Faulted OPC UA connection between Front-End and Tag Gateways

Hi All,

I am getting this error while trying to establish an OPC connection between my front-end and tag gateways. How can I address this?

status=Bad_SecurityChecksFailed, description=An error occurred verifying security.

UaException: status=Bad_SecurityChecksFailed, message=status=Bad_SecurityChecksFailed, description=An error occurred verifying security.
	at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.onError(UascClientAcknowledgeHandler.java:258)
	at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.decode(UascClientAcknowledgeHandler.java:167)
	at io.netty.handler.codec.ByteToMessageCodec$1.decode(ByteToMessageCodec.java:42)
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
	at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:103)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at java.base/java.lang.Thread.run(Unknown Source)

8.1.37 (b2024013011)
Azul Systems, Inc. 17.0.9

Check your gateway network connection settings - by default the connection policy is approved only. You will need to either manually approve the incoming connection or change this setting to unrestricted.

Not applicable to an OPC UA connection.

But Ignition's OPC UA server also defaults to only accepting local connections.

How do I allow non-local connections?

Think the issue here is something else as I had already completed these steps.

What do you get in the log in the other server? Any message about accepting certificates?

(The message implies that you haven't properly configured a username/password combination in the right user source.)

The connection between "front end" and "tag" Gateways is usually via Gateway Network and Remote Tag Providers.

Are you sure setting up OPC connections is what you want?

yes, we are using the OPC UA connection for a different purpose here. The Gateway connection itself is working.

I confirm that the correct user source is being used as well as the username and password. I will take a look at the log. Thanks!

On whichever gateway is the server side of the connection, you probably need to go into the OPC UA > Security > Server tab in the Gateway and mark this other client certificate as trusted.

thank you! That was the issue.