5:34, EEST
May 1, 2018
Dear experts,
I create an OPC UA Server using Prosys UA Server Simulation. When I test with WinCC, It works fine. But when I try to access my server using Prosys UA Client, it says that “Couldn’t connect to the server”. My server is none security and no user name as well as password. I also set these properties in UA Client. Please help me know why this happened. Thank you so much
13:15, EEST
April 17, 2013
10:40, EEST
April 17, 2013
Hi,
Is the Prosys OPC UA Simulation Server listening on the standard connection address opc.tcp://hostname:53530/OPCUA/SimulationServer ? Or have you changed the connection settings?
When configuring the Prosys OPC UA Client, you only need to copy-paste this connection address to the address bar. You don’t need to do any additional settings if you’re using security mode none and user identity anonymous.
11:30, EEST
May 1, 2018
Dear Heikki,
I make sure that I don’t change anything except copy and pass server url. When I try with Prosys Modbus Server, it doesn’t work again. WinCC is OK. Please help me to solve it.
My screenshot: https://drive.google.com/file/d/1yqH32SLmbGrhD48dN0d9_fyhGMcw3o0k/view?usp=sharing
13:08, EET
September 24, 2019
Hi,
I am trying to connect the prosys OPC UA server to prosys OPC UA client on the same machine.
When I try to connect both via UA TCP address client is getting connected, but when I try the same using UA HTTPS is “Cannot discover server application from…”.
Can you please help me with the problem?
14:14, EET
April 3, 2012
Hi,
Generally speaking, do not revive these old threads.
Currently you will need to copy the CA cert “SimulationServerCA.der” from “user.home”\.prosysopc\prosys-opc-ua-simulation-server\PKI\CA\private to “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA\certs. Additionally just in case you might want to clear “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA
ejected (the actual https cert would go there if the CA cert is not present).
NOTE! These instructions only apply to Prosys OPC UA Simulation Server 4.x and Prosys OPC UA Browser 4.x (it was renamed from Client for 4.x). These use 4.x for our OPC UA SDK for Java, which fixed some opc.https issues (https://downloads.prosysopc.com/opcua/Prosys_OPC_UA_SDK_for_Java_4_Release_Notes.html#version-4-0-0) and it should now be according to the specification. The changes are also currently not backwards-compatible so you need update both.
Generally speaking there is almost close to zero practical reasons to use opc.https instead of opc.tcp, but if you must, check that the versions are the above mentioned 4.x. Additionally it should be noted that most UA servers usually do not support opc.https, or so so poorly.
Note that it would seem the UA Browser has a bug, assuming you did everything correctly, it will work, but on error you would see a Select Server dialog with no entries.
6:53, EET
September 24, 2019
So sorry to reinvoked the closed thread.
There answer solution had to be highlighted or should be at first rather than searching in the entire thread like GitHub.
I have done the above-mentioned steps on the local with server and client both on the same machine, the connection was successful.
But in some machine when I am trying to connect the server and client on a different machine, it shows server select popup window and no content in the table.
I have disabled my windows firewall for all domains. This is faced by me using new server v4.0.2 & browser v4.0.0
Thank you for your prompt response and help much appreciated.
6:13, EET
September 24, 2019
Bjarne Boström said
Hi,Generally speaking, do not revive these old threads.
Currently you will need to copy the CA cert “SimulationServerCA.der” from “user.home”\.prosysopc\prosys-opc-ua-simulation-server\PKI\CA\private to “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA\certs. Additionally just in case you might want to clear “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA
ejected (the actual https cert would go there if the CA cert is not present).NOTE! These instructions only apply to Prosys OPC UA Simulation Server 4.x and Prosys OPC UA Browser 4.x (it was renamed from Client for 4.x). These use 4.x for our OPC UA SDK for Java, which fixed some opc.https issues (https://downloads.prosysopc.com/opcua/Prosys_OPC_UA_SDK_for_Java_4_Release_Notes.html#version-4-0-0) and it should now be according to the specification. The changes are also currently not backwards-compatible so you need update both.
Generally speaking there is almost close to zero practical reasons to use opc.https instead of opc.tcp, but if you must, check that the versions are the above mentioned 4.x. Additionally it should be noted that most UA servers usually do not support opc.https, or so so poorly.
Note that it would seem the UA Browser has a bug, assuming you did everything correctly, it will work, but on error you would see a Select Server dialog with no entries.
I did the above steps but in some machine, I found that even after copying the https certificate to the browser certificate folder it doesn’t get connected.
It shows bad security checked failed, “No Https security policies defined.”
The above error is also generated when a remote client is trying to connect the remote server. The certificated which I have added in the browser certs is moved to the rejected folder.
13:23, EET
April 3, 2012
The select server popup being empty would be the bug I mentioned (you would see the “No HttpsSecurityPolicies defined” in the logs). Note that due to that it will show up if anything at all goes wrong while trying to use opc.https, including e.g. the possibility that your DNS cannot convert hostnames to IP addresses, which would cause remote connections to fail. The reason is that if normal connection fail we try to do UA Discovery, which will fail for opc.https due to that bug.
You said you made the steps, but note that the step didn’t actually mention copying the https cert, just the CA cert that is used to sign it as that would be enough. But if you have the https cert already in the rejected, that would then cause it to fail then unless you move that out. And if you do not have the CA cert in the trusted certs, this would cause the validation fail as the certificate chain is incomplete (so the cert would be moved to rejected store).
P.S. Is there a reason why opc.tcp is not suitable?
13:37, EEST
September 24, 2019
Hi,
I have run Prosys OPC UA Server and Client in the same machine. But when I try to connect to server using the opc.tcp address is shows the following error:
Bad_ConnectionRejected (0x80AC0000) “Could not established a netowrk connection to remote server.
I have browse through the certificate directory and no certificate is there inside the rejected folder
I succeeded when I replaced the host name in the opc.tcp url with local IP address like – ocp.tcp://127.0.0.1:53530/OPCUA/SimulationServer
I have made the IP entry in the system32 host file and disabled my windows firewall and antivirus also but no success.
Can you please help me…..
Thank you in Advance….!!!
15:07, EEST
April 3, 2012
That error means that no-one responded “on the other side”, for opc.tcp certificates do not matter at this point yet in that case, because the raw socket connection needs to form first.
What does “hostname” in command prompt or powershell return? What does the ApplicationUri show within the Help->About window in the Prosys OPC UA Browser application look like? It should be urn:YOURHOSTNAMEHERE:ProsysOPC:UaBrowser
Additionally if you are running windows 10, make sure the server is binding to IPv6 addresses, as that is what Windows nowadays will resolve hostname to usually, which has caused all sorts of problems.
I guess one option is to check with https://www.prosysopc.com/blog/opc-ua-wireshark/ what is the IP the socket is tried to be opened (though you might need to use raw tcp filter instead of an opcua filter to see that).
8:42, EEST
September 24, 2019
Bjarne Boström said
That error means that no-one responded “on the other side”, for opc.tcp certificates do not matter at this point yet in that case, because the raw socket connection needs to form first.What does “hostname” in command prompt or powershell return? What does the ApplicationUri show within the Help->About window in the Prosys OPC UA Browser application look like? It should be urn:YOURHOSTNAMEHERE:ProsysOPC:UaBrowser
Additionally if you are running windows 10, make sure the server is binding to IPv6 addresses, as that is what Windows nowadays will resolve hostname to usually, which has caused all sorts of problems.
I guess one option is to check with https://www.prosysopc.com/blog/opc-ua-wireshark/ what is the IP the socket is tried to be opened (though you might need to use raw tcp filter instead of an opcua filter to see that).
Hi,
Thanks for your response.
I tried to get the host name in command prompt it return the given host name.
The Application Uri shows urn:YOURHOSTNAMEHERE:ProsysOPC:UaBrowser perfectly in about window of OPC UA Browser
The server is binding to IPv6 addresses
I have install the wireshark in applied the filter tcp.port == 53530 but received no activity on that port
I forgot to mention in the earlier post that I am using Windows Server 2016
10:13, EEST
April 3, 2012
With Wireshark, try to see the client-side socket opening e.g. https://osqa-ask.wireshark.org/questions/51519/filter-to-detect-start-of-tcp-connections. Unless like the entire socket opening part would fail somehow even before that it should be visible that way. Note that I assume you did select the correct network interface to capture on (and selected the options during install to allow capturing of loopback traffic). That is to say, you should check you can at least see any loopback or equivalent traffic without any filters. In addition if somehow the hostname resolution gives an IP that is not a loopback address, it could also be tried on basically any network interface (depending on the resolved address by java). So you might need to try it on all our network interfaces.
You could try also checking with https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat what addresses and ports the server managed to listen to.
Assuming at versions 4.x of the applications (or 5.0.0 for the Simulation Server would also do), check
(your home folder)\.prosysopc\prosys-opc-ua-browser\log (note the dot in the .prosysopc)
(your home folder)\.prosysopc\prosys-opc-ua-simulation-server\log (note the dot in the .prosysopc)
for any errors.
For the Browser, you could also try to change the logging from INFO level to DEBUG or TRACE. Then you will get a lot of logs (so they might rollover to the next file), but they might give some hints. Try searching for a string “Connecting” which should display the address before that (though it might also just be the hostname, as the resolution will happen inside the standard java library).
P.S.
Additionally, just to be sure, check that there is no underscore in your hostname. Though the error in that case should be different. (And as for why, underscores are not allowed in hostnames https://en.wikipedia.org/wiki/Hostname#Syntax). Though in general that only happens on some linux distros that allow any text string without any validation to be entered as the hostname, I’m quite certain windows installation would either not allow that or at least warn on it.
P.S.2.
If you are running any kind of virtualization software on the machine (e.g. virtualbox, vmware), it is possible that the hostname is resolving to the internal address that is desinged to Guest OS -> Host OS communication. In this case, you would also need to enter that to the C:\Windows\System32\drivers\etc hosts, if you are going that route. Though I think it should still work, as we should be also binding on that address on server start.
P.S.3.
While not maybe possible, but if you could get java to run on the machine, try “System.out.println(InetAddress.getLocalHost());”, that should give what we would get as the local loopback from java. In addition you might try InetAddress.getByName(“YOURHOSTHERE”) to see if it gives the same or different result, that is where we would try to connect based on the hostname (though java might not always resolve it, but at least on my machine it shows the same as the getLocalHost() and it has the form HOSTNAME/IP. However in practice this same info should be visible from the Browser/SimulationServer logs.
P.S.4.
I hope these help, otherwise I think I’m out of options and have to conclude that we can fix if there is anything to be fixed, but we would need to know what is the problem and is it in the OS configurations or in our applications (since we can only affect our applications).
15:58, EEST
September 24, 2019
Bjarne Boström said
With Wireshark, try to see the client-side socket opening e.g. https://osqa-ask.wireshark.org/questions/51519/filter-to-detect-start-of-tcp-connections. Unless like the entire socket opening part would fail somehow even before that it should be visible that way. Note that I assume you did select the correct network interface to capture on (and selected the options during install to allow capturing of loopback traffic). That is to say, you should check you can at least see any loopback or equivalent traffic without any filters. In addition if somehow the hostname resolution gives an IP that is not a loopback address, it could also be tried on basically any network interface (depending on the resolved address by java). So you might need to try it on all our network interfaces.You could try also checking with https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat what addresses and ports the server managed to listen to.
Assuming at versions 4.x of the applications (or 5.0.0 for the Simulation Server would also do), check
(your home folder)\.prosysopc\prosys-opc-ua-browser\log (note the dot in the .prosysopc)
(your home folder)\.prosysopc\prosys-opc-ua-simulation-server\log (note the dot in the .prosysopc)
for any errors.For the Browser, you could also try to change the logging from INFO level to DEBUG or TRACE. Then you will get a lot of logs (so they might rollover to the next file), but they might give some hints. Try searching for a string “Connecting” which should display the address before that (though it might also just be the hostname, as the resolution will happen inside the standard java library).
P.S.
Additionally, just to be sure, check that there is no underscore in your hostname. Though the error in that case should be different. (And as for why, underscores are not allowed in hostnames https://en.wikipedia.org/wiki/Hostname#Syntax). Though in general that only happens on some linux distros that allow any text string without any validation to be entered as the hostname, I’m quite certain windows installation would either not allow that or at least warn on it.P.S.2.
If you are running any kind of virtualization software on the machine (e.g. virtualbox, vmware), it is possible that the hostname is resolving to the internal address that is desinged to Guest OS -> Host OS communication. In this case, you would also need to enter that to the C:\Windows\System32\drivers\etc hosts, if you are going that route. Though I think it should still work, as we should be also binding on that address on server start.P.S.3.
While not maybe possible, but if you could get java to run on the machine, try “System.out.println(InetAddress.getLocalHost());”, that should give what we would get as the local loopback from java. In addition you might try InetAddress.getByName(“YOURHOSTHERE”) to see if it gives the same or different result, that is where we would try to connect based on the hostname (though java might not always resolve it, but at least on my machine it shows the same as the getLocalHost() and it has the form HOSTNAME/IP. However in practice this same info should be visible from the Browser/SimulationServer logs.P.S.4.
I hope these help, otherwise I think I’m out of options and have to conclude that we can fix if there is anything to be fixed, but we would need to know what is the problem and is it in the OS configurations or in our applications (since we can only affect our applications).
I have installed latest version of wireshark with npcap and checked the “install loopback adapter” option in it. I selected “Adapter for loopback traffic capture” and enter the filter as – tcp.flags.syn==1 && tcp.port==53530 in which I can see only 2 packets 1) Source Ip-127.0.0.1 port no-53531 to Destination IP-127.0.0.1 port no-53530 & 2) Source and Destination IP same but port no is reversed (source port-53530 and destination port-53531)
I tried netstat command only first 3 entry were bind to actual IP address with no entry of port 53530 in it.
The remaining entry were bind to 127.0.0.1 with the hostname where I found the entry of 53530 (127.0.0.1:53530 to HOSTNAME:53531 & 127.0.0.1:53531 to HOSTNAME:53530)
I have enabled DEBUG log in UA browser & server, in server the stated the it has binded to actual IP TCP/IP Socket bound to /:53530, while in browser log
server HOSTNAME/:53530 Connecting
server HOSTNAME/:53530 Connect Failed
java.net.ConnectException: Connection timed out: connect
PS – I have checked there is no _ in the hostname
PS2 – Yes I am running it on VMWARE on company domain. I have enter the following enter in the host file
COMPUTER NAME
127.0.0.1 COMPUTER NAME
I also tried and change the COMPUTER NAME to FULL COMPUTER NAME in the host file, when I did netstat after restart I couldn’t find the port 53530 neither in :port and in 127.0.0.1:port
When I did the above thing he ocp.tcp url in OPC UA Server had full name (with domain address) instead of computer name as in rest of the case, but shows the same error while I connect the browser. While in wireshark I obtain some packet with source port – 55341 and destination port – 52530 with message of TCP retransmission.
PS3 – Can you please explain a bit more since I am new to Java.
PS4 – It seems that I might be missing somethings in configuration since its VMware.
17:00, EEST
April 3, 2012
1)
Since you said “Yes I am running it on VMWARE on company domain. I have enter the following enter in the host file
COMPUTER NAME
127.0.0.1 COMPUTER NAME”:
Do you literally have a line “COMPUTERNAME” with just the machine name and nothing else in the hosts file? The format of the file should be like (the first line is a possible internal IP, see 3.):
192.168.56.1 HOSTNAME
127.0.0.1 HOSTNAME
::1 HOSTNAME
But if you instead just have a single line with just the name, it would be incorrect.
2)
Anyway based on the logs it would still seem we (as in from within java) cannot resolve the hostname. And as extra clarifications, it is what java does internally, i.e. it is upto OS settings to make it work.
You should have seen something like:
com.prosysopc.ua.stack.transport.tcp.io.d [] – HOSTNAME/IP_ADDRESS_NUMBERS:53530 Connecting
com.prosysopc.ua.stack.transport.tcp.io.d [] – HOSTNAME/IP_ADDRESS_NUMBERS:53530 Socket connected <– this one once it connected
But your log is missing the IP-address number part, that is somewhat weird as if it was just resolved to an empty string. Or if combined with 1. if you literally had just the the line without the IP number, maybe windows in this case gives an empty string as basically the hosts file is "replace this with this" and on a single line with just the name could mean replace hostname with emtpy address or something..
2)
Can you validate via the SimulationServer UI status view that it doesn’t complain about any errors for starting? At least once the server starting was blocked by another application taking up the same port number (and since our default is from the https://en.wikipedia.org/wiki/Ephemeral_port range it could have been used for basically anything, but usually those are more free than other ranges so they sort of serve as a good starting point).
3)
And note that with VMWare/Virtualbox I meant that does the machine running the applications itself server as a host to some quest OSes (not that would the machine itself be hosted one one), so that it would need to have a "private-network-IP-address", e.g. possibly something between 172.16.0.0 – 172.31.255.255 (but there are other ranges; if the machine’s real IP is e.g. something 10.x.x.x). Since that has happend sometimes to us.
4)
Due to installer improvements in 4.x line of the applications:
Open the UaBrowser.vmoptions file in the install folder (default would be C:\Program Files\ProsysOPC\Prosys OPC UA Browser) with a text editor (note that you most likely need to open that as admin if you used the default location). Add the following to the end on a new line:
-Djava.net.preferIPv4Stack=true
Then java should internally try to use IPv4 instead of 6. But note that if this resolves the issue, then it means that the hostname didn’t resolve to an address and it is basically upto the OS side to fix it.
5)
Try is try running the command "ping HOSTNAME" (with the hostname being the actual hostname), see what it will output. You might need to pass -4 or -6 as a flag to make it use IPv4 or IPv6 depending which one OS prefers by default.
9:40, EEST
September 24, 2019
Hi Bjarne,
I am extremely sorry, I don’t know how some point got missed in between the lines in the previous post since I have copy and pasted it from notepad++
PART A – This are observed in Windows Server 2016 installed on VMware.
1)
Yes I have entered the IP address and computer name in the HOST file, like for eg.
10.x.x.x SERVERTESTING
127.0.0.1 SERVERTESTING
2)
In browser log I can see the following
com.prosysopc.ua.stack.transport.tcp.io.d [] – HOSTNAME/IP_ADDRESS_NUMBERS:53530 Connecting
com.prosysopc.ua.stack.transport.tcp.io.d [] – HOSTNAME/IP_ADDRESS_NUMBERS:53530 Connect failed
java.net.ConnectException: Connection timed out: connect
In Server log there is no error it’s showing that server has started successfully, following are the lines that I get
com.prosysopc.ua.stack.transport.tcp.nio.f [] – TCP/IP Socket bound to /10.x.x.x:53530
com.prosysopc.ua.server.ap [] – Endpoint bound to: [127.0.0.1:53530, 10.x.x.x:53530] (there are other entries also in between the [] I have entered few only)
com.prosysopc.ua.app.simserver.simulation.i [] – Simulation started
com.prosysopc.ua.app.simserver.windows.MainWindow [] – Server started
com.prosysopc.fx.library.utility.ServerConnection [] – Resolving forward references to node: http://opcfoundation.org/UA/:84
3)
The VMware Static IP address is in the range of 10.x.x.x. (I’ll explain this might not be the problem in PART B, as you might be amazed to read PART B)
4)
Added the following line in the file UaBrowser.vmoptions
-Djava.net.preferIPv4Stack=true
But no success shows the same error in the browser log file.
5)
I tried running the command “ping HOSTNAME” without any flag and it was successful with a reply under 1 msec. I also tried with -4 & -6 flag and that was also successful with a replay under 1 msec.
PART B – Observed under a new Windows 2019 Server installed on VMware.
I have installed the same Prosys OPC UA server and browser which I have installed it in Server 2016.
The IP address of the 2019 server is 10.x.x.x which is in same range as of 2016 server.
I didn’t made any changes in the windows host file, I checked it which is similar to one that comes after OS installation (everything line commented).
After installation of Prosys server & browser I just copied and pasted the op.tcp url from Server and pasted it into client.
Everything was working fine and browser got connected to client.
11:11, EEST
April 3, 2012
Hmm interesting… I guess then I can call this sort of resolved, even though if you ever find out why it was failing with the 2016 machine it would nice to know. If you have time to spare, you could like try to setup a new 2016 machine from from scratch to see does it even happen then. If not you would have something to compare aganst to find any differences to the original machine.
11:21, EEST
September 24, 2019
Yes, sure if I can find any solution I would post it here.
I am also confused that why it is not working in 2016. Can you think of somethings where it might be stuck somewhere inside.
I’ll try if I can get a new server 2016 VMware fresh since this would be difficult to get in sort period of time.
Do you have any idea of software which can let me know that port activity with application name, since if Server is getting started at port 53530 then why client cannot connect to that port even if both are running on the same machine.
12:27, EEST
April 3, 2012
If I had to guess, doublecheck that the server did actually bind to the IPv6 ports and did the Browser try to resolve the hostname to such address (but note that I’m not sure how does the hosts file change this scenario). Because if server didn’t manage to bind there and Browser was trying to resolve it to that then that would be the error.
But in general, the tools and commands I have said in the posts of this thread, netstat (https://stackoverflow.com/questions/48198/how-can-you-find-out-which-process-is-listening-on-a-port-on-windows; that has also other tools/ways listed) and Wireshark (i.e. basically once you get a connection formed wireshark is “all you need”).
Anyway, at that this point since you managed to get it to work (even though on a different machine) I would have to say this is beyond our support by few orders of magnitudes already and thus is something you will need to do yourself, i.e. if you can show us there is something we should fix, we probably can do that within some timeperiod, but it is generally not part of even our commercial libs+applications that we would be doing debugging for you (but generally usually out of goodwill we do some parts of it anyway). We do however have a range of services that could cover those situations (https://www.prosysopc.com/services/). So basically it means it might take longer for an answer to happen on this thread (it is also vacation season here in Finland so there is that as well).
Most Users Ever Online: 1919
Currently Online:
40 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 735
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1521
Posts: 6442
Newest Members:
AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16, edgardo3518, JessevGool, briannestevenson, aracelymassina, wotikaModerators: Jouni Aro: 1025, Pyry: 1, Petri: 0, Bjarne Boström: 1024, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0
Administrators: admin: 1