Professional OPC
Development Tools


Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.


15 Feb 2018 08:32 #6049 by giles
Replied by giles on topic BadUserAccessDenied
Thanks - I thought I had enabled anonymous access in kepware as it gives the option on installation - bt actually you have to enable it for the specific project.

Connectivity explorer still has that issue inspite of reconfiging it as you suggested - but I'm not too bothered about that

Please Log in or Create an account to join the conversation.

15 Feb 2018 06:42 #6048 by support
Replied by support on topic BadUserAccessDenied
BadUserAccessDenied stands for "User does not have permission to perform the requested operation.".
Assuming that the server uses the error codes as they are defined in the OPC UA standard, this error is *not* related to verification of application certificates. It is a *authorization* error: That is, the identity used when creating the UA session is not authorized to perform the operation.

Check at the server side whether you have configured user authentication and how.

On the client side, if indeed used identity needs to be specified, you need to configure in the UserIdentity property of the UAEndpointDescriptor that you pass to EasyUAClient. The user identity can be anonymous (this is the default), or a specific user, given e.g. by a combination of username/password.

The error you get in Connectivity Explorer seems to be a different thing. For first tests, please make sure you it set in Conn. Explorer as follows:

In menu Tools -> Configure Connectivity, click on "OPC UA Configuration". Then, for the "Standard Name", select "TestingInsecure" from the drop-down box.

If you get BadUserAccessDenied in Connectivity Explorer then, you can right-click on an endpoint, select "User Identity", and configure the identity interactively.
The following user(s) said Thank You: giles

Please Log in or Create an account to join the conversation.

14 Feb 2018 22:59 #6047 by giles
BadUserAccessDenied was created by giles
I've written an application - it connects fine to your UA test server

(it is here )

the service is calling EasyUAClient.install() when it installs

this results in a certificate in C:\ProgramData\OPC Foundation\CertificateStores\UA Applications\certs

I'm trying to get it to connect to kepware UA server standard installation

however it is not exchag=nging a certificate and I get

An OPC-UA operation failure with error code -2145452032 (0x801F0000) occurred, originating from ''. The inner OPC-UA service exception with service result 'BadUserAccessDenied' contains details about the problem.

I've imported the client certificates for both connectivity explorer and my application into kepware manually but I still get the same thing.

When I try and add the ua host opc.tcp:// to connectivity explorer it fails with "self signed certificate is not trusted" - I still get the same error even if I turn kepware off and add the endpoint.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.166 seconds