Error connection Ignition 7.9.6 to Kepware

kade.castille · May 22, 2020, 5:22pm

Hello, I am trying to establish an OPC-UA connection to Kepware from Ignition. When trying to connect in Ignition, I keep getting the following error:

UaException: status=Bad_SecurityChecksFailed, message=An error occurred verifying security.
at org.eclipse.milo.opcua.stack.client.handlers.UaTcpClientAcknowledgeHandler.onError(UaTcpClientAcknowledgeHandler.java:232)
at org.eclipse.milo.opcua.stack.client.handlers.UaTcpClientAcknowledgeHandler.decode(UaTcpClientAcknowledgeHandler.java:128)
at io.netty.handler.codec.ByteToMessageCodec$1.decode(ByteToMessageCodec.java:42)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:387)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:245)
at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:103)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:292)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:278)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:962)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:528)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:485)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:399)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:371)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:112)
at java.lang.Thread.run(Unknown Source)

Someone on a somewhat similar post suggested that doing an edit/save would work but it hasn’t for me. I’m not really sure what to do and I would really appreciate some help! Thanks in advance!

Kevin.Herron · May 22, 2020, 5:38pm

You probably need to go into Kepware’s OPC UA configuration and mark Ignition’s client certificate as trusted.

kade.castille · May 22, 2020, 5:39pm

Also, I’ve tried playing around with the security settings within Kepware, reissuing instance certificates, and enabling anonymous login. Nothing has worked.

kade.castille · May 22, 2020, 5:41pm

Hey Kevin, appreciate the speedy response. The client certificate is marked as trusted. I’m not sure whether this is an issue with Ignition or Kepware at this point.

Kevin.Herron · May 22, 2020, 5:42pm

The error code is coming from Kepware so you probably need to focus your efforts there. Kepware support might be able to tell you why it’s happening, but there’s no additional information available to Ignition.

kade.castille · May 22, 2020, 5:43pm

Sounds good. Appreciate your advice!

Kevin.Herron · May 22, 2020, 5:46pm

You do need to reinitialize Kepware after making any of those changes.

You also need to restart Ignition if you did any kind of refresh in the Ignition OPC UA client certs.