Failed to connect to Ignition OPC UA Server by using node-opcua

Hi,
I have tried three different version Ignition to be a OPC UA Server.(Windows x64 8.0.1 and 8.0.2-rc1, Ubuntu 8.0.1). If I use Prosys OPC UA Client to connect, I can connect successfully by trusting the certification. But I can’t connect by using node-opcua.

UascServerAsymmetricHandler
28May2019 17:51:30
Error installing security token: StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad}

org.eclipse.milo.opcua.stack.core.UaException: no matching endpoint found: transportProfile=TCP_UASC_UABINARY, endpointUrl=opc.tcp://172.17.30.162:62541/discovery, securityPolicy=Basic256, securityMode=SignAndEncrypt

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$openSecureChannel$3(UascServerAsymmetricHandler.java:405)

at java.base/java.util.Optional.orElseThrow(Unknown Source)

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.openSecureChannel(UascServerAsymmetricHandler.java:395)

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$sendOpenSecureChannelResponse$1(UascServerAsymmetricHandler.java:299)

at org.eclipse.milo.opcua.stack.core.channel.SerializationQueue.lambda$encode$0(SerializationQueue.java:57)

at org.eclipse.milo.opcua.stack.core.util.ExecutionQueue$Task.run(ExecutionQueue.java:119)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

Does anyone have comment for this ?

Thanks

By the way, I also download the ignition_logs.idb.

Can you upload the logs somewhere so we can look at them?

edit: or provide the full text of the stack trace in your screenshot

I was able to reproduce this using the node-opcua sample client. It seems to have an issue connecting to Ignition’s OPC UA server in its default configuration, where only secured connections are allowed to the main endpoint, and there’s a separate discovery-only endpoint that allows unsecured connections. This will have to be fixed in node-opcua.

As a workaround, you can enable connections without security in Ignition’s OPC UA server. Under Config > OPC UA > Server Settings, add “None” as a security policy:

You’ll have to restart the gateway for this to take effect.

Due to some other bug unrelated to this, you’ll have to connect with a username and password instead of anonymously when using the node-opcua client.

Since I am not able to upload file, I edit my first post, and paste the related log.

For this case, I will try the workaround solution, and do you have further suggestions? I mean hot fix or ?

Thanks

Best regrards,

Ruke

Hi,

I set Security Policies to None, and use node-opcua to connect. I get another error.

UaStackServer
29May2019 11:01:39
Uncaught Throwable executing handler: org.eclipse.milo.opcua.stack.server.UaStackServer$$Lambda$2227/0x00000001014ea040@5fa7e9a

org.eclipse.milo.opcua.stack.core.UaSerializationException: no codec registered for encodingId=NodeId{ns=0, id=0}

at org.eclipse.milo.opcua.stack.core.types.OpcUaDefaultBinaryEncoding.decode(OpcUaDefaultBinaryEncoding.java:103)

at org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject.lambda$decode$0(ExtensionObject.java:126)

at org.eclipse.milo.opcua.stack.core.util.Lazy.maybeCompute(Lazy.java:45)

at org.eclipse.milo.opcua.stack.core.util.Lazy.getOrCompute(Lazy.java:35)

at org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject.decode(ExtensionObject.java:126)

at org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject.decode(ExtensionObject.java:117)

at org.eclipse.milo.opcua.sdk.server.SessionManager.onActivateSession(SessionManager.java:486)

at org.eclipse.milo.opcua.stack.server.UaStackServer.onServiceRequest(UaStackServer.java:243)

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerSymmetricHandler$1.lambda$onMessageDecoded$1(UascServerSymmetricHandler.java:203)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

And the following is the node-opcua log

warning : ClientSessionKeepAliveManager#ping_server   ServiceFault returned by server { /*ServiceFault*/
 responseHeader                /* ResponseHeader                   */: {
   timeStamp                   /* UtcTime                          */: 2019-05-29T03:02:19.864Z
   requestHandle               /* IntegerId                        */: 5               0x5
   serviceResult               /* StatusCode                       */: BadSessionNotActivated (0x80270000)
   serviceDiagnostics          /* DiagnosticInfo                   */: {
     namespaceUri              /* Int32                            */: -1
     symbolicId                /* Int32                            */: -1
     locale                    /* Int32                            */: -1
     localizedText             /* Int32                            */: -1
     additionalInfo            /* String                           */: null
     innerStatusCode           /* StatusCode                       */: Good (0x00000)
     innerDiagnosticInfo       /* DiagnosticInfo                   */: {
     }
   }
   stringTable                 /* String                        [] */: [ ] (l=1)
   additionalHeader            /* ExtensionObject                  */: null
 }
};

Do you have any comment for this?

This is the “other bug unrelated to this” I mentioned. Try connecting with a username and password instead of anonymously.

Got it. I shall try it.

Thanks

Hi Kevin,

I have updated my post. Please check out the related logs.
If you need more information, please let me know.

Thanks.

If you connect with a username and password it should work. Connecting anonymously will be fixed in an 8.0.3 nightly release soon.

That it doesn’t work with security enabled is a bug in the node-opcua stack and they will have to fix it.

Hi guys,

I’ve been having similar issues. I have Edge 8.0.3 installed on a RevolutionPi (ARM processor). I am trying to connect with a NodeRed node - which I’m sure runs on node-opcua.

I followed what Kevin said: no anonymous login, and I set the Security Policies on Edge to None.

That got me as far as connecting with Nodered, as long as I use ‘localhost’ as ip address. When i use the actual IP address either on the same host, or another machine on the network - I get no connection.

I’m not sure where to look in the logs. Is it possible that this is a Raspbian issue and not Ignition?

Thanks
Koen

The OPC UA server in Ignition Edge only binds to localhost and only allows local connections to it. This is one of the Edge limitations.

Ah - :disappointed_relieved:

I will have to try with Vanilla Ignition then…

Thanks for the rapid feedback. :rocket: