Yup, i was 1000% confused. Thanks for helping to clear it up. Have a great weekend!
1 Like
One last question, what does "no matching endpoint found" when the server is trying to connect to ignition?
It means the client is trying to open a secure channel and the combination of endpoint URL it used to connect, along with security policy and security mode used in the request, do not match any of the server's configured endpoints.
It sounds like this MES software's client implementation may be broken in the same way Kepware's is, described here.
Thank you Kevin, I really appreciate the help!
Sorry to keep the thread going but... They have requested is it possible to connected securely without going through discovery mode? create a secure channel manually if possible as they said their OPC doesn't support discovery endpoints. I am guessing No but I had to ask.
Thanks again!
They are free to point their client at the session endpoint (the one without "/discovery" suffix) and open a secure channel using a SecurityPolicy other than None. Whether their client is capable of that or not is unknown.
1 Like
I have struggling with a similar issue here and on a couple of other threads. The only OPC client I can get to connect to the Ignition OPC Server is the Ignition OPC Client. I have tried from several OPC UA clients. My primary goal is to connect with Kollmorgen's AGV system manager, but their documentation and logging is very limited. I have since tried to connect with three other OPC UA clients. All of them give me the same error in Ignition:
org.eclipse.milo.opcua.stack.core.UaException: no matching endpoint found: transportProfile=TCP_UASC_UABINARY, endpointUrl=opc.tcp://IP.Address.Of.Server:62541, securityPolicy=None, securityMode=None
All of them are setup to use Basic256sha256 & SignAndEncrypt, but Ignition is not recognizing it. I am able to connect these clients to Kepware and their certificates have to be accepted in Kepware's configuration or they cannot connect.
With one client's configuration, I was able to trick it to say the endpoint included the /discovery. At that point the Ignition log recognized the client was using Basic256sha256 and SignAndEncrypt, but of course Ignition refused the connection because it was not the actual endpoint.
Bind Address is set to 0.0.0.0 and both IP addresses are included with the Endpoint Addresses. I have configured the Ignition OPC Client to connect on the same IP addresses on both localhost and remote machines.
This can only be addressed by either:
- fixing the broken client
- adding the "None" SecurityPolicy to Ignition's OPC UA server settings
In the current development version of the OPC UA SDK I've abandoned this strict separation between discovery and session endpoints because too many clients are implemented incorrectly. This will be included in the Ignition 8.3 release, but for the lifetime of Ignition 8.1 you'll have to deal with the headache.
Thanks for the prompt and effective response. I changed my Ignition Security Policy to: Basic256Sha256,None
When you said "adding" in your response, I realized I could have both. Or at least it looks like it can.
I am now able to get one of the clients to connect. Not the one I need, but I expected some challenges there. The one I need quit displaying anything in the log after the change.
The Kollmorgen client requires that I include the OPC Server Name which seems to be related to the OPC DA, so I have to try to figure out what that needs to be before i go any farther.
Appreciate your help.
Make sure this client even supports OPC UA at all. Ignition does not have an OPC Classic/DA server.