Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Cannot connect to KepServer - OPC UA service result - {BadUserAccessDenied}

More
18 Jul 2021 19:06 #10013 by support

Please Log in or Create an account to join the conversation.

More
18 Jul 2021 18:40 #10012 by micham
Thank you for your answer. I have fixed the problem on our side. Now. I can connect with a username + password when "Anonymous Logon = False".

Best regards,

Michael
The following user(s) said Thank You: support

Please Log in or Create an account to join the conversation.

More
18 Jul 2021 06:04 #10007 by micham

micham wrote: Hi,

I am using this code in my OPC client.

Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity("micham", "*********")

I have defined a user in the KepWare OPC UA server (see attached)

I have set "Allow Anonymous Login" to "No".

I tried browsing and got the following error. Any idea what is the problem?

Thank you.

Michael

Exceptions

Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
--- End of inner exception stack trace ---
Activity Trace:
Data:
ErrorId: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 19
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Data: ErrorId: Opc.UA.ServiceResult=0x801F0000
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2149515264
Message: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Result: BadUserAccessDenied
Additional Info:
Description: Endpoint does not supported the user identity type provided.
Inner Result:
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadUserAccessDenied
Code Bits: 32799
Code Bits Symbol: BadUserAccessDenied
Condition: 31
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2149515264
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Target Site: Void Open(System.String, UInt32, Opc.Ua.IUserIdentity, System.Collections.Generic.IList`1[System.String], Boolean)
DeclaringType: Opc.Ua.Client.Session
Module: Opc.Ua.Client.dll
Assembly: Opc.Ua.Client, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(1)\bin\Debug\Opc.Ua.Client.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: f685d7d5-5ec1-45ad-986e-dc91a46c4268
Name: Opc.Ua.Client.dll
ScopeName: Opc.Ua.Client.dll
Source: Opc.Ua.Client
Stack Trace:
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.ClientServer.UAClientSessionBase.<>c__DisplayClass147_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:

Please Log in or Create an account to join the conversation.

More
17 Jul 2021 17:02 #10006 by support
Please verify that the endpoint descriptor you are passing to the browse is actually the one you have listed below (the gdsEndpointDescriptor variable). It does not look like that this is the case, because the error message contains "+ The user identity used was: Anonymous.". If you were passing in the right endpoint descriptor, it would have "Anonymous", but also with added something like ", UserName("micham", **).

BTW, please edit your previous post and remove your password in case it is something you do not want the world to see.

Best regards

Please Log in or Create an account to join the conversation.

More
17 Jul 2021 14:46 - 18 Jul 2021 06:27 #10005 by micham
Hi,

I am using this code in my OPC client.

Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity("micham", "**************")

I have defined a user in the KepWare OPC UA server (see attached)

I have set "Allow Anonymous Login" to "No".

I tried browsing and got the following error. Any idea what is the problem?

Thank you.

Michael

Exceptions

Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
--- End of inner exception stack trace ---
Activity Trace:
Data:
ErrorId: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 19
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Data: ErrorId: Opc.UA.ServiceResult=0x801F0000
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2149515264
Message: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Result: BadUserAccessDenied
Additional Info:
Description: Endpoint does not supported the user identity type provided.
Inner Result:
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadUserAccessDenied
Code Bits: 32799
Code Bits Symbol: BadUserAccessDenied
Condition: 31
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2149515264
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Target Site: Void Open(System.String, UInt32, Opc.Ua.IUserIdentity, System.Collections.Generic.IList`1[System.String], Boolean)
DeclaringType: Opc.Ua.Client.Session
Module: Opc.Ua.Client.dll
Assembly: Opc.Ua.Client, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(1)\bin\Debug\Opc.Ua.Client.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: f685d7d5-5ec1-45ad-986e-dc91a46c4268
Name: Opc.Ua.Client.dll
ScopeName: Opc.Ua.Client.dll
Source: Opc.Ua.Client
Stack Trace:
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.ClientServer.UAClientSessionBase.<>c__DisplayClass147_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:
Attachments:
Last edit: 18 Jul 2021 06:27 by support. Reason: tech support: password replaced by asterisks

Please Log in or Create an account to join the conversation.

More
07 Jul 2021 17:56 #9938 by support
Thank you.

a) Additional question: Which checkboxes do you have enabled under "Security Policies" in the Endpoint Configuration for the endpoint you are using, in the KEPServerEx? I am referring to the dialog (example) below:




b) The "appuser" username and "demo" password are for the GDS example server. I am not sure if you have configured your server to use the very same user name and password.

Best regards
Attachments:

Please Log in or Create an account to join the conversation.

More
07 Jul 2021 17:51 #9937 by micham
Hi,

Sure. See below.

Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity("appuser", "demo")

Regards,

Michael

Please Log in or Create an account to join the conversation.

More
07 Jul 2021 17:05 #9936 by support
Re 2: Can you post here the relevant pieces of code?

Thank you

Please Log in or Create an account to join the conversation.

More
07 Jul 2021 16:25 #9935 by micham
Hi,

1. I tried it. It is working fine now with anonymous user.
2. I tried it. I get this error when trying to browse:

OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Exceptions

Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
--- End of inner exception stack trace ---
Activity Trace:
Data:
ErrorId: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((5, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((5, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 5
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Data: ErrorId: Opc.UA.ServiceResult=0x801F0000
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2149515264
Message: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Result: BadUserAccessDenied
Additional Info:
Description: Endpoint does not supported the user identity type provided.
Inner Result:
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadUserAccessDenied
Code Bits: 32799
Code Bits Symbol: BadUserAccessDenied
Condition: 31
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2149515264
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Target Site: Void Open(System.String, UInt32, Opc.Ua.IUserIdentity, System.Collections.Generic.IList`1[System.String], Boolean)
DeclaringType: Opc.Ua.Client.Session
Module: Opc.Ua.Client.dll
Assembly: Opc.Ua.Client, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(1)\bin\Debug\Opc.Ua.Client.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: 5171d3a9-7cd0-4339-8411-4626e4a4b08c
Name: Opc.Ua.Client.dll
ScopeName: Opc.Ua.Client.dll
Source: Opc.Ua.Client
Stack Trace:
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.ClientServer.UAClientSessionBase.<>c__DisplayClass147_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:

Can you please advise?

Thank you.

Michael

Please Log in or Create an account to join the conversation.

More
07 Jul 2021 15:02 #9933 by support
Hello.

1. I have quickly checked, and I suggest that in KEPServerEX configuration, you verify what you have under Edit -> Properties, OPC UA -> Client Sessions -> Allow anonymous login. It should be "Yes" if you want to connect without user authentication.

I want to make clear that it is not our task to provide support for the server side.

2. My fault. It should be WithUserNameIdentity.

Best regards

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.422 seconds