Upgrade 7.9.12 -> 7.9.13 : Opc Connection faulted

Yup, same issue here… We are using unsecure connections to a vendor supplied OPC server that we can’t configure security on.

I don’t think we’re doing nightly builds in 7.9 so I think staying on 7.9.12 is the only solution for now. 7.9.14 will include a relaxed nonce validation for these non compliant servers.

I’m hoping to get it into an 8.0.8 nightly build in the next day or so.

Kevin, we are on 8.0.6 in our dev environment with no OPC connection issues - will 8.0.7 break the connections or will 8.0.8? Not sure what you meant by “Hoping to get it into an 8.0.8 build” - get the security in or the relaxed nonce validation?

The stricter nonce validation that caused this issue is in 8.0.7 I believe, if not already in 8.0.6. The relaxed nonce validation will go into an 8.0.8 nightly build.

This is only an issue with certain 3rd party servers when no security is used.

The relaxed nonce validation should land in tomorrow’s 8.0.8 nightly build.

It will eventually be part of 7.9.14 as well.

1 Like

I was on 8.0.6 and upgrade to .7. This made my OPC Connections Faulted

Go back to 8.0.6 or go forward to the nightly.

Resurrecting this thread, I can’t tell from the release notes, is this issue now fixed in 7.9.14?

Yes, not sure why it doesn’t have a change log entry.

2 Likes

Should it be possible to connect to a OPC UA -server with no encryption with Ignition 8.0.16?
Im getting the same error as mentioned above.

Yes, it should be under most circumstances. Are you trying to use a username and password with no security?

Correct, trying to connect to a Beijer iX Panel.

This configuration won’t work unless you get an update that fixed the nonce bug in the server.

No security with anonymous identity should work, or using security should work.

A post was split to a new topic: Connecting to Beckhoff OPC UA

A post was merged into an existing topic: Connecting to Beckhoff OPC UA

Hi,

We upgraded a server from 7.9 to 8.1 today, and all our OPC UA connections when into Error.

“Nonce should be 32 bit”

UPC UA connections are set with anonymous and security settings none/none. We cannot change this unless we upgrade all our PLC firmwares. There is a bug causing issues with reconnecting when username and password is set.

Is there a way around this in IGN?

Happy thanksgiving!

I don’t think so. But call IA’s emergency support to find out for sure, or downgrade back to 7.9. (I’m guessing you have a Thanksgiving outage window and cannot wait for Monday…)

This error should only occur when you’re using security or you’re using no security + username/password authentication.

Double check the connection settings and if they still look right to you get a Wireshark capture of Ignition trying to connect.

1 Like

Turmel and Herron, thanks for replying.

We did downgrade to 7.9 for the weekend. We had 3 OPC UA devices on this gateway, and all of them where offline after the clients upgrade. Two of them I know for sure where set up with anonymous, but it’s possible that these production lines where powered down and offline. All our focus where on the third, the one who always is on. After a while searching for the third PLC software it was indeed set up with username and password.

You will have to either upgrade these buggy servers or change to a configuration where the invalid nonce doesn’t create a security vulnerability. Same as mentioned here.