MicrosoftI have seen a system using older OPC, but I am not really familiar with all the details. The one area that I think was a big issue was the underlying OS making a DCOM request back to the domain controller. In this specific setup, the legacy version of OPC was running on a set of legacy OS machines, and something from the OPC part of the network was talking direct to a domain controller which was a supported and patched OS. It started reporting errors. For the system I was providing some advice for, errors could be fixed by a combination of configuration, and I think rolling back the patch deployment, so DCOM hardening was not required. The hard to understand part was reboots would stop things working or fix it again. It turned out that we were only looking at half the picture. There was of course more than one domain controller, and each reboot would result in a random one being used.
Moral of the story, check everything, especially domain controllers. Use a packet sniffer if you need to. If any legacy component is talking to an up to date component, it needs to be configurable to comply with DCOM hardening requirements, or you need to disable the hardening and halt patching at the current level.
