Ignition V8.3 Siemens Enhanced Driver - AARCH64 Edge ReconnectWait

We made a gateway backup on a standard laptop on docker, transferred it to a gateway running Edge 8.3.2 on AARCH64 and now the working Siemens Enhanced Driver connection to the PLC has stopped communicating with the following errors in DEBUG on the logs:

de.deltalogic.accon.aglink4.AglIOException: Method: 'Connect', Error Code: 'AGL40_ONLY_SECURE_COMMUNICATION', Error Nr: '0xFFF50044', Error Message: 'AGL40_ONLY_SECURE_COMMUNICATION',
at de.deltalogic.accon.aglink4.FunctionsConnect.connect(FunctionsConnect.java:150)
at de.deltalogic.accon.aglink4.AglConnection.autoConnect(AglConnection.java:458)
at de.deltalogic.accon.aglink4.AglConnection.connect(AglConnection.java:261)
at de.deltalogic.accon.aglink4.AglPlcConnection.connect(AglPlcConnection.java:346)
at com.inductiveautomation.ignition.drivers.siemens.SiemensS7Client.fallbackToUnsecureConnection(SiemensS7Client.java:357)
at com.inductiveautomation.ignition.drivers.siemens.SiemensS7Client.symbolicConnect(SiemensS7Client.java:345)
at com.inductiveautomation.ignition.drivers.siemens.SiemensS7Client.connect(SiemensS7Client.java:93)
at com.inductiveautomation.ignition.drivers.siemens.SiemensS7Client.withConnection(SiemensS7Client.java:191)
at com.inductiveautomation.ignition.drivers.siemens.SiemensS7Client.loadSymbolsFromPlc(SiemensS7Client.java:145)
at com.inductiveautomation.ignition.drivers.siemens.SymbolFsm$SymbolFsmFactory$ClientActions$1.loadSymbolInfo(SymbolFsm.java:553)
at com.inductiveautomation.ignition.drivers.siemens.SymbolFsm$SymbolFsmFactory.lambda$configureLoading$3(SymbolFsm.java:322)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)

de.deltalogic.accon.aglink4.AglNotConnectedException: 'symbolic_LoadAGLinkSymbolsFromPLC': not connected. Connect to Plc with AglPlcConnection.connect().
at de.deltalogic.accon.aglink4.AglConnection.checkIfConnected(AglConnection.java:301)
at de.deltalogic.accon.aglink4.AglPlcConnection.symbolic_LoadAGLinkSymbolsFromPLC(AglPlcConnection.java:1554)
at com.inductiveautomation.ignition.drivers.siemens.SiemensS7Client.withConnection(SiemensS7Client.java:201)
at com.inductiveautomation.ignition.drivers.siemens.SiemensS7Client.loadSymbolsFromPlc(SiemensS7Client.java:145)
at com.inductiveautomation.ignition.drivers.siemens.SymbolFsm$SymbolFsmFactory$ClientActions$1.loadSymbolInfo(SymbolFsm.java:553)
at com.inductiveautomation.ignition.drivers.siemens.SymbolFsm$SymbolFsmFactory.lambda$configureLoading$3(SymbolFsm.java:322)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)

Anyone seen this error before?

I will also add that the PLC connects just fine with the legacy driver set up in parallel.

Hmm, maybe OpenSSL not installed on this new platform?

I can't remember if we're including it with this driver or relying on the OS for it.

Any particular package or just the standard? It's ubuntu based from memory.
I mean, SSH is running, so its gotta be installed in at least a minimal way.

Try libssl-dev.

From @Cody_Morgan in Slack:

One caveat for Linux is that if users want to make a secure (TLS) connection to their PLC, they need to have symlinks created for the OpenSSL libraries.If using OpenSSL v3, the symlinks should be:

libcrypto.so -> libcrypto.so.3
libssl.so -> libssl.so.3

These can be created manually with ln or the user can install the libssl-dev package. These symlinks are provided automatically in the docker images.

This is definitely the cause, maybe this should be added to the linux install docs, as its not optional to install this if you are using the Enhanced Driver.

It should be added to docs, yes.

It is optional though. Only required if your PLC configuration requires a secure connection.

It is in the docs. I thought we (the docs team and I) were pretty thorough with the description

image1148×802 76.1 KB

We are not using secure connection, so it must use part of it regardless.

Ah, I was thinking the Linux installation docs, there's no mention in those.

You are using a secure connection (TLS). The AGL40_ONLY_SECURE_COMMUNICATION error message you got above is returned when the PLC requires a secure connection.

Assuming you have the Force Secure Connection checkbox unchecked in the device connection config, this is what happens:

1. Driver attempts to make a secure connection to the PLC.
   • This can fail for a number of reasons- PLC doesn't support it, can't find OpenSSL, etc.
2. If secure connection fails, driver attempts to make an unsecure connection to the PLC.
   • This can fail for a number of reasons as well, but OpenSSL is not needed. Your logs suggest your PLC is not configured to allow unsecure connections.
3. Restart at step 1, until connection is successfully established.

If using Force Secure Connection, the driver will not attempt an unsecure connection. The idea behind this flag is that for users who don't care about TLS, an unchecked box means we will connect whichever way we can. For users who do care about TLS, checking the box will ensure we don't fallback to an unsecure connection just because the first connection attempt failed.

The driver doesn't need OpenSSL if connecting with an unsecure connection. It will attempt to load OpenSSL, but if it fails, it will attempt to connect to the PLC without TLS.

That may be a good place for it. I'm not familiar with that area of the docs, but I'll pass the feedback along to the docs team to see if they have an idea. It might be a bit odd, since it is very specific to this driver. There may already be a precedent for that, I'm not sure. I just write the code

We are using v20 of TIA on this job, so its forcing a lot of defaults in the PLC like secure from the sounds of things, normally secure wouldn't be a default on older versions.