Cannot connect Kepware Version 6.7.1046 to Ignition 7.9.11

I have never had any issues in the past connecting Ignition to a Kepserver. For whatever reason a certificate is not generated in “Trusted Clients” after Ignition attempts to connect. Manually importing a cert is not working either. Does anyone have any experience with the latest Kepware release and 7.9.11?

Are you sure the certificate is the issue here?

Is there a stack trace or error for this connection in the status area of the gateway?

Now it is saying

[remote=COCOKEPWARE02.woodward.com/10.152.208.29:49320] errorMessage=ErrorMessage{error=StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad}, reason=An error occurred verifying security.}

However, it has given me a number of different errors. At one point it did show up as a Trusted Client and then disappeared. It is very odd

I am sure I am using the correct credentials for security.

Well, this one in particular is KSE sending back an error message saying Bad_SecurityChecksFailed for some reason.

It could be the certificate isn’t trusted, or it could be something else about the certificate it doesn’t like, but there’s not much more detail you can find on the Ignition side of things. Is this certificate showing up in KSE now?

No not at all, but it did briefly. I have re-initialized, rebooted, deleted, re-created. I have never had this much trouble and have other Kepservers working fine. Per your manual it should just show up. I will manually import it again and see if I get the same error.

Update: same error

As a sanity check I just did a clean install of 7.9.11 and connected it to KSE 6.7 without any problems.

In the Ignition gateway, under Configure > OPC-UA Server > Certificates, try regenerating the client certificate and then restarting Ignition.

If this doesn’t work you’ll probably need to call Kepware and see if they can turn on some logging or have some way to tell you why the Bad_SecurityChecksFailed error is being sent.

Ok I tried that and still, same issue… It just never shows up under “Trusted Clients”. I will call Kepware (PTC :frowning:) tomorrow and see if they can help.

Just to be clear Kevin, you tested with some level of encryption/security right? I can make it work if I have no security, and looking across our Ignition Gateways it looks like that is how we have set it up.

Yeah, I used Basic128Rsa15. The connection was faulted until I marked the Ignition client certificate trusted in KSE.

Eventually I got this working, by the way. The key was to always allow anonymous access.

2 Likes

Thanks for coming back to update :+1: