Ignition 7.7.1 Error connecting to a 3rd party OPC UA Server

Hi All,
A little context, we have an older version of Ignition that connects to a 3rd party (IGS OPC UA Server) on a remote computer. We started seeing issues 30 mins after the OPC UA certificate expired(03/24/25). When we figured the issue out the next day(03/25/25), we regenerated a new certificate(Actually certificates, The certificate did not refresh immediately and hence the multiple tries) that the IGS opc server caught. I had to go to the OPC UA configuration manager and Trust the certificates that were generated. Today i.e 03/26/25, we did our monthly server reboot on both the servers and lost communication between the two servers. I see the following error:

com.inductiveautomation.opcua.InternalUAException: java.net.ConnectException: Connection refused: connect
com.inductiveautomation.xopc.client.stack.TCPClientChannel.open(TCPClientChannel.java:246)
com.inductiveautomation.xopc.client.stack.UaClient.connect(UaClient.java:65)
com.inductiveautomation.xopc.client.OpcUaConnection.verifyConnectionState(OpcUaConnection.java:142)
com.inductiveautomation.xopc.client.FailoverAwareOpcUaConnection.verifyConnectionState(FailoverAwareOpcUaConnection.java:75)
com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$ServerWrapper.verifyConnectionState(OPCManagerImpl.java:740)
com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$OPCConnectionKeepalive.run(OPCManagerImpl.java:616)
com.inductiveautomation.ignition.common.execution.impl.BasicExecutionEngine$TrackedTask.run(BasicExecutionEngine.java:573)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)
java.net.ConnectException: Connection refused: connect
java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
java.net.Socket.connect(Socket.java:589)
com.inductiveautomation.xopc.client.stack.TCPClientChannel.open(TCPClientChannel.java:238)
com.inductiveautomation.xopc.client.stack.UaClient.connect(UaClient.java:65)
com.inductiveautomation.xopc.client.OpcUaConnection.verifyConnectionState(OpcUaConnection.java:142)
com.inductiveautomation.xopc.client.FailoverAwareOpcUaConnection.verifyConnectionState(FailoverAwareOpcUaConnection.java:75)
com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$ServerWrapper.verifyConnectionState(OPCManagerImpl.java:740)
com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$OPCConnectionKeepalive.run(OPCManagerImpl.java:616)
com.inductiveautomation.ignition.common.execution.impl.BasicExecutionEngine$TrackedTask.run(BasicExecutionEngine.java:573)
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
java.lang.Thread.run(Thread.java:745)

The error we had after the initial certificate expiration is:
com.inductiveautomation.opcua.UAException: Could not open secure channel to opc.tcp://x.x.x.x:49320/.

com.inductiveautomation.xopc.client.stack.TCPClientChannel.open(TCPClientChannel.java:265)

com.inductiveautomation.xopc.client.stack.UaClient.connect(UaClient.java:65)

com.inductiveautomation.xopc.client.OpcUaConnection.verifyConnectionState(OpcUaConnection.java:142)

com.inductiveautomation.xopc.client.FailoverAwareOpcUaConnection.verifyConnectionState(FailoverAwareOpcUaConnection.java:75)

com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$ServerWrapper.verifyConnectionState(OPCManagerImpl.java:740)

com.inductiveautomation.ignition.gateway.opc.OPCManagerImpl$OPCConnectionKeepalive.run(OPCManagerImpl.java:616)

com.inductiveautomation.ignition.common.execution.impl.BasicExecutionEngine$TrackedTask.run(BasicExecutionEngine.java:573)

java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)

java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)

java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)

java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

java.lang.Thread.run(Thread.java:745)

com.jniwrapper.win32.com.ComException: COM object method returns error code: 0x800401F3; CO_E_CLASSSTRING (Invalid class string)
at com.jniwrapper.win32.com.impl.IUnknownImpl.invokeStandardVirtualMethod(SourceFile:762)
at com.jniwrapper.win32.com.impl.IUnknownImpl.invokeStandardVirtualMethod(SourceFile:741)
at com.inductiveautomation.opccom.interop.opcenumlib.impl.IOPCServerList2Impl.CLSIDFromProgID(IOPCServerList2Impl.java:96)
at com.inductiveautomation.opccom.wrapper.browsing.OpcEnum$GetClsidJob.internalRun(OpcEnum.java:199)
at com.inductiveautomation.opccom.wrapper.OleJob.run(OleJob.java:48)
at com.inductiveautomation.opccom.wrapper.OleJob.runInOleLoop(OleJob.java:27)
at com.inductiveautomation.opccom.wrapper.browsing.OpcEnum.getClsIdForProgId(OpcEnum.java:97)
at com.inductiveautomation.opccom.COMServerImpl$ConnectServerJob.internalRun(COMServerImpl.java:704)
at com.inductiveautomation.opccom.wrapper.OleJob.run(OleJob.java:48)
at com.jniwrapper.win32.MessageLoopThread$ThreadSynchronizedAction.run(MessageLoopThread.java:620)
at com.jniwrapper.win32.MessageLoopThread$LoopThread.run(MessageLoopThread.java:562)

Please help me troubleshoot this. We did try requesting connections to the OPC server from generic opc clients and it worked but Ignition for some reason is not sending those requests. I also tried manually importing the newly generated certificate to the OPC server and still have the issues.

You need to call support for something that old. OPC DA is notorious. (You say OPC UA, but your error is from OPC DA.)

Sorry, I am confused. Why do you call it OPC DA?

Because you seem to have copy/pasted some irrelevant stack trace from a failed OPC Classic/COM/DA connection in addition to your OPC UA stack trace.

If your Ignition client certificate expired, there's a page in the gateway where you can regenerate it. After regenerating it you need to restart the Ignition Gateway.

After that, the Ignition client certificate will show up in the other server's software somewhere and you'll have to mark it as trusted.

Hi Kevin, So we did regenerate certificates and they showed up on the other server that we marked as Trusted(Without having to restarting the ignition gateway). But when we restarted both the servers this morning as part of monthly maintenance, we lost comms.

What is the current error and stack trace from the Ignition Gateway?

Is it this one?

com.inductiveautomation.opcua.InternalUAException: java.net.ConnectException: Connection refused: connect

Because this is a plain old networking error - just can't connect. Nothing to do with Ignition. Either the server isn't running or isn't reachable (firewall, etc...)

Yes. That's the error. Firewall is off. Used Telnet to make sure the other server on the specified port is reachable. Do you recommend any other troubleshooting steps?

Make sure you have the right IP address, or if you're using a hostname, that it still resolves and resolves to the right IP address

That you could reach via telnet is suspicious; Wireshark might show a difference.