OPC UA Client conectivity errors

Ignition
1

Hello everyone.

I am using Ignition Gateway to verify if a bidirectional connection between the Ignition server and a probe has been set up correctly. I have already confirmed that Ignition can see the probe by using the ping command with the IP address while connected to the Ignition Server.

To verify if the probe can see Ignition, I am using the OPC Client option in the Config area of the Ignition Gateway. I create a new OPC UA connection and configure it by entering all the necessary IP and host addresses. Everything appears to be in order (I provide the endpoint URL, and Ignition recognizes the OPC UA server).

Additionally, we are confident about the specific values for the discovery URL, endpoint URL, endpoint host override, etc., as we have successfully connected a different probe before. We also believe that the security options, username, and password are set correctly.

However, when we create a new connection, the status of the connection fails, and we see the following logs:

status=Bad_SecurityChecksFailed, description=An error occurred verifying security.

UaException: status=Bad_SecurityChecksFailed, message=An error occurred verifying security.
	at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.onError(UascClientAcknowledgeHandler.java:258)
	at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.decode(UascClientAcknowledgeHandler.java:167)
	at io.netty.handler.codec.ByteToMessageCodec$1.decode(ByteToMessageCodec.java:42)
	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
	at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:103)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at java.base/java.lang.Thread.run(Unknown Source)
2

Did you figure this out?

3

This is a generic security-related error being sent by whatever server they were connecting to.

It could be something as simple as the Ignition client certificate is not yet trusted on the other side, or could be something trickier like differing expectations in what makes a valid certificate.

If you're seeing something similar feel free to make a new post with all the details.

1 Like
4

Thanks Kevin, I actually found my ignition opc-ua cert expired, i needed to regenerate and approve on the other end. thanks!