OPC-UA Connection to Siemens PLC Faulting After Upgrade

I am upgrading a server from 7.9 to 8.1 and the OPC-UA connections that I had to a few Siemens 1500 PLCs are no longer working, the Kepware connections that I have are working though. If I run through the endpoint setup Ignition finds the endpoints just fine and allows me to pick the security options that are enabled in the Siemens PLC. I can also trust the certificate in Ignition. But when I save the connection I get this message about an unsupported protocol?

UaException: status=Bad_InternalError, message=unsupported protocol: null
	at org.eclipse.milo.opcua.stack.client.DiscoveryClient.getEndpoints(DiscoveryClient.java:189)
	at com.inductiveautomation.ignition.gateway.opcua.client.ManagedClientKt.initialize(ManagedClient.kt:85)
	at com.inductiveautomation.ignition.gateway.opcua.client.ManagedClient$create$1.invokeSuspend(ManagedClient.kt:64)
	at com.inductiveautomation.ignition.gateway.opcua.client.ManagedClient$create$1.invoke(ManagedClient.kt)
	at com.inductiveautomation.ignition.gateway.opcua.util.Managed$get$deferred$1.invokeSuspend(Managed.kt:40)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:56)
	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:738)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665)

8.1.0 (b2020110211)
Azul Systems, Inc. 11.0.7

I’m not sure what that means as I have the old server and new server running side by side and the old server is connected just fine with the same settings. Any thoughts?

Any chance you can get a Wireshark capture?

edit: or maybe tell me the endpoint URL reported by the server during discovery.

edit 2: actually, what discovery/endpoint URL are you specifying during discovery?

I can work on a wireshark capture. I have to install it on the server.

This is what I’m putting in as the endpoint URL (this is what is shown in the Siemens PLC OPC settings)

And this is what comes back:

If you click the “skip to advanced” link (something like that) at the top of the discovery flow what are the values of those fields it presents?


And here is what is set in the Siemens PLC:


I don’t know, this all looks totally fine.

Can you turn the logger com.inductiveautomation.ignition.gateway.opcua.client.ClientManager to DEBUG and then edit/save the connection and tell me what gets logged by that logger?

This is what comes up:

That didn’t connect? It looks like it got further than what would have generated the original error message. Is there a new error message now?

No, it just keeps trying to connect and then says Faulted with the same error:

EDIT: I have a wireshark capture that I can send you. It won’t let me post it on this thread.

It seems like every reply from the PLC has this reassembly error, I don’t know what that means.

1 Like

I think the problem might have something to do with you have a failover endpoint configured that has an invalid endpoint URL.

Check the advanced settings on the OPC UA connection and see if there’s any non-default, non-blank values there.

Oh, that did it!

Failover was enabled for some reason but there were no settings.

On the old server the failover was disabled:

When I restored it into 8.1 it enabled it for some reason.

If you can open a ticket with support and supply them with your backup we can try to reproduce this and fix anything we find. There might be some bug with the “restore enabled/disabled” functionality catching this failover setting.

Will do. Thanks for the help Kevin!

I just ran into this–failover checked and causing an error–when upgrading a server from 8.1.2 to 8.1.4. It was running on 8.1.2, though I hadn’t checked whether failover was enabled before upgrade (it shouldn’t have been).

I’m not sure if @Duffanator ever sent a backup to support. If he did then this never made its way back to me or into a ticket that I’ve seen.

I’ve got pre/post-upgrade backups of this one I can put on a password protected OwnCloud server for support to access if they might be useful.

Yes, I think they would be helpful. It should be easy to see if it was checked or not pre-upgrade.

Shall I send an email to support with link and password to access, or PM them to you?

Can you do both? I’ll take a look right away but emailing support will make sure this gets tracked like it’s supposed to.