Certificate thumbprint does not match

DavidWisely · October 29, 2018, 1:53am

I’m having trouble with the warning message shown below.
It started when I change the name of the default Realtime Tag Provider.
It occurs about every 20 seconds, and I’m not sure where to start.
I’ve rebooted the gateway a few times with no improvements
Anyone know where to start?

Thanks,
David

TcpServerChannel	29Oct2018 12:45:41	Channel error, closing connection. Certificate thumbprint does not match
com.inductiveautomation.opcua.UAException: Certificate thumbprint does not match

at com.inductiveautomation.xopc.common.stack.UAChannel.processAsymmetricChunk(UAChannel.java:1149)

at com.inductiveautomation.xopc.common.stack.UAChannel.processChunk(UAChannel.java:760)

at com.inductiveautomation.xopc.common.stack.UAChannel.access$000(UAChannel.java:63)

at com.inductiveautomation.xopc.common.stack.UAChannel$ProcessChunk.run(UAChannel.java:1570)

at com.inductiveautomation.xopc.client.stack.SerialExecutionQueue$RunnableExecutor.execute(SerialExecutionQueue.java:96)

at com.inductiveautomation.xopc.client.stack.SerialExecutionQueue$RunnableExecutor.execute(SerialExecutionQueue.java:93)

at com.inductiveautomation.xopc.client.stack.SerialExecutionQueue$PollAndExecute.run(SerialExecutionQueue.java:71)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

GreggCavazos · October 29, 2018, 8:25pm

We had a similar issue before, we solved by “Regenerating” Certificates and re-establishing the OPC Server connection.

DavidWisely · October 29, 2018, 11:35pm

Thanks Gregg,

I’ve tried regenerating the certificates. It didn’t work by itself. I’ll try recreating the OPC server connection and see how it goes.

Kevin.Herron · October 29, 2018, 11:36pm

If that doesn't work you probably have some other inbound OPC UA connection from either another Ignition or a 3rd party.

GreggCavazos · October 30, 2018, 12:42am

I've tried regenerating the certificates. It didn't work by itself. I'll try recreating the OPC server connection and see how it goes.

We had to do both steps to fix the issue, first regenerate certificates and then recreate the OPC connection.

DavidWisely · October 30, 2018, 1:07am

Hi Kevin,
Is there any way to narrow down which connection is causing the warning?
I’ve tried restarting all the connections without any luck. The next step is to delete the connections and recreate them, but this is going to cause a bit of disruption. It would be good to narrow it down first.
Thanks,
David

Kevin.Herron · October 30, 2018, 1:11am

I think the easiest / only way would be to run Wireshark on the server and watch for an incoming connection on port 4096 every ~10s. You’ll be able to see the IP address it’s coming from and hopefully that’s enough to track it down.

DavidWisely · November 12, 2018, 2:03am

I finally got rid of this error by restarting the remote ignition gateway.