Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Cannot connect to OPC UA Server
May 1, 2018
5:34, EET
Avatar
minhkhanh113
Member
Members
Forum Posts: 3
Member Since:
May 1, 2018
sp_UserOfflineSmall Offline

Dear experts,
I create an OPC UA Server using Prosys UA Server Simulation. When I test with WinCC, It works fine. But when I try to access my server using Prosys UA Client, it says that “Couldn’t connect to the server”. My server is none security and no user name as well as password. I also set these properties in UA Client. Please help me know why this happened. Thank you so much

May 2, 2018
13:15, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

Are the Prosys OPC UA Client and Prosys OPC UA Simulation Server running on the same computer or on different computers? Are you using the ip-address of the target computer to connect? If you try pinging the server computer from the client computer, does it respond to ping messages?

May 3, 2018
4:02, EET
Avatar
minhkhanh113
Member
Members
Forum Posts: 3
Member Since:
May 1, 2018
sp_UserOfflineSmall Offline

Hi Heikki,
I run Prosys OPC UA Client and Prosys OPC UA Simulation Server on the same computer. It still does not work

May 3, 2018
10:40, EET
Avatar
Heikki Tahvanainen
Moderator
Members

Moderators
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

Is the Prosys OPC UA Simulation Server listening on the standard connection address opc.tcp://hostname:53530/OPCUA/SimulationServer ? Or have you changed the connection settings?

When configuring the Prosys OPC UA Client, you only need to copy-paste this connection address to the address bar. You don’t need to do any additional settings if you’re using security mode none and user identity anonymous.

June 14, 2018
11:30, EET
Avatar
minhkhanh113
Member
Members
Forum Posts: 3
Member Since:
May 1, 2018
sp_UserOfflineSmall Offline

Dear Heikki,
I make sure that I don’t change anything except copy and pass server url. When I try with Prosys Modbus Server, it doesn’t work again. WinCC is OK. Please help me to solve it.
My screenshot: https://drive.google.com/file/d/1yqH32SLmbGrhD48dN0d9_fyhGMcw3o0k/view?usp=sharing

November 4, 2019
13:08, EET
Avatar
Viral
Member
Members
Forum Posts: 5
Member Since:
September 24, 2019
sp_UserOfflineSmall Offline

Hi,
I am trying to connect the prosys OPC UA server to prosys OPC UA client on the same machine.
When I try to connect both via UA TCP address client is getting connected, but when I try the same using UA HTTPS is “Cannot discover server application from…”.
Can you please help me with the problem?

November 4, 2019
14:14, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 422
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Generally speaking, do not revive these old threads.

Currently you will need to copy the CA cert “SimulationServerCA.der” from “user.home”\.prosysopc\prosys-opc-ua-simulation-server\PKI\CA\private to “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA\certs. Additionally just in case you might want to clear “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA
ejected (the actual https cert would go there if the CA cert is not present).

NOTE! These instructions only apply to Prosys OPC UA Simulation Server 4.x and Prosys OPC UA Browser 4.x (it was renamed from Client for 4.x). These use 4.x for our OPC UA SDK for Java, which fixed some opc.https issues (https://downloads.prosysopc.com/opcua/Prosys_OPC_UA_SDK_for_Java_4_Release_Notes.html#version-4-0-0) and it should now be according to the specification. The changes are also currently not backwards-compatible so you need update both.

Generally speaking there is almost close to zero practical reasons to use opc.https instead of opc.tcp, but if you must, check that the versions are the above mentioned 4.x. Additionally it should be noted that most UA servers usually do not support opc.https, or so so poorly.

Note that it would seem the UA Browser has a bug, assuming you did everything correctly, it will work, but on error you would see a Select Server dialog with no entries.

November 5, 2019
6:53, EET
Avatar
Viral
Member
Members
Forum Posts: 5
Member Since:
September 24, 2019
sp_UserOfflineSmall Offline

So sorry to reinvoked the closed thread.
There answer solution had to be highlighted or should be at first rather than searching in the entire thread like GitHub.

I have done the above-mentioned steps on the local with server and client both on the same machine, the connection was successful.Smile

But in some machine when I am trying to connect the server and client on a different machine, it shows server select popup window and no content in the table.
I have disabled my windows firewall for all domains. This is faced by me using new server v4.0.2 & browser v4.0.0

Thank you for your prompt response and help much appreciated.Cool

November 7, 2019
6:13, EET
Avatar
Viral
Member
Members
Forum Posts: 5
Member Since:
September 24, 2019
sp_UserOfflineSmall Offline

Bjarne Boström said
Hi,

Generally speaking, do not revive these old threads.

Currently you will need to copy the CA cert “SimulationServerCA.der” from “user.home”\.prosysopc\prosys-opc-ua-simulation-server\PKI\CA\private to “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA\certs. Additionally just in case you might want to clear “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA
ejected (the actual https cert would go there if the CA cert is not present).

NOTE! These instructions only apply to Prosys OPC UA Simulation Server 4.x and Prosys OPC UA Browser 4.x (it was renamed from Client for 4.x). These use 4.x for our OPC UA SDK for Java, which fixed some opc.https issues (https://downloads.prosysopc.com/opcua/Prosys_OPC_UA_SDK_for_Java_4_Release_Notes.html#version-4-0-0) and it should now be according to the specification. The changes are also currently not backwards-compatible so you need update both.

Generally speaking there is almost close to zero practical reasons to use opc.https instead of opc.tcp, but if you must, check that the versions are the above mentioned 4.x. Additionally it should be noted that most UA servers usually do not support opc.https, or so so poorly.

Note that it would seem the UA Browser has a bug, assuming you did everything correctly, it will work, but on error you would see a Select Server dialog with no entries.  

I did the above steps but in some machine, I found that even after copying the https certificate to the browser certificate folder it doesn’t get connected.
It shows bad security checked failed, “No Https security policies defined.”
The above error is also generated when a remote client is trying to connect the remote server. The certificated which I have added in the browser certs is moved to the rejected folder.

November 8, 2019
13:23, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 422
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

The select server popup being empty would be the bug I mentioned (you would see the “No HttpsSecurityPolicies defined” in the logs). Note that due to that it will show up if anything at all goes wrong while trying to use opc.https, including e.g. the possibility that your DNS cannot convert hostnames to IP addresses, which would cause remote connections to fail. The reason is that if normal connection fail we try to do UA Discovery, which will fail for opc.https due to that bug.

You said you made the steps, but note that the step didn’t actually mention copying the https cert, just the CA cert that is used to sign it as that would be enough. But if you have the https cert already in the rejected, that would then cause it to fail then unless you move that out. And if you do not have the CA cert in the trusted certs, this would cause the validation fail as the certificate chain is incomplete (so the cert would be moved to rejected store).

P.S. Is there a reason why opc.tcp is not suitable?

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 119

Currently Online:
16 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 91

pramanj: 86

ibrahim: 68

kapsl: 57

gjevremovic: 49

TimK: 41

Fransua33: 39

fred: 36

Rainer Versteeg: 32

peterrob45: 25

Member Stats:

Guest Posters: 0

Members: 897

Moderators: 12

Admins: 1

Forum Stats:

Groups: 3

Forums: 14

Topics: 898

Posts: 3787

Newest Members:

thojermaine, Lukas, lbtsheldon, dpto.informatica, nolazky8119, peter.jakubik, amaralesbeltateresa@yahoo.com, amaralesbeltateresa@gmail.com, esbeltateresaamaral@yahoo.com.br, doanphan111

Moderators: Jouni Aro: 833, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 422, Heikki Tahvanainen: 402, Jukka Asikainen: 1, Teppo Uimonen: 16, Markus Johansson: 1

Administrators: admin: 0