[color=#FF0000]Secure OPCUA 4.9.0 conections from Ignition 7.8.2/7.9 into Kepware 6.0 are broken.[/color]
You must allow anonymous OPCUA connections into Kepware 6.0.
Even then, when Kepware Runtime is reinitialized, you must edit the OPCUA connection and re-save.
Ticket open with IA 40220.
Ticket open with Kepware 102537.
/chris
Is your connection to KEPserver local or remote? Running locally, 7.8.4 and 7.9.0 both connect without issue for me. All I had to do was make sure the client certificate was trusted.
Hello everybody,
I have the same issue in my system. I have Kepware 6 and Ignition 7.9 both on different machines and if I try to setup a non anonymous connection I get this error Bad_SecurityChecksFailed.
Tried as well to change the channel encryption from SignAndEncrypt to None but no way. It works only in anonymous mode.
Davide Bortolini
I can’t reproduce this and there’s nothing you can do on the Ignition side to get more information than the Bad_SecurityChecksFailed StatusCode. We’ll have to wait to hear from Kepware.
I have captured the UA transaction from Kepware.
Below is the transcript. Hope this helps.
Davide Bortolini
Any update about that?
Thank You
Davide Bortolini
Have either of you tried regenerating Ignition’s UA client certificate and then restarting the UA module or gateway?
After upgrade to v6 I had the same issue, but to get this working on a couple of Ignition installations, re-issuing new certificates was not required. What was required was to remove the old Ignition certificates in Kepware OPC UA configuration and restart Kepware (not reinitialize). Then after Kepware restarted, I imported in the same Ignition certs and re-started Kepware again. Afterwards the connection to Kepware no longer faulted, and “Bad_SecurityChecksFailed” no longer appeared.
I have tried both uour suggestions (re-issue certs and remove/add certs to Kepware) but no way to get Ignition and Kepware 6 working with secure channel.
Any ideas?
Thank you
Davide Bortolini
[quote=“dbortolini”]I have tried both uour suggestions (re-issue certs and remove/add certs to Kepware) but no way to get Ignition and Kepware 6 working with secure channel.
Any ideas?
Thank you
Davide Bortolini[/quote]
At the moment there’s nothing more that can be done on the Ignition side. Our support team is now working directly with Kepware to figure out what is going on.
Solved with Inductive support team! The guy pointed me to the right solution.
Thank you
Ticket id #41142
Davide Bortolini
[quote=“dbortolini”]Solved with Inductive support team! The guy pointed me to the right solution.
Thank you
Ticket id #41142
Davide Bortolini[/quote]
For the rest of you who can’t see his ticket…
You need to go into Kepware and re-issue its server certificate(s), then restart Kepware (not just re-initialize), and then you may also have to edit/save the connection in Ignition.
It sounds like Kepware will be addressing this in their next release.
I just went through this myself - Kepware said that its a bug in 6.0, the first time 6.0 generates the certs it mangles them somehow, so you have to delete them, reinit (I didnt have to shut it down) recreate them and trust them again. Works fine after that. Only happens this one time after a 6.0 installation or upgrade.
FWIW, I had a similar issue when using thier own clock to a trigger - it would fail the first time it was called, worked the second time though. I sense a pattern…
The only thing that fixed it for me was 7.9.1 
Kepware has admitted this is thier doing - so having 7.9.1 fix it must have been a coincidence.
Hmmm interesting. I heard differently but won’t mention any names.
Really? Please, details. Change names to protect the guilty but Kepware admitted to me that it was their problem but couldn’t definitively say why - if you have found otherwise I’d like to know.
I really shouldn’t.
But to me the recommendation was to upgrade to 7.9.1 and leave Kep at 6.0.
Since we were unable to reproduce this in 7.9.0 and for the majority of customers it appeared to be an issue with KEPServer that could be resolved by regenerating the certificates, I can tell you that no changes or fixes specifically addressing this went into 7.9.1.
That it’s suddenly working for you in 7.9.1 is some combination of mystery and coincidence 
I am glad both products are working together once again!