Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

EasyUAClient - browsing, user authentication with a certificate, etc.

More
17 Oct 2014 18:42 - 17 Oct 2014 20:40 #2452 by support
Thank you - this is precisely what I needed.

The server certificate could not be validated on the client side, but since you have set the client to accept all certificates, it gets accepted anyway - that's the "fallback method". In that sense, I do not see anything wrong or unexpected there.

The important lines of the log are these - near the end:

3128 - 16:56:50.557 CreateSession Called. RequestHandle=1, PendingRequestCount=1
3128 - 16:56:53.167 CreateSession Completed. RequestHandle=1, PendingRequestCount=0
3128 - 16:56:53.198 Create session failed with client certificate NULL. No such host is known
3128 - 16:56:53.198 CreateSession Called. RequestHandle=2, PendingRequestCount=1
3128 - 17:06:50.574 ***EXCEPTION*** BadRequestTimeout
3128 - 17:06:53.199 ***EXCEPTION*** BadRequestTimeout
3128 - 17:06:53.215 CreateSession Completed. RequestHandle=2, PendingRequestCount=0


What is means is that we have first tried to call the CreateSession service on the server with a NULL client certificate (because the security policy = None). When this fails (which is allowed), we re-try the CreateSession with the client certificate we have. This call blocks for 10 minutes on the server side, and afterwards it fails with "BadRequestTimeout" error..

You need to resolve the problem on the server side.

Best regards

---> ADDED LATER:
1. Actually, the 10 minutes are probably not caused by the server - it is yet another ("operation") timeout, this time on the UA Stack level.
2. There is one remaining (but unlikely) thing I need to check, whether the "block" cannot be on our side. In case I find anything, I will post it here.
Last edit: 17 Oct 2014 20:40 by support.

Please Log in or Create an account to join the conversation.

More
17 Oct 2014 15:20 - 17 Oct 2014 15:24 #2449 by g.aino
Hello,we've done the test you required, below the resultant log:

File Attachment:

File Name: Trace.txt
File Size:11 KB


It seems the certificate doesn't have been accepted, despect of the message was given in previous debug log

The server certificate has been accepted for the OPC-UA client session to endpoint URL "opc.tcp://xxx:yyy@DiscoveryServer:4841/" by a fallback method.

Hope it will be helpful to find the solution,
Thank you,
Regards
Attachments:
Last edit: 17 Oct 2014 15:24 by g.aino. Reason: Doesn't attached trace
The following user(s) said Thank You: support

Please Log in or Create an account to join the conversation.

More
17 Oct 2014 11:05 #2448 by support
The new build (5.31.1424.1) is ready now. Please download it from www.opclabs.com/products/quickopc/downloads/download/form/4-quickopc-download-form , install, and enable the extended tracing as described in the previous post.

Then please rebuild your app and make the test again. Of course I would be interested in seeing the generated log.

Best regards
The following user(s) said Thank You: g.aino

Please Log in or Create an account to join the conversation.

More
17 Oct 2014 07:51 #2447 by g.aino
Thank you. Ok, we're waiting for the build with trace support.
Thanks,
Regards

Please Log in or Create an account to join the conversation.

More
16 Oct 2014 19:07 - 16 Oct 2014 19:14 #2444 by support
Thank you - OK so it works with the sample server, we need to go deeper.

Please read the document attached to this post (plus the mentioned configuration file contents is attached as well). The QuickOPC build described in the document is not yet ready; if all goes well, it should be available tomorrow.

Best regards



File Attachment:

File Name: QuickOPC-U...cing.pdf
File Size:252 KB




File Attachment:

File Name: app.config
File Size:2 KB
Attachments:
Last edit: 16 Oct 2014 19:14 by support.
The following user(s) said Thank You: g.aino

Please Log in or Create an account to join the conversation.

More
16 Oct 2014 08:21 #2443 by g.aino
Hi, thanks for your quick reply.
We tried run same program pointing to sample server opc.tcp://localhost:51210/UA/SampleServer, removing only UserIdentity setting on IsolatedParameters.Session, it works well. Attached the output:

File Attachment:

File Name: Log_test_O...rver.txt
File Size:6 KB

At your disposal for any further information or test.
Regards
Attachments:

Please Log in or Create an account to join the conversation.

More
15 Oct 2014 18:12 #2442 by support
The likeliest cause of this appears to be some blocked call inside the server, but of course there is no certainty until we obtain enough information about it.

We have deeper layers of diagnostics inside the component, but they are currently only for our internal purposes and not exposed to the developer. What I plan to do is to make it possible for them be enabled for customer usage as well, and make a new build of QuickOPC that you will then run and obtain further info. This will, however, need some time. Currently I think it could be ready on Friday, or after the weekend.

An additional question: What happens if you replace your server's endpoint URL with that of the test server installed with the product (e.g. opc.tcp://localhost:51210/UA/SampleServer )?.
The following user(s) said Thank You: g.aino

Please Log in or Create an account to join the conversation.

More
15 Oct 2014 16:52 #2441 by g.aino
Hi, unfortunately I can't access the server to check this out. Hope it can be useful I've done a test by launching in parallel, before and after our program the UASampleClient comprised in UA SDK, it works correctly exposing contents.
We are using the last version of QuickOPC (5.3).
Thank you,
Regards

Please Log in or Create an account to join the conversation.

More
15 Oct 2014 15:51 #2439 by support
Thank you.

Do you have access to the server side? Can you check whether there isn't something on the server, waiting e.g. for user input?

I am asking this question because (similarly to clients), some servers behave in this way - the first time they are presented with a client application certificate, and it cannot be found or validated they show a dialog box, prompting the user to confirm whether the certificate should be accepted. This can block the server side.

Please indicate whether you are using QuickOPC version 5.23 or 5.31. Based on this, I will check whether we can enable some additional diagnostics.
The following user(s) said Thank You: g.aino

Please Log in or Create an account to join the conversation.

More
15 Oct 2014 15:36 #2438 by g.aino
Hi,
we reply below, point over point

1. Yes, we always got this error (read has never succeeded); as information, a "read node" operation on test program "UA Sample Client" return a result in less than 4 sec;
2. Yes, exeption is thrown after exactly 60000 ms (we're using this default timeout)
3. Yes, no popup or messages are shown during the operation (console log stops for long time in the following position

The server certificate has been accepted for the OPC-UA client session to endpoint URL "opc.tcp://xxx:yyy@DiscoveryServer:4841/" by a fallback method.
Certificate information: [Subject]
CN=MyEndpointServer@MyEndpoint, OU=Development, O=TestServerDomain, L=MyEndpoint, C=DE, DC=MyEndpoint

[Issuer]
CN=MyEndpointServer@MyEndpoint, OU=Development, O=TestServerDomain, L=MyEndpoint, C=DE, DC=MyEndpoint

[Serial Number]
54088E42

[Not Before]
04/09/2014 18:07:14

[Not After]
03/09/2019 18:07:14

[Thumbprint]
CBC95E4FA05B1AA8031B97FFE8D46A9BE22A8CF9

, then returns the error after specified timeout.
4. Server addresses, passwords and other informations are hidden for privacy as requested by customer. Unfortunately we don't know data, because OPC-UA server is "blinded" and managed completely by our customer.

Finally, we commented UAEndpointDescriptor setting for Username and Password, but program still give the error.

Thank you,
Regards

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.086 seconds