Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
could not connect to opc ua server (4.6.2-1636)
December 23, 2021
9:43, EET
Avatar
Hendrik Ulbrich
Member
Members
Forum Posts: 14
Member Since:
June 27, 2018
sp_UserOfflineSmall Offline

Hello!

We are using the evaluation libs for the server:

com.prosysopc.ua
prosys-opc-ua-sdk-evaluation
4.6.2-1636

Maybe you can help me with this problem:

When I run the opc ua server locally then everything works fine.
When I run the opc ua server on our server machine, i can not connect to server (“could not connect to server: BadCommunicationError”).

I see the connect in the logs – no firewall problems:
[OPC-UA-Stack-Non-Blocking-Work-Executor-1] INFO com.prosysopc.ua.stack.transport.tcp.nio.OpcTcpServer – OpcTcpServer(opc.tcp(/10.181.202.181:4840, (opc.tcp://degttanb.de.m.net:4840/OPCUA/TOPCServer [[http://opcfoundation.org/UA/SecurityPolicy#None,None]])(opc.tcp://degttanb.de.m.net:4840 [[http://opcfoundation.org/UA/SecurityPolicy#None,None]]))): /10.159.160.155:54769 connected

But after this nothing happens. No Error/Fatal Log or something else.

When I connect to the local-running it looks like this:
[OPC-UA-Stack-Non-Blocking-Work-Executor-6] INFO com.prosysopc.ua.stack.transport.tcp.nio.OpcTcpServer – OpcTcpServer(opc.tcp(/127.0.0.1:52520, (opc.tcp://DEGTL11644.de.m.net:52520/OPCUA/TOPCServer [[http://opcfoundation.org/UA/SecurityPolicy#None,None]])(opc.tcp://DEGTL11644.de.m.net:52520 [[http://opcfoundation.org/UA/SecurityPolicy#None,None]]))): /127.0.0.1:54912 connected
[OPC-UA-Stack-Blocking-Work-Executor-14] INFO com.prosysopc.ua.stack.transport.tcp.nio.OpcTcpServerSecureChannel – SecureChannel opened; SecurityToken(Id=1, secureChannelId=4, creationTime=23.12.2021 08:24:46, lifetime=3600000)
[OPC-UA-Stack-Blocking-Work-Executor-15] INFO com.prosysopc.ua.server.SessionManager – Session created: (ID=ns=1;g=59778b4c-79e1-4863-b8b1-bde1376c1a2a Token=b=l8GbslQJ6me5NzVYIoVAyp3/E0NYh2rpoJeK/Y0P8CY= Channel=(SecureChannelId=4 State=Open URL=opc.tcp://127.0.0.1:52520/OPCUA/TOPCServer SecurityPolicy=http://opcfoundation.org/UA/SecurityPolicy#None RemoteAddress=/127.0.0.1:54912))
2021-12-23 08:24:47,235 INFO a.a.TUserValidator [OPC-UA-Stack-Blocking-Work-Executor-17] onValidate: userIdentity=Type=UserName – t
[OPC-UA-Stack-Blocking-Work-Executor-17] INFO com.prosysopc.ua.server.SessionManager – Session activated: (ID=ns=1;g=59778b4c-79e1-4863-b8b1-bde1376c1a2a Token=b=l8GbslQJ6me5NzVYIoVAyp3/E0NYh2rpoJeK/Y0P8CY= Channel=(SecureChannelId=4 State=Open URL=opc.tcp://127.0.0.1:52520/OPCUA/TOPCServer SecurityPolicy=http://opcfoundation.org/UA/SecurityPolicy#None RemoteAddress=/127.0.0.1:54912))

I have taken the example of the simpleconsoleserver and modified it:

– disabled ipv6
– fix bind of one address
– disabling https

Here the code example:

package apis.apiOpcServer;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.util.HashSet;
import java.util.Set;

import org.apache.logging.log4j.LogManager;

import com.prosysopc.ua.ApplicationIdentity;
import com.prosysopc.ua.SecureIdentityException;
import com.prosysopc.ua.StatusException;
import com.prosysopc.ua.UaApplication.Protocol;
import com.prosysopc.ua.UserTokenPolicies;
import com.prosysopc.ua.server.UaInstantiationException;
import com.prosysopc.ua.server.UaServer;
import com.prosysopc.ua.server.UaServerException;
import com.prosysopc.ua.stack.builtintypes.LocalizedText;
import com.prosysopc.ua.stack.builtintypes.UnsignedShort;
import com.prosysopc.ua.stack.cert.PkiDirectoryCertificateStore;
import com.prosysopc.ua.stack.core.ApplicationDescription;
import com.prosysopc.ua.stack.core.ApplicationType;
import com.prosysopc.ua.stack.core.EndpointDescription;
import com.prosysopc.ua.stack.core.MessageSecurityMode;
import com.prosysopc.ua.stack.transport.security.SecurityMode;
import com.prosysopc.ua.stack.transport.security.SecurityPolicy;
import com.prosysopc.ua.types.opcua.server.BuildInfoTypeNode;
import com.prosysopc.ua.types.opcua.server.ServerCapabilitiesTypeNode;

public class TOpcServer {
protected static int certKeySize = 2048;
protected static String APP_NAME = “TOPCServer”;
// protected static String discoveryServerUrl = “opc.tcp://localhost:4840”;
protected static int port = OpcServerConfig.GATEWAY_OPC_PORT;

protected TNodeManager tNodeManager;
protected NMListener nodeManagerListener = new NMListener();
protected UaServer server;
protected TUserValidator tUserValidator;

public TOpcServer() {
try {
this.start();
} catch (Exception e) {
LogManager.getLogger(getClass()).fatal(“TOpcServer Exception = ” + e.getMessage());
}
}

/**
*
* @throws Exception
*/
public void start() throws Exception {
// Initialize the server
initialize(port, APP_NAME);

// Create the address space
createAddressSpace();

// TCP Buffer size parameters – this may help with high traffic
// situations.
// See http://fasterdata.es.net/host-tuning/background/ for some hints
// how to use it
// UATcpServer.setReceiveBufferSize(700000);

// Start the server, when you have finished your own initializations
// This will allow connections from the clients
// Start up the server
run();
}

public UaServer getServer() {
return server;
}

/**
* PrintConnectionAddresses
*/
private void printConnectionAddresses() {
// Prints connection address that clients can use.
// NOTE! if multiple SecurityModes are supported, each will have their own EndpointDescription
LogManager.getLogger(getClass()).info(“Server started with connection addresses:”);
EndpointDescription prev = null;
for (EndpointDescription ed : server.getEndpoints()) {
if (prev == null || ed.getEndpointUrl() != prev.getEndpointUrl()) {
LogManager.getLogger(getClass()).info(ed.getEndpointUrl());
prev = ed;
}
}
}

/**
*
* @throws StatusException
* @throws UaInstantiationException
*/
protected void createAddressSpace() throws StatusException, UaInstantiationException {
// My Node Manager
tNodeManager = new TNodeManager(server, TNodeManager.NAMESPACE);
tNodeManager.addListener(nodeManagerListener);

// My I/O Manager Listener
tNodeManager.getIoManager().addListeners(new IoMListener());

LogManager.getLogger(getClass()).info(“Address space created.”);
}

/**
* Initialize the information to the Server BuildInfo structure.
*/
protected void initBuildInfo() {
// Initialize BuildInfo – using the version info from the SDK
// You should replace this with your own build information

final BuildInfoTypeNode buildInfo =
server.getNodeManagerRoot().getServerData().getServerStatusNode().getBuildInfoNode();

buildInfo.setProductName(“TProductName”);
buildInfo.setManufacturerName(“TManufacturerName”);
buildInfo.setSoftwareVersion(“TSoftwareVersion”);
buildInfo.setBuildNumber(“TBuildNumber”);
//buildInfo.setBuildDate(new DateTime(c));
}

/**
*
* @param port
* @param applicationName
* @throws SecureIdentityException
* @throws IOException
* @throws UaServerException
*/
protected void initialize(int port, String applicationName)
throws SecureIdentityException, IOException, UaServerException {

// *** Create the server
server = new UaServer();
server.setEnableIPv6(false);

// Use PKI files to keep track of the trusted and rejected client
// certificates…

final PkiDirectoryCertificateStore applicationCertificateStore = new PkiDirectoryCertificateStore(“PKI/CA”);
// final PkiDirectoryCertificateStore applicationIssuerCertificateStore =
// new PkiDirectoryCertificateStore(“PKI/CA/issuers”);
// final DefaultCertificateValidator applicationCertificateValidator =
// new DefaultCertificateValidator(applicationCertificateStore, applicationIssuerCertificateStore);

// server.setCertificateValidator(applicationCertificateValidator);
// // …and react to validation results with a custom handler
// applicationCertificateValidator.setValidationListener(validationListener);

// // Handle user certificates
// final PkiDirectoryCertificateStore userCertificateStore = new PkiDirectoryCertificateStore(“USERS_PKI/CA”);
// final PkiDirectoryCertificateStore userIssuerCertificateStore =
// new PkiDirectoryCertificateStore(“USERS_PKI/CA/issuers”);

// final DefaultCertificateValidator userCertificateValidator =
// new DefaultCertificateValidator(userCertificateStore, userIssuerCertificateStore);

tUserValidator = new TUserValidator();
// // …and react to validation results with a custom handler
// userCertificateValidator.setValidationListener(userCertificateValidationListener);

// *** Application Description is sent to the clients
ApplicationDescription appDescription = new ApplicationDescription();
// ‘localhost’ (all lower case) in the ApplicationName and
// ApplicationURI is converted to the actual host name of the computer
// (including the possible domain part) in which the application is run.
// (as available from ApplicationIdentity.getActualHostName())
// ‘hostname’ is converted to the host name without the domain part.
// (as available from
// ApplicationIdentity.getActualHostNameWithoutDomain())
appDescription.setApplicationName(new LocalizedText(applicationName + “@hostname”));
appDescription.setApplicationUri(“urn:hostname:OPCUA:” + applicationName);
appDescription.setProductUri(“urn:com.miele.t:OPCUA:” + applicationName);
appDescription.setApplicationType(ApplicationType.Server);

// *** Server Endpoints
// TCP Port number for the UA TCP protocol
server.setPort(Protocol.OpcTcp, port);

// optional server name part of the URI (default for all protocols)
server.setServerName(“OPCUA/” + applicationName);

// Optionally restrict the InetAddresses to which the server is bound.
// You may also specify the addresses for each Protocol.

// The default is binding to IPv6 wildcard ‘[::]’ when isEnableIPv6 is true
// or to IPv4 wildcard ‘0.0.0.0’ otherwise.

// Alternatively, the Server can be bound to all available InetAddresses.
// isEnableIPv6 defines whether IPv6 address should be included in the bound addresses.
// Note that it requires Java 7 or later to work in practice in Windows

// bind address from config
if(OpcServerConfig.FIXED_SOCKET_IP) {
Set bindAddresses = new HashSet();
InetAddress a = InetAddress.getByName(OpcServerConfig.GATEWAY_OPC_IP);
bindAddresses.add(a);
server.setBindAddresses(bindAddresses);

LogManager.getLogger(getClass()).info(“OpcServerConfig.GATEWAY_SOCKET_IP = ” + OpcServerConfig.GATEWAY_OPC_IP);
LogManager.getLogger(getClass()).info(“OpcServerConfig.GATEWAY_OPCSERVER_PORT = ” + OpcServerConfig.GATEWAY_OPC_PORT);
}

// *** Certificates
LogManager.getLogger(getClass()).info(“Loading certificates..”);
File privatePath = new File(applicationCertificateStore.getBaseDir(), “private”);

// // Define a certificate for a Certificate Authority (CA) which is used
// // to issue the keys. Especially
// // the HTTPS certificate should be signed by a CA certificate, in order
// // to make the .NET applications trust it.
// //
// // If you have a real CA, you should use that instead of this listener CA
// // and create the keys with it.
// // Here we use the IssuerCertificate only to sign the HTTPS certificate
// // (below) and not the Application Instance Certificate.
// KeyPair issuerCertificate = ApplicationIdentity.loadOrCreateIssuerCertificate(
// “MieleTCA@” + ApplicationIdentity.getActualHostNameWithoutDomain() + “_https_” + certKeySize, privatePath,
// “opcua”, 3650, false, certKeySize);
//
//
int[] keySizes = new int[]{certKeySize};
// If you wish to use big certificates (4096 bits), you will need to
// define two certificates for your application, since to interoperate
// with old applications, you will also need to use a small certificate
// (up to 2048 bits).
// keySizes = new int[] { 2048, 4096 };

// *** Application Identity
// Define the Server application identity, including the Application
// Instance Certificate (but don’t sign it with the issuerCertificate as
// explained above).
final ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(
appDescription,
“Miele T”,
/* Private Key Password */”cZlK14r3″,
/* Key File Path */privatePath,
/* Issuer Certificate & Private Key */null,
/* Key Sizes for instance certificates to create */keySizes,
/* Enable renewing the certificate */true
);

// // Create the HTTPS certificate bound to the hostname.
// // The HTTPS certificate must be created, if you enable HTTPS.
// String hostName = ApplicationIdentity.getActualHostName();
// identity.setHttpsCertificate(ApplicationIdentity.loadOrCreateHttpsCertificate(appDescription, hostName, “opcua”,
// issuerCertificate, privatePath, true, certKeySize));

server.setApplicationIdentity(identity);

// *** Security settings
/*
* Define the security modes to support for the Binary protocol.
*/
Set supportedSecurityPolicies = new HashSet();
supportedSecurityPolicies.add(SecurityPolicy.NONE);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_101);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_102);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_103);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_104);

Set supportedMessageSecurityModes = new HashSet();
supportedMessageSecurityModes.add(MessageSecurityMode.None);
// supportedMessageSecurityModes.add(MessageSecurityMode.Sign);
// supportedMessageSecurityModes.add(MessageSecurityMode.SignAndEncrypt);

/*
* This creates all possible combinations (NONE pairs only with None) of the configured
* MessageSecurityModes and SecurityPolicies) for opc.tcp communication.
*/
server.getSecurityModes()
.addAll(SecurityMode.combinations(supportedMessageSecurityModes, supportedSecurityPolicies));

// Define the supported user authentication methods
server.addUserTokenPolicy(UserTokenPolicies.ANONYMOUS);
server.addUserTokenPolicy(UserTokenPolicies.SECURE_USERNAME_PASSWORD);
// server.addUserTokenPolicy(UserTokenPolicies.SECURE_CERTIFICATE);

// Define a validator for checking the user accounts
server.setUserValidator(tandemUserValidator);

// // Register to the local discovery server (if present)
// try {
// server.setDiscoveryServerUrl(discoveryServerUrl);
// } catch (URISyntaxException e) {
// LogManager.getLogger(getClass()).error(“DiscoveryURL is not valid”, e);
// }

// *** ‘init’ creates the service handlers and the default endpoints
// *** according to the settings defined above
server.init();
initBuildInfo();

// “Safety limits” for ill-behaving clients
server.getSessionManager().setMaxSessionCount(500);
server.getSessionManager().setMaxSessionTimeout(3600000); // one hour
server.getSubscriptionManager().setMaxSubscriptionCount(50);

/*
* Safety limits for XXXContinuationPoints. Note! These are the current defaults. Technically a
* value of 0 (unlimited) is allowed by the OPC UA Specification, but our implementation does
* allocate server-side memory, thus do not use value of 0 (or you can run out of memory).
* Future SDK releases may improve this.
*/
ServerCapabilitiesTypeNode serverCapabilities =
server.getAddressSpace().getNodeManagerRoot().getServerData().getServerCapabilitiesNode();
serverCapabilities.setMaxBrowseContinuationPoints(UnsignedShort.MAX_VALUE);
serverCapabilities.setMaxQueryContinuationPoints(UnsignedShort.MAX_VALUE);
serverCapabilities.setMaxHistoryContinuationPoints(UnsignedShort.MAX_VALUE);

int foo = 0;
}

/**
*
* @throws UaServerException
*/
protected void run() throws UaServerException {
server.start();
printConnectionAddresses();

// *** Main Menu Loop
while(true) {
try {
Thread.sleep(10000);
} catch (InterruptedException e) {
LogManager.getLogger(getClass()).fatal(“run | InterruptedException = ” + e.getMessage());
}
}
}

public void stop() {
// todo
}
}

December 23, 2021
10:06, EET
Avatar
Matti Siponen
Moderator
Members

Moderators
Forum Posts: 346
Member Since:
February 11, 2020
sp_UserOfflineSmall Offline

Hello,

Can you show complete Client and Server logs that show how attempting to connect fails with BadCommunicationError when the applications are running on different hosts?

In general, using Wireshark to capture traffic between the applications can reveal many communication issues. See https://www.prosysopc.com/blog/opc-ua-wireshark/ for instructions on how to capture OPC UA communication with Wireshark. You can send the Wireshark capture logs to uajava-support@prosysopc.com for us to check.

Also, we don’t debug code posted on this forum.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
13 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 735

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1523

Posts: 6449

Newest Members:

rust, christamcdowall, redaahern07571, nigelbdhmp, travistimmons, AnnelCib, dalenegettinger, howardkennerley, Thomassnism, biancacraft16

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1026, Jimmy Ni: 26, Matti Siponen: 346, Lusetti: 0

Administrators: admin: 1