I changed the password for the OPC-UA Server Connection but left the username as default (opcuauser). The server immediately faulted with the following log items:
OPC-UA Server.ActivateSessionService
User “opcuauser” connected but could not authenticate. (invalid username or password)
OPC-UA Server.ActivateSessionService
Returning ServiceFault for request: com.inductiveautomation.opcua.types.messages.ActivateSessionRequest@51f9a8db. StatusCode=StatusCode[Severity=Bad, Subcode=Bad_CertificateIssuerRevocationUnknown]
I tried resetting the OPC-UA module, re-discovered the endpoint, and regenerating the OPC-UA certificates but none of these resolved the issue. I then changed the password back to default (password) and the server started working again.
What steps are required to change the password for opcuauser without faulting the OPC-UA server?
There’s two places you need to change the password.
-
The server settings will designate an authentication profile that the server will use. You’ll want to go modify that auth profile and add/remove/edit users.
-
Once you’ve done this, you’ll need to update the settings of the OPC UA connection. It sounds like this is the one you were already trying to modify. After setting up a new password for the opcuauser in the profile the server is pointed at, change the password here again and it should work.
Thanks Kevin!
After finding that user (opcuauser) in the Users, Roles Security configuration profile (opcua-module), it makes complete sense to change the password there. Why would it be necessary to include that ability in the OPC server connection settings so one has to change it in both locations?
OPC UA connections could be to any server, not just Ignition’s OPC UA server.
It’s not very clear because it’s all set up for you on a fresh install, but the fact that Ignition has an OPC UA server the that it has the ability to make connections to OPC UA servers are entirely separate concerns and functionality.
Imagine you were setting up an OPC UA connection to KEPServer - of course you’d need the ability to configure a username and password for the connection. But you wouldn’t expect to configure the username or password KEPServer expects in Ignition - just the one Ignition presents when it connects.