Bjarne Boström said
Hi,

Generally speaking, do not revive these old threads.

Currently you will need to copy the CA cert “SimulationServerCA.der” from “user.home”\.prosysopc\prosys-opc-ua-simulation-server\PKI\CA\private to “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA\certs. Additionally just in case you might want to clear “user.home”\.prosysopc\prosys-opc-ua-browser\PKI\CA
ejected (the actual https cert would go there if the CA cert is not present).

NOTE! These instructions only apply to Prosys OPC UA Simulation Server 4.x and Prosys OPC UA Browser 4.x (it was renamed from Client for 4.x). These use 4.x for our OPC UA SDK for Java, which fixed some opc.https issues (https://downloads.prosysopc.com/opcua/Prosys_OPC_UA_SDK_for_Java_4_Release_Notes.html#version-4-0-0) and it should now be according to the specification. The changes are also currently not backwards-compatible so you need update both.

Generally speaking there is almost close to zero practical reasons to use opc.https instead of opc.tcp, but if you must, check that the versions are the above mentioned 4.x. Additionally it should be noted that most UA servers usually do not support opc.https, or so so poorly.

Note that it would seem the UA Browser has a bug, assuming you did everything correctly, it will work, but on error you would see a Select Server dialog with no entries.  

I did the above steps but in some machine, I found that even after copying the https certificate to the browser certificate folder it doesn’t get connected.
It shows bad security checked failed, “No Https security policies defined.”
The above error is also generated when a remote client is trying to connect the remote server. The certificated which I have added in the browser certs is moved to the rejected folder.

Hi,

I have run Prosys OPC UA Server and Client in the same machine. But when I try to connect to server using the opc.tcp address is shows the following error:
Bad_ConnectionRejected (0x80AC0000) “Could not established a netowrk connection to remote server.
I have browse through the certificate directory and no certificate is there inside the rejected folder
I succeeded when I replaced the host name in the opc.tcp url with local IP address like – ocp.tcp://127.0.0.1:53530/OPCUA/SimulationServer
I have made the IP entry in the system32 host file and disabled my windows firewall and antivirus also but no success.
Can you please help me…..
Thank you in Advance….!!!

Bjarne Boström said
That error means that no-one responded “on the other side”, for opc.tcp certificates do not matter at this point yet in that case, because the raw socket connection needs to form first.

What does “hostname” in command prompt or powershell return? What does the ApplicationUri show within the Help->About window in the Prosys OPC UA Browser application look like? It should be urn:YOURHOSTNAMEHERE:ProsysOPC:UaBrowser

Additionally if you are running windows 10, make sure the server is binding to IPv6 addresses, as that is what Windows nowadays will resolve hostname to usually, which has caused all sorts of problems.

I guess one option is to check with https://www.prosysopc.com/blog/opc-ua-wireshark/ what is the IP the socket is tried to be opened (though you might need to use raw tcp filter instead of an opcua filter to see that).  

Hi,
Thanks for your response.
I tried to get the host name in command prompt it return the given host name.
The Application Uri shows urn:YOURHOSTNAMEHERE:ProsysOPC:UaBrowser perfectly in about window of OPC UA Browser
The server is binding to IPv6 addresses
I have install the wireshark in applied the filter tcp.port == 53530 but received no activity on that port

I forgot to mention in the earlier post that I am using Windows Server 2016

Bjarne Boström said
With Wireshark, try to see the client-side socket opening e.g. https://osqa-ask.wireshark.org/questions/51519/filter-to-detect-start-of-tcp-connections. Unless like the entire socket opening part would fail somehow even before that it should be visible that way. Note that I assume you did select the correct network interface to capture on (and selected the options during install to allow capturing of loopback traffic). That is to say, you should check you can at least see any loopback or equivalent traffic without any filters. In addition if somehow the hostname resolution gives an IP that is not a loopback address, it could also be tried on basically any network interface (depending on the resolved address by java). So you might need to try it on all our network interfaces.

You could try also checking with https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat what addresses and ports the server managed to listen to.

Assuming at versions 4.x of the applications (or 5.0.0 for the Simulation Server would also do), check
(your home folder)\.prosysopc\prosys-opc-ua-browser\log (note the dot in the .prosysopc)
(your home folder)\.prosysopc\prosys-opc-ua-simulation-server\log (note the dot in the .prosysopc)
for any errors.

For the Browser, you could also try to change the logging from INFO level to DEBUG or TRACE. Then you will get a lot of logs (so they might rollover to the next file), but they might give some hints. Try searching for a string “Connecting” which should display the address before that (though it might also just be the hostname, as the resolution will happen inside the standard java library).

P.S.
Additionally, just to be sure, check that there is no underscore in your hostname. Though the error in that case should be different. (And as for why, underscores are not allowed in hostnames https://en.wikipedia.org/wiki/Hostname#Syntax). Though in general that only happens on some linux distros that allow any text string without any validation to be entered as the hostname, I’m quite certain windows installation would either not allow that or at least warn on it.

P.S.2.
If you are running any kind of virtualization software on the machine (e.g. virtualbox, vmware), it is possible that the hostname is resolving to the internal address that is desinged to Guest OS -> Host OS communication. In this case, you would also need to enter that to the C:\Windows\System32\drivers\etc hosts, if you are going that route. Though I think it should still work, as we should be also binding on that address on server start.

P.S.3.
While not maybe possible, but if you could get java to run on the machine, try “System.out.println(InetAddress.getLocalHost());”, that should give what we would get as the local loopback from java. In addition you might try InetAddress.getByName(“YOURHOSTHERE”) to see if it gives the same or different result, that is where we would try to connect based on the hostname (though java might not always resolve it, but at least on my machine it shows the same as the getLocalHost() and it has the form HOSTNAME/IP. However in practice this same info should be visible from the Browser/SimulationServer logs.

P.S.4.
I hope these help, otherwise I think I’m out of options and have to conclude that we can fix if there is anything to be fixed, but we would need to know what is the problem and is it in the OS configurations or in our applications (since we can only affect our applications).  

I have installed latest version of wireshark with npcap and checked the “install loopback adapter” option in it. I selected “Adapter for loopback traffic capture” and enter the filter as – tcp.flags.syn==1 && tcp.port==53530 in which I can see only 2 packets 1) Source Ip-127.0.0.1 port no-53531 to Destination IP-127.0.0.1 port no-53530 & 2) Source and Destination IP same but port no is reversed (source port-53530 and destination port-53531)

I tried netstat command only first 3 entry were bind to actual IP address with no entry of port 53530 in it.
The remaining entry were bind to 127.0.0.1 with the hostname where I found the entry of 53530 (127.0.0.1:53530 to HOSTNAME:53531 & 127.0.0.1:53531 to HOSTNAME:53530)

I have enabled DEBUG log in UA browser & server, in server the stated the it has binded to actual IP TCP/IP Socket bound to /:53530, while in browser log
server HOSTNAME/:53530 Connecting
server HOSTNAME/:53530 Connect Failed
java.net.ConnectException: Connection timed out: connect

PS – I have checked there is no _ in the hostname
PS2 – Yes I am running it on VMWARE on company domain. I have enter the following enter in the host file
COMPUTER NAME
127.0.0.1 COMPUTER NAME
I also tried and change the COMPUTER NAME to FULL COMPUTER NAME in the host file, when I did netstat after restart I couldn’t find the port 53530 neither in :port and in 127.0.0.1:port
When I did the above thing he ocp.tcp url in OPC UA Server had full name (with domain address) instead of computer name as in rest of the case, but shows the same error while I connect the browser. While in wireshark I obtain some packet with source port – 55341 and destination port – 52530 with message of TCP retransmission.
PS3 – Can you please explain a bit more since I am new to Java.
PS4 – It seems that I might be missing somethings in configuration since its VMware.

Hi Bjarne,

I am extremely sorry, I don’t know how some point got missed in between the lines in the previous post since I have copy and pasted it from notepad++
PART A – This are observed in Windows Server 2016 installed on VMware.
1)
Yes I have entered the IP address and computer name in the HOST file, like for eg.
10.x.x.x SERVERTESTING
127.0.0.1 SERVERTESTING

2)
In browser log I can see the following
com.prosysopc.ua.stack.transport.tcp.io.d [] – HOSTNAME/IP_ADDRESS_NUMBERS:53530 Connecting
com.prosysopc.ua.stack.transport.tcp.io.d [] – HOSTNAME/IP_ADDRESS_NUMBERS:53530 Connect failed
java.net.ConnectException: Connection timed out: connect

In Server log there is no error it’s showing that server has started successfully, following are the lines that I get
com.prosysopc.ua.stack.transport.tcp.nio.f [] – TCP/IP Socket bound to /10.x.x.x:53530
com.prosysopc.ua.server.ap [] – Endpoint bound to: [127.0.0.1:53530, 10.x.x.x:53530] (there are other entries also in between the [] I have entered few only)
com.prosysopc.ua.app.simserver.simulation.i [] – Simulation started
com.prosysopc.ua.app.simserver.windows.MainWindow [] – Server started
com.prosysopc.fx.library.utility.ServerConnection [] – Resolving forward references to node: http://opcfoundation.org/UA/:84

3)
The VMware Static IP address is in the range of 10.x.x.x. (I’ll explain this might not be the problem in PART B, as you might be amazed to read PART B)

4)
Added the following line in the file UaBrowser.vmoptions
-Djava.net.preferIPv4Stack=true
But no success shows the same error in the browser log file.

5)
I tried running the command “ping HOSTNAME” without any flag and it was successful with a reply under 1 msec. I also tried with -4 & -6 flag and that was also successful with a replay under 1 msec.

PART B – Observed under a new Windows 2019 Server installed on VMware.
I have installed the same Prosys OPC UA server and browser which I have installed it in Server 2016.
The IP address of the 2019 server is 10.x.x.x which is in same range as of 2016 server.
I didn’t made any changes in the windows host file, I checked it which is similar to one that comes after OS installation (everything line commented).
After installation of Prosys server & browser I just copied and pasted the op.tcp url from Server and pasted it into client.
Everything was working fine and browser got connected to client.

Yes, sure if I can find any solution I would post it here.
I am also confused that why it is not working in 2016. Can you think of somethings where it might be stuck somewhere inside.
I’ll try if I can get a new server 2016 VMware fresh since this would be difficult to get in sort period of time.
Do you have any idea of software which can let me know that port activity with application name, since if Server is getting started at port 53530 then why client cannot connect to that port even if both are running on the same machine.