Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Sentrol OPC UA based client and KEPServerEX
August 24, 2021
17:45, EEST
Avatar
Morpher
Member
Members
Forum Posts: 3
Member Since:
August 22, 2021
sp_UserOfflineSmall Offline

Dear All,
I am currently trying to develop a simple application for testing machines which will be connected to an ERP system at their development phase. The ERP system uses KEPServerEX to exchange data with PLC of already connected machines. As usual there are many problems which appear during machine development and start-up time. To avoid some of them I thought of some testing tool, some application which will simulate basic behaviour of the ERP system, its part responsible for exchange (read/write) of several tags. This could help to validate if a new machine reacts properly, if it was programmed according to specification. It would help to check if the machine works according to specification and its program processes data as agreed.
I program mainly with C++ Builder so Prosys Sentrol OPC UA & Classic SDK for Delphi is for me the first choice SDK. Nevertheless I am aware it may still require much effort to create working application.
First of all please tell me if it is possible to build an application which will access some KEPServerEX using Prosys Sentrol OPC UA & Classic SDK for Delphi?
I’ve already made first attempts to use the package and:
1. I compiled and tested two examples provided: UaCppSampleServer and UaCppSampleClient and they work – I mean when I use Connect button on the Client app its status changes from Disconnected to Running – of course using in the Client app the address displayed by the Server app
2. When I put there some other, wrong address I get a long message: Connection failed: Failed to retrieve endpoints. Failed to connect to server …
3. But if I put there the address of my KEPServerEX I get a short message: Connection failed: Requested endpoint.not supported by the server
At this point I simply do not know if this is something normal which can be fixed by properly set properties or other design/run time parameters. On the other hand it may suggest that it won’t be possible to use the package and build the client app to interact with Kepware server.
Could you help me and guide me a bit?

August 25, 2021
10:30, EEST
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Thanks for an extensive explanation.

In short: yes, Prosys Sentrol OPCUA & Classic SDK can be used to connect to any OPC UA server and communicate with them with all OPC UA basic features – reading, writing, subscribing to variables and events; calling methods, reading history etc. – if the respective server supports these features.

The connection in OPC UA is based on choosing an ‘endpoint’ from the selection that the server makes available. Each endpoint defines different security settings and the servers may be configured to enable different security settings: SecurityModes (None, Sign, SignAndEncrypt), SecurityPolicies (Basic128Rsa15, Basic256, Basic256Sha256, Aes128RsaOaep, Aes256RsaPss) and UserTokenPolicies that are supported (Anonymous, UserName/Password, UserCertificate or ExternalTokens).

Sentrol TUaClient is designed so that you choose the SecurityMode that you wish to use and SecurityPolicies that are acceptable – and the UserIdentity. At Connect, it will then try to find the endpoint that conforms to these settings. But, if the server does not support the selected settings, you will get an error indicating that the endpoint is not supported – which is quite cryptic for a typical user, I admit.

So, the most probable cause for this error in your case is that KepServer does not define any endpoints with SecurityMode=None. You can either enable that in the server or change SecurityMode to Sign or SignAndEncrypt in the client.

Note that, if you wish to use secure connections (Sign or SignAndEncrypt), a successful connection requires that both applications trust each others’ Application Instance Certificates.

The UaSampleClient is defined so that it prompts the user to verify that the server certificate can be trusted.

Since the server cannot prompt the user, your first attempt will usually fail, since the server does not trust your client application by default. You will get a Bad_SecurityChecksFailed error at connect, which usually indicates this. To resolve this, you will have to check how you can trust the certificate in KepServer. Kepware seems to explain this and other important security aspects in the blog article. So, please check that out as well.

You can also learn more about the connection establishment from the video.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
44 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 726

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7, franciscagrimwad, adult_gallery

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1