operate on the same workstation or migrate the system to replace Classic OPC-DA with OPC UA.
Resolution:
Kepware products can be set to use the newly required (by Microsoft) DCOM security with the Windows DCOM configuration utility (DCOMCNFG.EXE). No patch is required
The DCOM Authentication Level will need to be set to Packet Level Integrity for both the Client and the Server
For Server applications this change will need to be made at the Application level:
For Client applications this change will need to be made at the My Computer level:
Note: KEPServerEX may be the Client, Server or both
In addition to DCOM configuration, the following product settings must be enabled:
KEPServerEX; ThingWorx Kepware Server; OPC Aggregator:
Settings>Runtime Options> Use DCOM configuration settings
OPC Quick Client:
Tools>Options>Use DCOM for remote security
LinkMaster:
Tools>Options>Runtime Options>Use DCOM configuration utility settings
Other resolution options:
Move OPC-DA clients and servers to the same workstation
Migrate the system to replace Classic OPC-DA with OPC UA