Build 4446

mws2674 · February 4, 2010, 2:19pm

Regarding IgnitionOPCUA:

When I change the admin account’s default password, IgnitionOPCUA status changes from good, to faulted. As soon as I change the admin account password back to ‘password’, the status returns to normal. (I was able to change the admin account password before without encountering this error)

[quote]java.lang.Exception: Could not activate sesssion: Bad_UserAccessDenied
com.inductiveautomation.xopc.client.srremoteserver.DefaultSRRemoteServer.activateSession(DefaultSRRemoteServer.java:306)
com.inductiveautomation.xopc.client.srremoteserver.DefaultSRRemoteServer.connect(DefaultSRRemoteServer.java:177)
com.inductiveautomation.xopc.client.sropcserver.OPCUAServer.connect(OPCUAServer.java:420)
com.inductiveautomation.xopc.client.sropcserver.OPCUAServer.connectToServer(OPCUAServer.java:395)
com.inductiveautomation.xopc.client.sropcserver.OPCUAServer.verifyConnectionState(OPCUAServer.java:446)
com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$ServerWrapper.verifyConnectionState(OPCManagerImpl.java:665)
com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$OPCConnectionKeepalive.run(OPCManagerImpl.java:552)
com.inductiveautomation.ignition.gateway.execution.BasicExecutionEngine$TrackedTask.run(BasicExecutionEngine.java:403)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
java.lang.Thread.run(Thread.java:619)[/quote]

Carl.Gould · February 4, 2010, 2:53pm

Yeah, this is a bit odd, but it is “correct”.

You see, Ignition OPC-UA is a standard, compliant OPC-UA server. The Ignition OPC-UA server by default requires authentication in order to connect. The rest of Ignition actually connects to it like any other 3rd party OPC-UA client would. That means that the “IgnitionOPC-UA” connection that comes pre-configured in Ignition has the “admin/password” credentials in it. So if you change the credentials of your Gateway’s authentication profile, you’ll need to update the username/password in the Ignition OPC-UA connection too.

mws2674 · February 4, 2010, 10:37pm

Yup, i see that now! Thank you!

Carl.Gould · February 4, 2010, 11:00pm

I think we’ll change this, because I think a lot of users are going to be confused on this point.

We’re going to have the Ignition OPC-UA module create its own internal authentication profile, so that when you change the admin/password credentials, the OPC-UA server and connection are isolated. This way there should be less un-intentional breakage of the “loopback” OPC-UA connection.

bryan_cook · February 11, 2010, 4:23pm

Can you update this thread when you’ve addressed this?

I’ve noticed this is still the case in Ignition 7.0.2.4482, (w/ OPC-UA 1.0.2.4482).

Carl.Gould · February 11, 2010, 5:22pm

We did do this for 4482, but because of maintaining backwards compatability, it only will use the new paradigm on a fresh install. You can do this very easily by yourself on an existing install - just switch the OPC-UA server’s auth profile to your own auth profile so it doesn’t share a profile with the Gateway.

bryan_cook · February 11, 2010, 6:29pm

Thanks … I’ve done as you directed and everything seems to function as expected.