OPC-UA Connection to Siemens 840D sl Control Failing

I am connecting to a Siemens 840D sl OPC-UA server to multiple instances of Ignition: prod, test, and dev all of which are VMs. I have configured the time on the HMI and have connected from the Prod & Test servers with no troubles. When trying to connect from Dev the connection is forcibly closed from the host when trying to establish a connection. The Siemens control has capability for several connections. The OPC-UA certificates appear to have different fingerprints. The PC names are different. I’m not sure what the Siemens OPC-UA server sees that is not allowing connection. Ideas on what to look for?

How far into connecting does it get before the server closes the connection?

If you can get a Wireshark capture of the traffic between Dev and the Siemens OPC UA server we can take a look to see if anything stands out, but this sounds like something you’ll probably have to contact Siemens support for help with.

What modules should I be logging to get the finer detail? When connecting, it fails immediately when trying to connect for discovery.

There’s not really going to be any logging if it fails that early. Sounds like you’ll have to troubleshoot this outside of Ignition. Network, firewall, device/server configuration, etc…

Thanks Kevin. I was hoping for an easier solution.

Is there a fingerprint characteristic or other metadata that would have been copied when we cloned the VM that is causing the OPC-UA server to see a duplicated connection?

The client certificate presented by Ignition would be the same, but from the description of things you aren’t getting far enough into the connection for it to matter.

You can force Ignition to generate a new one by deleting $IGNITION/data/opcua/client/security/certfificates.pfx and then restarting the gateway.

Wouldn’t expect this to make a difference though.