Failed to connect to Ignition OPC UA Server by using node-opcua

rukechen · May 28, 2019, 10:04am

Hi,
I have tried three different version Ignition to be a OPC UA Server.(Windows x64 8.0.1 and 8.0.2-rc1, Ubuntu 8.0.1). If I use Prosys OPC UA Client to connect, I can connect successfully by trusting the certification. But I can’t connect by using node-opcua.

UascServerAsymmetricHandler
28May2019 17:51:30
Error installing security token: StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad}

org.eclipse.milo.opcua.stack.core.UaException: no matching endpoint found: transportProfile=TCP_UASC_UABINARY, endpointUrl=opc.tcp://172.17.30.162:62541/discovery, securityPolicy=Basic256, securityMode=SignAndEncrypt

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$openSecureChannel$3(UascServerAsymmetricHandler.java:405)

at java.base/java.util.Optional.orElseThrow(Unknown Source)

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.openSecureChannel(UascServerAsymmetricHandler.java:395)

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerAsymmetricHandler.lambda$sendOpenSecureChannelResponse$1(UascServerAsymmetricHandler.java:299)

at org.eclipse.milo.opcua.stack.core.channel.SerializationQueue.lambda$encode$0(SerializationQueue.java:57)

at org.eclipse.milo.opcua.stack.core.util.ExecutionQueue$Task.run(ExecutionQueue.java:119)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

Does anyone have comment for this ?

Thanks

By the way, I also download the ignition_logs.idb.

Kevin.Herron · May 28, 2019, 11:37am

Can you upload the logs somewhere so we can look at them?

edit: or provide the full text of the stack trace in your screenshot

Kevin.Herron · May 28, 2019, 3:16pm

I was able to reproduce this using the node-opcua sample client. It seems to have an issue connecting to Ignition’s OPC UA server in its default configuration, where only secured connections are allowed to the main endpoint, and there’s a separate discovery-only endpoint that allows unsecured connections. This will have to be fixed in node-opcua.

As a workaround, you can enable connections without security in Ignition’s OPC UA server. Under Config > OPC UA > Server Settings, add “None” as a security policy:

You’ll have to restart the gateway for this to take effect.

Due to some other bug unrelated to this, you’ll have to connect with a username and password instead of anonymously when using the node-opcua client.

rukechen · May 29, 2019, 1:31am

Since I am not able to upload file, I edit my first post, and paste the related log.

For this case, I will try the workaround solution, and do you have further suggestions? I mean hot fix or ?

Thanks

Best regrards,

Ruke

rukechen · May 29, 2019, 3:05am

Hi,

I set Security Policies to None, and use node-opcua to connect. I get another error.

UaStackServer
29May2019 11:01:39
Uncaught Throwable executing handler: org.eclipse.milo.opcua.stack.server.UaStackServer$$Lambda$2227/0x00000001014ea040@5fa7e9a

org.eclipse.milo.opcua.stack.core.UaSerializationException: no codec registered for encodingId=NodeId{ns=0, id=0}

at org.eclipse.milo.opcua.stack.core.types.OpcUaDefaultBinaryEncoding.decode(OpcUaDefaultBinaryEncoding.java:103)

at org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject.lambda$decode$0(ExtensionObject.java:126)

at org.eclipse.milo.opcua.stack.core.util.Lazy.maybeCompute(Lazy.java:45)

at org.eclipse.milo.opcua.stack.core.util.Lazy.getOrCompute(Lazy.java:35)

at org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject.decode(ExtensionObject.java:126)

at org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject.decode(ExtensionObject.java:117)

at org.eclipse.milo.opcua.sdk.server.SessionManager.onActivateSession(SessionManager.java:486)

at org.eclipse.milo.opcua.stack.server.UaStackServer.onServiceRequest(UaStackServer.java:243)

at org.eclipse.milo.opcua.stack.server.transport.uasc.UascServerSymmetricHandler$1.lambda$onMessageDecoded$1(UascServerSymmetricHandler.java:203)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

And the following is the node-opcua log

warning : ClientSessionKeepAliveManager#ping_server   ServiceFault returned by server { /*ServiceFault*/
 responseHeader                /* ResponseHeader                   */: {
   timeStamp                   /* UtcTime                          */: 2019-05-29T03:02:19.864Z
   requestHandle               /* IntegerId                        */: 5               0x5
   serviceResult               /* StatusCode                       */: BadSessionNotActivated (0x80270000)
   serviceDiagnostics          /* DiagnosticInfo                   */: {
     namespaceUri              /* Int32                            */: -1
     symbolicId                /* Int32                            */: -1
     locale                    /* Int32                            */: -1
     localizedText             /* Int32                            */: -1
     additionalInfo            /* String                           */: null
     innerStatusCode           /* StatusCode                       */: Good (0x00000)
     innerDiagnosticInfo       /* DiagnosticInfo                   */: {
     }
   }
   stringTable                 /* String                        [] */: [ ] (l=1)
   additionalHeader            /* ExtensionObject                  */: null
 }
};

Do you have any comment for this?

Kevin.Herron · May 29, 2019, 9:25am

This is the "other bug unrelated to this" I mentioned. Try connecting with a username and password instead of anonymously.

rukechen · May 29, 2019, 9:57am

Got it. I shall try it.

Thanks

rukechen · May 30, 2019, 1:43am

Hi Kevin,

I have updated my post. Please check out the related logs.
If you need more information, please let me know.

Thanks.

Kevin.Herron · May 30, 2019, 1:53am

If you connect with a username and password it should work. Connecting anonymously will be fixed in an 8.0.3 nightly release soon.

That it doesn’t work with security enabled is a bug in the node-opcua stack and they will have to fix it.

Koen · September 16, 2019, 2:33pm

Hi guys,

I’ve been having similar issues. I have Edge 8.0.3 installed on a RevolutionPi (ARM processor). I am trying to connect with a NodeRed node - which I’m sure runs on node-opcua.

I followed what Kevin said: no anonymous login, and I set the Security Policies on Edge to None.

That got me as far as connecting with Nodered, as long as I use ‘localhost’ as ip address. When i use the actual IP address either on the same host, or another machine on the network - I get no connection.

I’m not sure where to look in the logs. Is it possible that this is a Raspbian issue and not Ignition?

Thanks
Koen

Kevin.Herron · September 16, 2019, 2:46pm

The OPC UA server in Ignition Edge only binds to localhost and only allows local connections to it. This is one of the Edge limitations.

Koen · September 16, 2019, 3:10pm

Ah -

I will have to try with Vanilla Ignition then…

Thanks for the rapid feedback.

chaoliang · August 15, 2023, 1:31pm

I read from the edge compute module brochure. the external OPCUA client can access the edge OPCUA server as long the iiot module is installed.

can you advise whether it's feasible?
I cannot use third party OPC client to access the edge OPCUA Server, even after the iiot mdoule is installed, see the license detail below.

pturmel · August 15, 2023, 2:43pm

Have you reconfigured your Edge OPC server to listen to the wildcard address (0.0.0.0) instead of localhost? And configured appropriate security?

By default, it only listens to localhost (not just Edge).

chaoliang · August 15, 2023, 3:01pm

I tried to check the Edge OPC UA settings/Bind Addresses to: 0.0.0.0.

It is not working.

Then I tried to run the Openua OPC client from the same machine, still not good.

avaughn · August 15, 2023, 3:24pm

Did you restart the gateway after making this change?

chaoliang · August 15, 2023, 11:40pm

I restarted the edge station, still not working.

Do I need to add the edge compute module to get it working?

Currently I already have the iiot module.

pturmel · August 15, 2023, 11:41pm

Compute shouldn't be required, IIRC. Sounds like you need support looking over your shoulder.

chaoliang · August 16, 2023, 1:34am

I checked the opcua client to Matrikon OPC UA Explorer.

Now I can connect to the edge opc ua server.

Here's another issue:
For Programmable Device Simulator values, I can see the live value from the OPC client.
But for PLC connected value, I am not able to see the value.

both values are configured under tag providers and taken from there for data view.

not sure whether it's still related to ignition opc server, or related to ignition device configuration or related to Matrikon OPC client.

Kind of confused.

chaoliang · August 16, 2023, 2:35am

I didn't want to give up. So now I changed to Nodered OPC Client.
Sadly, I cannot get it working either.
then I googled a bit, and found this post, then I realized that the original question of this post is about Node Red OPC client connecting to ignition edge.

haha. Back to where it all starts.