[general]

Global settings valid for all managers

[general] accessControlPlugin

Type
string
The AccessControlPlugin is a shared library with a user-defined name. To use the library inside of your project, add the entry accessControlPlugin = AccessControlPluginFilename to the [general] section of the config file. If you omit the shared library extension, the configuration is OS independent. When loading the shared library on WINDOWS, the extension ".dll" and on UNIX the extension ".so" is automatically appended to the given name. To be found, the plug-in has to be located in one of the bin directories (windows, windows-64) of the project-Hierarchy. The value is an empty string by default. This means that no plug-in will be loaded. The value is the file name of the shared library, with or without extension. e.g. [general] accessControlPlugin = "CommonConfigPlugin"

[general] activateAlertFiltering

Type
bool
Default
1
Range
0|1
Set this config entry to 0 to disable the automatic alarm reduction.

[general] alertPermissionsCompatibilityMode

Type
bool
Default
1
Range
0|1
Before version 3.17 the event manager checked permissions required for an alertSet against those requierd by _auth._alert_hdl._write. Starting with 3.17 the event manager will check alertSet against _auth._alert._write, and only dpSet, i.e. changes in the alert handling configuration, are still checked against _auth._alert_hdl._write. This entry activates a compatibility mode so that an alertSet is still checked against _auth._alert_hdl._write. To be consitent for reading alertGet will be checked against _auth._alert_hdl._read, too, when this config entry is set. Because other manager have to check permissions as well this config entry has to be in [general].

[general] atomicDpSet

Type
bool
Default
0
Range
0|1
Setting multiple values in one dpSet operation might cause inconsistencies because certain write operations might fail while others succeed. Atomic dpSet operations verify that no write operation fails before changing any values. Therefore, no inconsistencies can arise. By enabling "atomicDpSet" in the "general" section of the config file, i.e, setting "atomicDpSet = 1", all dpSet operations for Original, Lock, and General configs are atomic, except for write operations initiated by WinCC OA drivers, which are never atomic. If atomic behavior is activated but a datapoint set operation includes other configs besides Original, Lock, and General, the operation is handled non-atomic. By default atomic set behavior is deactivated. Atomic behavior can be used for all datapoint set operations supported by WinCC OA ("dpSet", "dpSetWait", etc.). If these operations are restricted to Original, Lock, and General configs either all dpSet operations succeed or no operations are executed. In case of a failure, the return code is set accordingly and further error messages can be retrieved in the usual way.

[general] authCheckPasswordExpired

Type
bool
Default
1

When this config entry is 1 (true), the linux PAM account validation will report errors as errors and therefore fail the verifyOSUser() call.

When this config entry is 0 (false), the account validation will report any error in validation, for example an expired password only as a warning in the log, but the verifyOSUser() call will succeed.

This config entry is only used for Linux configurations. Windows based configurations will not be effected.

[general] autoRemoveOrphanedData

Type
bool
Default
1
Range
0|1

Automatically removes orphaned data from the SQLite database during the project startup. E.g.

  • Deletes a data point if its type does not exist
  • Deletes a config if its data point element does not exist
  • Deletes a last value if its data point element does not exist
Note:
NOTE:When this function is active, the found orphaned data is reported with the debug flag "WORK". You do not need to change the data.

If this feature is disabled, any orphaned data found will be reported as WARNINGs, and you have to clean up the orphaned data manually.

[general] bcmBufferLimitTimeout

Type
unsigned
Default
60
Range
>=20
Time during which the limit of the message queue container of a manager (in the send direction) may be exceeded. For resetting the timeout, the time has to be lower than the limit by 10 %. Handling when the timeout has elapsed: The data manager prints only an error message. The connection will be broken off for all other managers. For managers in all other systems, the queue of the respective manager will be emptied.

[general] cnsUseDoubleAsterisk

Type
bool
Default
1

This config entry influences the behaviour of the CNS functions (cnsGetNodesByName() and cnsGetIdSet()) that use pattern matching.

If the value of this config entry is "1", then the wildcard '*' cannot represent any characters and multiple characters in the CNS identification, except '.' and ':'.

The wildcard '**' cannot represent any character and several characters including '.' and ':', and is therefore suitable for pattern matching across several CNS levels.

If the config entry is "0", then '*' and '**' have the same behaviour. Both can then represent all characters, including '.' and ':'.

[general] CtrlAdoMSBoolFormat

Type
bool
Default
1
Range
0|1
When "CtrlAdoMSBoolFormat = 1" is set, TRUE is saved as -1 and FALSE as 0 in the database. When "CtrlAdoMSBoolFormat = 0", TRUE is saved as 1 and FALSE is saved as 0.

[general] CtrlAdoNumericalPrecision

Type
string
Range
double|int32|int64
Defines the reduced precision in which numerical values will be delivered from a database, if the database specified data type can not be stored in a standard CTRL data type (int, long, float). If this config entry is not used, numerical values might be delivered as string. This is database driver dependent. 

Note: Drivers that don't support fetching numerical values with low precision will ignore the precision policy.
This config entry is not used under Windows.

[general] ctrlAllowedFeatures

Type
string
This entry has currently no functionality. It is here for compatibility with versions newer than 3.16.13

[general] ctrlMaxBlockedPendings

Type
integer
Default
3000
Range
>0
Defines how many pending runs (unprocesses hotlinks) may be pending for a blocked query. Every row in all hotlinks is counted, not only the number of hotlinks. For unblocked queries the upper limit is defined with ctrlMaxPendings.

[general] ctrlMaxPendings

Type
int
Default
200
Range
> 0
If a work function (e.g. of a dpConnect()) is not yet completed and this event occurs again, the system waits until the first occurrence has been processed. If the frequency of the events is higher than can be processed, the queue of pending events and with it the memory consumption of the CTRL Manager or UI Manager keeps on growing. To prevent this, the CTRL discard all pending runs after ctrlMaxPendings and an error message is issued. This entry can also be used in the sections of single managers: 

[ui_5]
ctrlMaxPendings = 120

[general] ctrlMaxWeight

Type
integer
Default
10000 (CTRL) bzw. 5000 (UI, Event, ASCII, etc.)
The Control Interpreter cyclically processes all running scripts. The sum of the weights of the instructions processed in one cycle can be defined here. See also chapter Optimization of WinCC OA.

[general] defaultArchive

Type
uint
Default
97
Range
>=0
Defines which archive should be used as default. (97 = RDBManager)

[general] discreteImpulseAlertWithoutWent

Type
bool
Default
0
Range
0|1
If this config file entry is set, no WENT event is created for discrete impulse alerts. This way state messages can be created, for example: 1 open, 2 closed, 3 between, 4 error. According to the sequence of values the following text is shown in the alert log: open CAME; between CAME; closed CAME; error CAME ... - without this config file entry also the WENT events are listed in the alert log (open CAME; open WENT; ...).

[general] displayName

Type
string
Defines the displayed name of the project within the project selection of the Desktop/Mobile UI. The configured displayName is also used for the name of the local caching directory on the client.

[general] dnsLookupTimeout

Type
32bit unsigned integer
Default
2500 milliseconds
Range
milliseconds

Use the config entry dnsLookupTimeout to define the maximum DNS lookup timeout. DNS resolution is now performed in an asynchronous time-limited lambda function, which can be configured to be shorter than the default DNS timeout value (30 seconds).

The default value for the DNS timeout is 2500 milliseconds and can be configured via ([general] dnsLookupTimeout). If the timeout is exceeded, DNS resolution will fail.

If the DNS resolution takes longer than 500ms, a warning is issued. This warning can be deactivated by using the config entry [general] suppressDnsLookupWarnings = 1.

NOTE: Do not use values below 100 or above 30000 if you are not familiar with the DNS lookup functionality.

[general] DP_StatisticsPrefix

Type
string
Default
_Stat
Range
-
The data points for Msg statistics have the following names: _Stat_<ManagerType>_<ManagerNo>_to_<ManagerType>_<ManagerNo>. To obtain an explicit name for each node in case of redundancy, you can change the prefix _Stat. e.g. _Stat_2

[general] DP_UserForceSet

Type
string
Default
_Users.ForceSet
Range
-
Data point element which holds all permission bits which are independent of the operator station.

[general] DP_UserId

Type
uint
Default
_Users.UserId
Range
-
Data point element that contains all the User IDs defined in WinCC OA in a dyn_uint.

[general] DP_UserName

Type
string
Default
_Users.UserName
Range
-
Data point element that contains all user names defined in WinCC OA in a dyn_string. All user arrays must have the same length and all the same indexes define the same user. Examples for this are: user 0 = Username[0], UserId[0], Password[0], ... user 1 =Username[1], UserId[1], Password [1],

[general] DP_UserPassword

Type
string
Default
_Users.Password
Range
-
Data point element that contains all the user passwords defined in WinCC OA in a dyn_string. Passwords are saved encrypted (see crypt()).

[general] DP_UserPermissions

Type
string
Default
_Users.Permissions
Range
-
Data point element that contains all the user permission strings defined in WinCC OA in a dyn_string. The interpretation of this string is up to the user.

[general] DP_UserPermSet

Type
string
Default
_Users.PermissionSet
Range
-
Data point element which holds all permission bits for a user. The interpretation of these bits is up to the user.

[general] DpCommentSeparator

Type
char
Default
@
Separator for the description text (description@format@unit).

[general] dpFuncLoopCount

Type
int
Default
20
Range
>=20
Specifies the limit for an infinite loop (for datapoint functions). An infinite loop is diagnosed when a datapoint function receives more hotlinks (hotlinks with same time stamp)than the number specified via the dpFuncLoopCount entry. If the limit is exceeded the loop is broken. If a GREAT deal of hotlinks (e.g. many CTRL parameters) is used in a datapoint function the default value may be too small (define a bigger value).

[general] dpGetDescriptionMode

Type
int
Default
1
Range
-2 ... 3
Controls the mode of operation of dpGetDescription(). For detailed information see the specific chapter of this CTRL function.

[general] externErrHdl

Type
string

WinCC OA uses an internal error handler that is also used to write logs for each manager.

By using this config entry an external error handler plugin can be defined that should be loaded in addition to the internal WinCC OA error handler.

For this config entry the name of the plugin library must be stated, which needs to be located within the bin/ folder of the WinCC OA installation directory.

How to write an external error handler is described in the API chapter.

[general] keepAckColorOnMultipleAck

Type
bool
Default
0
Range
0|1
The color used for acknowledged pending alarms is shown also when the alarm is not pending anymore (=1). A CAME alarm is always shown in the color of "CAME acknowledged". The color is used for all acknowledgement types and regardless of whether the CAME or WENT alarms or both were acknowledged. Can be used for open and closed modes of the alert screen.

[general] kerberosRootGroup

Type
string
Range
PVSSRoot or any valid domain group, Default: PVSSRoot
Config entry for the Kerberos authentication. This config entry controls which OS accounts (users and computers) have the permission to act as a root user. "root" is treated like a unix root user: allowing everything and controlling nothing. This is a desirable behavior for drivers but not for a UI. Therefore, the right to act as root can be restricted to certain users namely those who belong to the specified group.

[general] lang

Type
string
Default
first 'langs' entry
Range
one of project languages
The entry can be used to set a project language to active language in the UI. This language is used as the active WinCC OA UI language. Multilingual texts will be displayed in this language in the user interface.
  • You can also use the option "auto" to set the WinCC OA user interface automatically to the users display language.
  • Users display language on Windows: Control panel -> Region and Language -> Display language
  • Note that the language that is set via the "lang" entry must be a project language. You cannot set a language for the UI if the language was not selected as a project language when creating a project.

[general] langs

Type
string
Range
project languages
'locale' string(s) of the languages which shall be used in the WinCC OA project. Multiple entries of "langs" define the list of all languages to be used. The language entries must be unique. The entries must not be modified after the initial database creation. 

Example:
langs = "de_AT.utf8"
langs = "en_US.utf8"
langs = "hu_HU.utf8"

[general] limitCryptVersion

Type
int
Default
0
Range
0|3|4
  • 0 means, that there is no limitation, all versions, including v4 are allowed.
  • 3 limits to version 3 (as in 3.19 and older versions).
  • 4 allows version 4 as well.

The crypt() function will automatically downgrade to the maximum permitted version. So if limitCryptVersion=3, then crypt("pwd", 4) generates the same hash format as crypt("pwd", 3).

[general] lowestAutoManNum

Type
unsigned integer
Default
1 | 7
Range
1-255
This value specifies a manager number limit for the Data Manager. The Data Manager may assign numbers freely beginning from this manager number. The Data Manager assigns the Manager numbers self when UI, ASCII, CTRL, OPC Srv, OLE DB, COM and API Manager were started without -num argument resp. with "-num 0". The entry is evaluated only by the Data Manager. The default value is 7 in case of redundant projects.

[general] lowestAutoManNumUI

Type
unsigned
Default
1 | 7
Range
1-255
The entry "lowestAutoManNumUI" gives the lowest manager number for the UI Manager. The entry "lowestAutoManNum" in the config file sets also "lowestAutoManNumUI". Thus, if you want to set both values separately "lowestAutoManNum" has to be specified BEFORE "lowestAutoManNumUI" in the config file. The default for "lowestAutoManNumUI" is 7 in redundant projects, otherwise 1.

[general] maxBcmBufferSize

Type
unsigned integer
Default
10000
Range
>1000
Upper limit in kB in the BCM output buffer of all managers. When this threshold is exceeded for 'bcmBufferLimitTimeout' seconds, the connection to the corresponding manager will be closed.

[general] maxConnectMessageSize

Type
unsigned integer
Default
100
Range
>=0
Defines the maximum number of data points for each dpConnect. A value of 0 indicates, that no limitation will be used.

[general] messageDiagSec

Type
unsigned integer
Default
30
Range
0 - MAX_UINT
The entry 0 switches the message statistics and the config statistics off. Any other value specifies the interval (in seconds) for writing the statistics to the _Stat datapoints. An entry < 0 is overwritten by the value of the datapoint _Stat_Message.SecsToRefresh:_original.._value.

[general] mpMatchWholeWord

Type
bool
Default
1
Range
0|1

The config entry replaces master datapoint references in alert patterns - see chapter Included alarms.

When the value of the config entry is set to 1, the master datapoint references are replaced only when an exact match of the word is found.

When the value of the config entry is set to 0, the master datapoint references are replaced also when a pattern is found.

[general] parallelCtrlADO

Type
bool
Default
0
Range
0|1
Activates the parallel processing (multi-threaded) of database operations in the Control-Extension 'CtrlADO'. By default all requests to the database will be sent sequentially as parallel (thread-save) support is not guaranteed by all database systems.

[general] paramLang

Type
string
Default
first 'langs' entry
Range
one of project languages
'locale'-string of the language in which language dependent texts will be defined. These texts will be used for automatic translation.

[general] password

Type
string
Password for the defined user in the config entry "userName".

[general] pmonPort

Type
integer
Default
4999
Range
1024-65535
The port for the TCP/IP communication with Pmon.

[general] proj_path

Type
string
Defines the path to the directory, which includes dynamic files (project-oriented files such as database).

[general] proj_version

Type
string
Defines the WinCC OA version with which the current project was created or last updated.

[general] pvss_path

Type
string
Defines the path to the directories, which includes the WinCC OA static files (such as executables, error texts, icons, etc.).

[general] refuseCNS

Type
bool
Default
0
Range
0|1

Specifies if a manager shall hold CNS data of the identification in memory. CNS data is still tranferred with the identification but the manager discards this data if the config entry is activated.

Please note, that this setting uses a different default value for the sections [event] and [valarch]

[general] saveLastValueBit

Type
unsigned
Default
0
Range
1-32, 0 = off
With this entry you avoid the saving of the last value for datapoint elements, which have set a userbit (1-32). No archiving is executed, even if the datapoints have parameterized an _archive config. If the value is 0 (default), the last values of all datapoints will be saved.

[general] serverSideAuthentication

Type
bool
Default
0
Range
0|1
Session Binding is activated via the server-side authentication for UI managers. When an Access Control Plug-in of ETM is loaded, the Session Binding is automatically active and cannot be deactivated. By default (standard project) the session binding is deactivated. Session Binding (see Server-side Authentication for UI Managers) can be activated irrespective of the Access Control Plug-in (see Access Control Plug-in, Basics) by using the config entry serverSideAuthentication=1 in the [general] section. Grundlagen zum Login-Framework

[general] statFctActivate

Type
bool
Default
1
Range
0|1
This entry deactivates the execution of statistical functions in the Event Manager, when indicated. When accessing the statistical functions the first time, a corresponding warning will be printed (just) once. This can be used for testing purposes, in case that the Event Manager needs to much time during the start and it is not clear where it has been spent - so the statistical functions (which may consume a lot of time) can be deactivated. Although this entry is defined in the [general] section, it affects only the Event Manager (this has a historical matter).

If this entry is set to 0, a dp_fct or stat_func config cannot be activated via a script.

[general] statFctInheritCorrValues

Type
bool
Default
1
Range
0|1
You can set the behavior of statistical functions in the config file. The config entry statFctInheritCorrValues decides whether the correction values should be accepted. By default, the correction value changes are accepted. If 0, changes are not accepted, e.i. the statistical functions work as usual.

[general] statFctLimitForMarkAsCorrected

Type
integer
Default
0
Range
0 - 1000
The config entry statFctLimitForMarkAsCorrected (condition: statFctInheritCorrValue = 1) specifies the threshold for the accepted correction values. If 0, all values are marked as corrected. Values greater than 0 only mark values as of a change greater than x%.

[general] statFctMaxIntervalsInPast

Type
unsigned integer
Default
3
Range
0 - MAX_UINT
If more periods than defined via this config entry are not calculated (for a statistical function) in the past yet these periods are discarded and a message is shown. Default value is 3, e.i. 3 periods are considered (interval beginning from the end of the interval until the current time). Beginning from a delay of 3 intervals (regardless of a possible delay time of the statistical functions) all older intervals are discarded and a message is shown.

[general] statFuncMinInitTimeRange

Type
int
Default
0
Range
minimum 0
NOTE: The config entry statFuncMinInitTimeRange in the [general] section is only considered for NGA projects.

For historical initialization of statistical functions a dpGetPeriod with bonus 1 is needed. This dpGetPeriod with bonus 1 may cause performance issues in large projects using the NGA.

When setting this config entry to a value other than 0, instead of executing a query by using bonus 1, the time period of the dpGetPeriod is extended into the past and into the future by the period used to calculate the statistical function. In the event that no bonus value can be determined with this procedure, a query is run again with bonus 1 to ensure correct functionality. The calculation period for a statistical function is configured in the PARA module -> config dp_fct -> Synchronization tab -> calc.time interval.

If this period is less than statFuncMinInitTimeRange, the range is increased by statFuncMinInitTimeRange instead. With the default value 0 the standard behavior with bonus 1 is performed.

[general] suppressDnsLookupWarnings

Type
bool
Default
0
Range
0|1

If the DNS resolution takes longer than 500ms, a warning is issued. For DNS resolution, see the config entry [general] dnsLookupTimeout. This warning can be deactivated by setting the config entry [general] suppressDnsLookupWarnings = 1.

[general] tlsHandshakeTimeout

Type
uint
Default
5000 msecs
Range
250-5000 msecs

This config entry defines the timeout duration for the TLS handshake negotiation on a secure socket.

We recommend a minimum of 250 msecs, but bear in mind that this may vary depending on network performance.

Higher values (tens of seconds) basically disable DoS mitigation.

[general] translateConfig

Type
string
Default
'' '|'
Defines the filename of the translation table and the delimiter character for automatic translation. The translation table must be located in the 'config' directory. The columns must be separated by the defined delimiter character. 

Syntax:
translateConfig = <filename> <delimiter>

[general] translationFile

Type
string
Default
[automatic]
Defines the filename (without suffix) for the translation texts per project hierarchy level in a config.level file. Every project level must use a unique name. By default, the file is named as the project name. If this entry is used in the project config file, then it must be set after the proj_path entries.

[general] translationSourceLang

Type
string
Default
[automatic]
Range
any known language
Defined in a config.level file, this entry defines which language to use as source reference language for a specific project hierarchy level if the level uses multiple languages in existing panel files. If this entry is used in the project config file, then it must be set after the proj_path entries. Note: Normally you don't need to define this. It is mainly a config entry used when dealing with already existing legacy panel files.

[general] useCMContainerSerialNumber

Type
string
Default
0-0
Range
Serial number
The config entry "useCMContainerSerialNumber" specifies which license container is used for the licensing. The config entry specifies which container is used by using the serial number of a container. The format of the serial number is "number-number". You can copy the serial number of a container directly from the WIBU WebAdmin web page. The default value is "0-0" and means that the first license container, which contains an EVENT manager license, is used.

Example:

[general]

useCMContainerSerialNumber = "3-4736110"

[general] useCMLicense

Type
bool
Default
1
Range
0|1
The config entry "useCMLicense" can be used to deactivate the WinCC OA licensing. By default the WinCC OA licensing is activated (useCMLicense=1). In order to deactivate the WinCC OA licensing, set the entry to 0.

[general] useCommonCryptography

Type
bool
Default
0
Range
0|1

The config entry for activating or deactivating the modern Common Cryptography Library (CCL). By default, the status is set to FALSE, which means that the legacy cryptography functionality is used. If the status is set to TRUE, the CCL is used.

NOTE: In a distributed system, you must set the config entry on all systems on which you want to use encryption.

[general] useDbAsIso

Type
bool
Default
0
Range
0|1
From WinCC OA version 3.16 on, creating projects with ISO character sets (e.g. en_US.iso88591) is no longer supported. Already existing projects are still supported and the conversion of ISO settings to utf8 settings is done internally.

This new regulation influences the upgrade procedure of existing projects.

The following projects can be converted automatically:

- Monolingual projects and

- Multilingual projects if all project languages belong to the same ISO character set (e.g. iso8859-1).

The config entry useDbAsIso is being used when converting an ISO project to an utf8 project. The config entry useDbAsIso = 1 is set in the config file.

[general] useNGA

Type
bool
Default
0
Range
0|1
To enable NextGen Archiver, the config entry "useNGA" must be used. It is automatically created when NGA is selected during project creation. When converting an existing project to NGA this entry must be added manually.

NOTE: Converting an existing project to NGA is currently not recommended.

[general] useNGADirectRead

Type
bool
Default
0
Range
0|1
By using the config entry "useNGADirectRead" (can be used in [general], [ui] or [ctrl] sections) the behavior of the standard WinCC OA historical read functions can be changed to always use their "NGA" counterpart, i.e. use direct read. This means, e.g., that when a client calls dpGetPeriod(), the direct read counterpart dpGetPeriod-NGA() is called instead.

[general] useRDBArchive

Type
bool
Default
0
Range
0|1
  • 0 = RDB Archive Manager not functional.
  • 1 = RDB Archive Manager activated (RDB write/read).
No Value Archives (History DB) may be running parallel to RDB archiving.

[general] useRDBGroups

Type
bool
Default
1 if RDB is configured
Range
0|1
Defines, whether archive groups can be used (= 1) or not (= 0).

[general] userName

Type
string
The user name all managers use when they start. If $USER is used, it is replaced by the current OS user. This means that the manager is started with the current OS user as WinCC OA user. You can also use the manager option -user $user, e.g. WCCOActrl -user $user.

[general] useSQLite

Type
bool
Default
1
Range
Not applicable (value depends on project type)

To use an SQLite project, use the configuration entry "useSQLite = 1". This config entry is created automatically when the SQLite® project is selected during project creation.

Use the config entry otherwise only if you are migrating manually from RAIMA to SQLite® (Manual Migration of RAIMA → SQLite®).

[general] useValueArchive

Type
bool
Default
1
Range
0|1
Per default this entry is set to 1, which means that the history DB is used for archiving historical values. Using data archiving in the RAIMA database is not supported anymore. The RAIMA can archive only historical alarm information. Therefore, this config entry must not be set to 0.

[general] useWindowsNTLM

Type
bool
Default
1
Range
0|1

Specifies if the Windows NTLM functionality should be used.

The default is "1" for the NTLM support in Windows. As long as NTLM is not completely disabled in the Domain Controller, it is usable for authentication. As such, the use can be activated and deactivated with this config entry.