I'm working with a client currently to try to get their OSI PI connector to talk to Ignition, but we're not having any luck. We've followed the suggestions on the other threads on here (see below), but our options don't always match up (I suspect a version difference). We've tried both with and without encryption (with the Ignition security policy set to: Basic256Sha256,None) and we have the binding address already set to 0.0.0.0. We're using a dedicated user instead of the built-in/preconfigured user, but we do not have anonymous access enabled on the server as we'd like to keep this enabled if possible. We have not tried anonymous access, and maybe that could be our issue.
No matter what though, the certificate never shows up as a quarantined certificate when we try to connect to the server, but the PI connector is able to see the server because when we put in the opc.tcp://<IPAddress>:62541 and tell it to discover, it correctly detects the available endpoints. One thing I was surprised about is that it showed the host name as one, but never showed the IP address as an available endpoint (I thought it would at least show the IP in addition to the host name)
For the root node, we've tried both ns=1;s=0 and ns=1;s=[PLC] as an attempt to even limit it to one device, but I suspect that is irrelevant if we can't get the certificate to even show up in the quarantined certificates section so we can trust it. We also tried uploading the client certificate to Ignition manually and it didn't help either.
I've also tried looking at the logs and I'm not even seeing anything in there but not sure which logger to put into debug or trace to try to troubleshoot further.
Anyone have any suggestions? Here's the other forum posts we've followed:
I was thinking that also, but was on a running plant server, so didn't want to interrupt their operations. I may try to schedule a time I can load it (at least we're on a redundant set of servers so I can fail them over to the backup while I install it).
In working with their guy, I also suggested loading up UAExpert on the same server that the Pi Connector is on so we could attempt connections from it with a little more diagnostics to maybe narrow down the problem. If it can connect and Pi can't, it at least rules out network/firewall issues (although I would think if it were a firewall problem it wouldn't even discover the endpoints).
The command line tshark is really helpful when dealing with production servers. I often use the -a duration:60 option to get an auto-exiting 60-second capture.