I have set up redundant Ignition servers, which I called IgnitionPrimary and IgnitionBackup. On each Ignition server I have a instance of Kepware running as well. I wanted to set it up so that if, for some reason, the Kepware server crashed or got turned off somehow on the primary server then the Ignition server would look to the Kepware server running on the IgnitionBackup server. I'm doing all of my connections through OPC-UA.
I can get the primary server to connect to the Kepware server on the primary machine fine, and the backup server will connect to the Kepware server on the backup machine but if I try to have the primary fail over to the backup it never works. Also, if I try and add the UA certificate from both the Primary and Backup Ignition servers I get an error "A certificate in the CA chain is self signed and not trusted." <img src="//cdck-file-uploads-global.s3.dualstack.us-west-2.amazonaws.com/business4/uploads/inductiveautomation/original/1X/7a4ef52acf8ce89f07f025b17022763856839588.PNG" width="377" height="181"><br/>
If I hit yes then Ignition won’t connect to the Kepware server at all until I delete the certificate from the backup machine. Am I doing something wrong or is this just how it is? Any help would be appreciated, thanks!
What version of Kepware are you using? There shouldn’t be any issues adding the Ignition UA Client certificate from both machines to both Kepware instances.
I’m using the newest version, 22.214.171.124. Here is a screen shot from the Kepware help:
I’ll see if I can get this replicated.
Thanks! Let me know if you need any additional information.
since you have a redundant ignition server, why dont you just force a swapover to the backup ignition server if you sense that kepware is dead on the primary ignition server?
I suppose I could do that… but I have the redundancy history mode set to partial so I don’t get a lot of duplicate records if the backup server takes over and the primary is still active. So, if I switched over to the backup if Kepware goes down then I’d still be able to see tag data but not any history or trending data. I’d rather not do that if I don’t have to.
If the problem is only with Kepware then I’d prefer to address that problem by switching over to the other Kepware server instead of taking down the whole Ignition server. My guess is that it will happen so infrequently that it won’t ever be a problem, but it’s a matter of principal
Where you able to replicate this problem? I’ve tried a few other things like renaming the certificates and stuff like that but I still have the same problem trying to add more than one certificate to Kepware.