Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Connection failure between SampleConsoleServer to SampleConsoleClient
November 2, 2016
18:41, EET
Avatar
karthi
Member
Members
Forum Posts: 16
Member Since:
November 2, 2016
sp_UserOfflineSmall Offline

Hii,

I am new to Java and OPC, i have some problem while connecting the SampleConsoleServer to SampleConsoleClient.
As i use the default URL address of the server =opc.tcp://localhost:52520/OPCUA/SampleConsoleServer.

After running my console i came up with this error which is below,

Connecting to opc.tcp://localhost:52520/OPCUA/SampleConsoleServer
Using SecurityPolicy http://opcfoundation.org/UA/Se…..ic128Rsa15
com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://karthik:52520/OPCUA/SampleConsoleServer [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt] ServiceResult=Bad_SecurityChecksFailed (0x80130000) “An error occurred verifying security.”
Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_SecurityChecksFailed (code=0x80130000, description=”Bad_SecurityChecksFailed (code=0x80130000, description=”An error occurred verifying security.”)”)

*** NOT connected to: opc.tcp://localhost:52520/OPCUA/SampleConsoleServer

I am looking for a help to proceed my work from here,

Best Regards
Karthi

November 3, 2016
9:39, EET
Avatar
Heikki Tahvanainen
Member
Members
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hello Karthick,

In OPC UA, the connection establishment between client and server applications is based on application instance certificates. When security mode is other than none, the client and server applications must trust each other’s certificates.

To put it shortly, move client certificate from PKI/CA/rejected to PKI/CA/certs directory in the server application.

For more explanation about the subject, see chapter “3.3 Validating Client Applications via Certificates” in the server tutorial and chapter “5.4 Validating Server Certificates” in the client tutorial. The tutorial documents are available in the doc-folder of the SDK.

November 3, 2016
13:40, EET
Avatar
karthi
Member
Members
Forum Posts: 16
Member Since:
November 2, 2016
sp_UserOfflineSmall Offline

Hello Heikki,

Thanks for the help, I did exactly what you said but i came up with some other error when i run my SampleConsoleServer.After moving the file from PKI/CA/rejected to PKI/CA/certs.

I have attached the error that i came up with could you look into that and tell me how to overcome the problem.

Exception in thread “main” com.prosysopc.ua.server.UaServerException: Failed to initialize server endpoint: opc.tcp://karthik.mshome.net:52520/OPCUA/SampleConsoleServer
at com.prosysopc.ua.server.UaServer.b(Unknown Source)
at com.prosysopc.ua.server.UaServer.start(Unknown Source)
at com.prosysopc.ua.samples.server.SampleConsoleServer.run(SampleConsoleServer.java:697)
at com.prosysopc.ua.samples.server.SampleConsoleServer.main(SampleConsoleServer.java:224)
Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_InternalError (code=0x80020000, description=”2147614720, Address already in use: bind”)
at org.opcfoundation.ua.transport.tcp.nio.OpcTcpServer.bind(Unknown Source)
at org.opcfoundation.ua.application.Server.bind(Unknown Source)
… 4 more
Caused by: java.net.BindException: Address already in use: bind
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Unknown Source)
at sun.nio.ch.Net.bind(Unknown Source)
at sun.nio.ch.ServerSocketChannelImpl.bind(Unknown Source)
at sun.nio.ch.ServerSocketAdaptor.bind(Unknown Source)
at org.opcfoundation.ua.utils.asyncsocket.ListenableServerSocketChannel.bind(Unknown Source)
at org.opcfoundation.ua.utils.asyncsocket.AsyncServerSocket.bind(Unknown Source)
… 6 more

November 3, 2016
14:26, EET
Avatar
Heikki Tahvanainen
Member
Members
Forum Posts: 402
Member Since:
April 17, 2013
sp_UserOfflineSmall Offline

Hi,

Thanks for the information. This time the error states that “Address already in use”. This most probably means that previous SampleConsoleServer instance is still running and occupying the tcp port 52520.

November 3, 2016
15:16, EET
Avatar
karthi
Member
Members
Forum Posts: 16
Member Since:
November 2, 2016
sp_UserOfflineSmall Offline

Hi,
Ya i looked into it and i stopped the previous samples and its working fine now, thanks for your helpSmile

March 16, 2017
14:06, EET
Avatar
nikith
Member
Members
Forum Posts: 4
Member Since:
March 16, 2017
sp_UserOfflineSmall Offline

karthi said
Hii,

I am new to Java and OPC, i have some problem while connecting the SampleConsoleServer to SampleConsoleClient.
As i use the default URL address of the server =opc.tcp://localhost:52520/OPCUA/SampleConsoleServer.

After running my console i came up with this error which is below,

Connecting to opc.tcp://localhost:52520/OPCUA/SampleConsoleServer
Using SecurityPolicy http://opcfoundation.org/UA/Se…..ic128Rsa15
com.prosysopc.ua.client.ConnectException: Failed to create secure channel to server: : opc.tcp://karthik:52520/OPCUA/SampleConsoleServer [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt] ServiceResult=Bad_SecurityChecksFailed (0x80130000) “An error occurred verifying security.”
Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_SecurityChecksFailed (code=0x80130000, description=”Bad_SecurityChecksFailed (code=0x80130000, description=”An error occurred verifying security.”)”)

*** NOT connected to: opc.tcp://localhost:52520/OPCUA/SampleConsoleServer

I am looking for a help to proceed my work from here,

Best Regards
Karthi  

Hi,

I am trying to work with opc ua as well and am unable to make the connection between the sampleclient and server. I have gone through this thread and see myself in a similar situation. I tried the step to move the certficates from PKI/CA/rejected to PKI/CA/certs but I see no certificates present in PKI/CA/rejected. the error message is as follows.

——
Connecting to opc.tcp://localhost:52520/OPCUA/SampleConsoleServer
03/15/2017 16:45:21.188 INFO Creating a new application certificate & private key
03/15/2017 16:45:22.197 INFO Created a new Certificate: O=Sample Organisation, CN=SampleConsoleClient@Nikith; ApplicationURI=urn:Nikith:OPCUA:SampleConsoleClient KeySize=2048
03/15/2017 16:45:22.996 INFO HTTPS certificate saved to PKI\CA\private\SampleConsoleClient@Nikith_https.der
03/15/2017 16:45:23.001 INFO HTTPS private key saved to PKI\CA\private\SampleConsoleClient@Nikith_https.pem
Using SecurityPolicy http://opcfoundation.org/UA/SecurityPolicy#None
com.prosysopc.ua.client.ConnectException: Failed to retrieve endpoints. The server is not available: opc.tcp://localhost:52520/OPCUA/SampleConsoleServer ServiceResult=Bad_ConnectionRejected (0x80AC0000) “Could not establish a network connection to remote server.”
Caused by: org.opcfoundation.ua.common.ServiceResultException: Bad_ConnectionRejected (code=0x80AC0000, description=”2158755840, Connection refused: connect”)

*** NOT connected to: opc.tcp://localhost:52520/OPCUA/SampleConsoleServer
——–

kindly help me in this regard as I am only beginning to learn the server client connection.

Best Regards,
Nikith

March 17, 2017
14:44, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

Bad_ConnectionRejected means that the SampleConsoleServer is not available. Make sure that it is running, when you connect.

March 21, 2017
16:50, EET
Avatar
nikith
Member
Members
Forum Posts: 4
Member Since:
March 16, 2017
sp_UserOfflineSmall Offline

Jouni Aro said
Bad_ConnectionRejected means that the SampleConsoleServer is not available. Make sure that it is running, when you connect.  

Hi Juoni,

Thank you for the effective response. However I now have a similar issue with the discovery server. the warning/error is as follows,

—————

03/21/2017 15:37:13.595 WARN Could not register server (offline) to Discovery Server at opc.tcp://localhost:4840 Cause: Failed to create secure channel to server: : opc.tcp://Nikith:4840 [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt]
.
.
.
.
03/21/2017 15:37:15.093 WARN Could not register server (online) to Discovery Server at opc.tcp://localhost:4840 Cause: Failed to create secure channel to server: : opc.tcp://Nikith:4840 [http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15,SignAndEncrypt]

—————

I looked up a similar issue in the forum where the solution was suggested by installing an LDS. The link is : https://opcfoundation.org/developer-tools/developer-kits-unified-architecture/local-discovery-server-lds/
I performed the installation but could not find the folders (from the installed LDS) to update the certificates from ‘rejected’ to the trusted ‘certs’. Kindly advice on this issue.

As Always, thank you for the quick response.

Regards,
Nikith

March 22, 2017
11:32, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

The LDS is an optional component, but may help the client applications to find your server.

For the LDS certificate store, please look at ‘C:\ProgramData\OPC Foundation\UA\Discovery\pki\’ (Note that C:\ProgramData is a hidden directory)

March 22, 2017
12:06, EET
Avatar
nikith
Member
Members
Forum Posts: 4
Member Since:
March 16, 2017
sp_UserOfflineSmall Offline

Jouni Aro said
The LDS is an optional component, but may help the client applications to find your server.

For the LDS certificate store, please look at ‘C:\ProgramData\OPC Foundation\UA\Discovery\pki\’ (Note that C:\ProgramData is a hidden directory)  

yes you were right 🙂 Also with the fact that an LDS is optional. Everything was up and running last night but when i try to run the sampleconsoleserver today I have issues with the certificates again. Not sure if I have to tackle this each time i run the server or just once. the error is as follows. your inputs are valuable to me and helps immensely with my project. thanks

——–

03/22/2017 10:55:51.379 INFO File ‘PKI\CA\certs\ProsysSampleCA.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.418 INFO File ‘PKI\CA\certs\SampleConsoleClient@Nikith.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.420 INFO File ‘PKI\CA\certs\SampleConsoleClient@Nikith_https.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.424 INFO File ‘PKI\CA\certs\SampleConsoleServer@Nikith.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:55:51.426 INFO File ‘PKI\CA\certs\SampleConsoleServer@Nikith_https.pem’ is not a valid certificate: Could not parse certificate: java.io.IOException: Illegal footer: -Type: 4,ENCRYPTED
03/22/2017 10:56:05.592 INFO Issuer certificate loaded from PKI\CA\private\ProsysSampleCA.der
03/22/2017 10:56:07.034 INFO Issuer private key loaded from PKI\CA\private\ProsysSampleCA.pem
03/22/2017 10:56:07.037 INFO Reading application certificate from C:\Users\Nikith\Downloads\uasdkjavabundle-bin-EVAL-windows-jre16-v2.2.4-674\PKI\CA\private\SampleConsoleServer@Nikith.der
03/22/2017 10:56:07.039 INFO Reading private key from keystore C:\Users\Nikith\Downloads\uasdkjavabundle-bin-EVAL-windows-jre16-v2.2.4-674\PKI\CA\private\SampleConsoleServer@Nikith.pem
03/22/2017 10:56:07.047 INFO HTTPS certificate loaded from PKI\CA\private\SampleConsoleServer@Nikith_https.der
03/22/2017 10:56:07.051 INFO HTTPS private key loaded from PKI\CA\private\SampleConsoleServer@Nikith_https.pem
03/22/2017 10:56:07.318 INFO Loading model from jar:file:/C:/Users/Nikith/Downloads/uasdkjavabundle-bin-EVAL-windows-jre16-v2.2.4-674/Prosys-OPC-UA-Java-SDK-Client-Server-Evaluation-2.2.4-674/lib/Prosys-OPC-UA-Java-SDK-Client-Server-Evaluation-2.2.4-674.jar!/com/prosysopc/ua/server/Opc.Ua.NodeSet2.xml
03/22/2017 10:56:12.346 INFO Using an alternate endpoint URL ‘opc.tcp://Nikith:4840’ instead of the requested ‘opc.tcp://localhost:4840’

—————

March 22, 2017
19:17, EET
Avatar
Jouni Aro
Moderator
Moderators
Forum Posts: 1026
Member Since:
December 21, 2011
sp_UserOfflineSmall Offline

‘.pem’ files are private keys and should not be in the ‘certs’ folder.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
25 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 730

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

HypromeImpupe, toneylapham544, rondawolinski7, Marypof5711, roycedelargie91, kourtneyquisenbe, ellis87832073466, zkxwilliemae, gabriellabachus, Deakin

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1