Hello!

We are using the evaluation libs for the server:

com.prosysopc.ua
prosys-opc-ua-sdk-evaluation
4.6.2-1636

Maybe you can help me with this problem:

When I run the opc ua server locally then everything works fine.
When I run the opc ua server on our server machine, i can not connect to server (“could not connect to server: BadCommunicationError”).

I see the connect in the logs – no firewall problems:
[OPC-UA-Stack-Non-Blocking-Work-Executor-1] INFO com.prosysopc.ua.stack.transport.tcp.nio.OpcTcpServer – OpcTcpServer(opc.tcp(/10.181.202.181:4840, (opc.tcp://degttanb.de.m.net:4840/OPCUA/TOPCServer [[http://opcfoundation.org/UA/SecurityPolicy#None,None]])(opc.tcp://degttanb.de.m.net:4840 [[http://opcfoundation.org/UA/SecurityPolicy#None,None]]))): /10.159.160.155:54769 connected

But after this nothing happens. No Error/Fatal Log or something else.

When I connect to the local-running it looks like this:
[OPC-UA-Stack-Non-Blocking-Work-Executor-6] INFO com.prosysopc.ua.stack.transport.tcp.nio.OpcTcpServer – OpcTcpServer(opc.tcp(/127.0.0.1:52520, (opc.tcp://DEGTL11644.de.m.net:52520/OPCUA/TOPCServer [[http://opcfoundation.org/UA/SecurityPolicy#None,None]])(opc.tcp://DEGTL11644.de.m.net:52520 [[http://opcfoundation.org/UA/SecurityPolicy#None,None]]))): /127.0.0.1:54912 connected
[OPC-UA-Stack-Blocking-Work-Executor-14] INFO com.prosysopc.ua.stack.transport.tcp.nio.OpcTcpServerSecureChannel – SecureChannel opened; SecurityToken(Id=1, secureChannelId=4, creationTime=23.12.2021 08:24:46, lifetime=3600000)
[OPC-UA-Stack-Blocking-Work-Executor-15] INFO com.prosysopc.ua.server.SessionManager – Session created: (ID=ns=1;g=59778b4c-79e1-4863-b8b1-bde1376c1a2a Token=b=l8GbslQJ6me5NzVYIoVAyp3/E0NYh2rpoJeK/Y0P8CY= Channel=(SecureChannelId=4 State=Open URL=opc.tcp://127.0.0.1:52520/OPCUA/TOPCServer SecurityPolicy=http://opcfoundation.org/UA/SecurityPolicy#None RemoteAddress=/127.0.0.1:54912))
2021-12-23 08:24:47,235 INFO a.a.TUserValidator [OPC-UA-Stack-Blocking-Work-Executor-17] onValidate: userIdentity=Type=UserName – t
[OPC-UA-Stack-Blocking-Work-Executor-17] INFO com.prosysopc.ua.server.SessionManager – Session activated: (ID=ns=1;g=59778b4c-79e1-4863-b8b1-bde1376c1a2a Token=b=l8GbslQJ6me5NzVYIoVAyp3/E0NYh2rpoJeK/Y0P8CY= Channel=(SecureChannelId=4 State=Open URL=opc.tcp://127.0.0.1:52520/OPCUA/TOPCServer SecurityPolicy=http://opcfoundation.org/UA/SecurityPolicy#None RemoteAddress=/127.0.0.1:54912))

I have taken the example of the simpleconsoleserver and modified it:

– disabled ipv6
– fix bind of one address
– disabling https

Here the code example:

package apis.apiOpcServer;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.util.HashSet;
import java.util.Set;

import org.apache.logging.log4j.LogManager;

import com.prosysopc.ua.ApplicationIdentity;
import com.prosysopc.ua.SecureIdentityException;
import com.prosysopc.ua.StatusException;
import com.prosysopc.ua.UaApplication.Protocol;
import com.prosysopc.ua.UserTokenPolicies;
import com.prosysopc.ua.server.UaInstantiationException;
import com.prosysopc.ua.server.UaServer;
import com.prosysopc.ua.server.UaServerException;
import com.prosysopc.ua.stack.builtintypes.LocalizedText;
import com.prosysopc.ua.stack.builtintypes.UnsignedShort;
import com.prosysopc.ua.stack.cert.PkiDirectoryCertificateStore;
import com.prosysopc.ua.stack.core.ApplicationDescription;
import com.prosysopc.ua.stack.core.ApplicationType;
import com.prosysopc.ua.stack.core.EndpointDescription;
import com.prosysopc.ua.stack.core.MessageSecurityMode;
import com.prosysopc.ua.stack.transport.security.SecurityMode;
import com.prosysopc.ua.stack.transport.security.SecurityPolicy;
import com.prosysopc.ua.types.opcua.server.BuildInfoTypeNode;
import com.prosysopc.ua.types.opcua.server.ServerCapabilitiesTypeNode;

public class TOpcServer {
protected static int certKeySize = 2048;
protected static String APP_NAME = “TOPCServer”;
// protected static String discoveryServerUrl = “opc.tcp://localhost:4840”;
protected static int port = OpcServerConfig.GATEWAY_OPC_PORT;

protected TNodeManager tNodeManager;
protected NMListener nodeManagerListener = new NMListener();
protected UaServer server;
protected TUserValidator tUserValidator;

public TOpcServer() {
try {
this.start();
} catch (Exception e) {
LogManager.getLogger(getClass()).fatal(“TOpcServer Exception = ” + e.getMessage());
}
}

/**
*
* @throws Exception
*/
public void start() throws Exception {
// Initialize the server
initialize(port, APP_NAME);

// Create the address space
createAddressSpace();

// TCP Buffer size parameters – this may help with high traffic
// situations.
// See http://fasterdata.es.net/host-tuning/background/ for some hints
// how to use it
// UATcpServer.setReceiveBufferSize(700000);

// Start the server, when you have finished your own initializations
// This will allow connections from the clients
// Start up the server
run();
}

public UaServer getServer() {
return server;
}

/**
* PrintConnectionAddresses
*/
private void printConnectionAddresses() {
// Prints connection address that clients can use.
// NOTE! if multiple SecurityModes are supported, each will have their own EndpointDescription
LogManager.getLogger(getClass()).info(“Server started with connection addresses:”);
EndpointDescription prev = null;
for (EndpointDescription ed : server.getEndpoints()) {
if (prev == null || ed.getEndpointUrl() != prev.getEndpointUrl()) {
LogManager.getLogger(getClass()).info(ed.getEndpointUrl());
prev = ed;
}
}
}

/**
*
* @throws StatusException
* @throws UaInstantiationException
*/
protected void createAddressSpace() throws StatusException, UaInstantiationException {
// My Node Manager
tNodeManager = new TNodeManager(server, TNodeManager.NAMESPACE);
tNodeManager.addListener(nodeManagerListener);

// My I/O Manager Listener
tNodeManager.getIoManager().addListeners(new IoMListener());

LogManager.getLogger(getClass()).info(“Address space created.”);
}

/**
* Initialize the information to the Server BuildInfo structure.
*/
protected void initBuildInfo() {
// Initialize BuildInfo – using the version info from the SDK
// You should replace this with your own build information

final BuildInfoTypeNode buildInfo =
server.getNodeManagerRoot().getServerData().getServerStatusNode().getBuildInfoNode();

buildInfo.setProductName(“TProductName”);
buildInfo.setManufacturerName(“TManufacturerName”);
buildInfo.setSoftwareVersion(“TSoftwareVersion”);
buildInfo.setBuildNumber(“TBuildNumber”);
//buildInfo.setBuildDate(new DateTime(c));
}

/**
*
* @param port
* @param applicationName
* @throws SecureIdentityException
* @throws IOException
* @throws UaServerException
*/
protected void initialize(int port, String applicationName)
throws SecureIdentityException, IOException, UaServerException {

// *** Create the server
server = new UaServer();
server.setEnableIPv6(false);

// Use PKI files to keep track of the trusted and rejected client
// certificates…

final PkiDirectoryCertificateStore applicationCertificateStore = new PkiDirectoryCertificateStore(“PKI/CA”);
// final PkiDirectoryCertificateStore applicationIssuerCertificateStore =
// new PkiDirectoryCertificateStore(“PKI/CA/issuers”);
// final DefaultCertificateValidator applicationCertificateValidator =
// new DefaultCertificateValidator(applicationCertificateStore, applicationIssuerCertificateStore);

// server.setCertificateValidator(applicationCertificateValidator);
// // …and react to validation results with a custom handler
// applicationCertificateValidator.setValidationListener(validationListener);

// // Handle user certificates
// final PkiDirectoryCertificateStore userCertificateStore = new PkiDirectoryCertificateStore(“USERS_PKI/CA”);
// final PkiDirectoryCertificateStore userIssuerCertificateStore =
// new PkiDirectoryCertificateStore(“USERS_PKI/CA/issuers”);

// final DefaultCertificateValidator userCertificateValidator =
// new DefaultCertificateValidator(userCertificateStore, userIssuerCertificateStore);

tUserValidator = new TUserValidator();
// // …and react to validation results with a custom handler
// userCertificateValidator.setValidationListener(userCertificateValidationListener);

// *** Application Description is sent to the clients
ApplicationDescription appDescription = new ApplicationDescription();
// ‘localhost’ (all lower case) in the ApplicationName and
// ApplicationURI is converted to the actual host name of the computer
// (including the possible domain part) in which the application is run.
// (as available from ApplicationIdentity.getActualHostName())
// ‘hostname’ is converted to the host name without the domain part.
// (as available from
// ApplicationIdentity.getActualHostNameWithoutDomain())
appDescription.setApplicationName(new LocalizedText(applicationName + “@hostname”));
appDescription.setApplicationUri(“urn:hostname:OPCUA:” + applicationName);
appDescription.setProductUri(“urn:com.miele.t:OPCUA:” + applicationName);
appDescription.setApplicationType(ApplicationType.Server);

// *** Server Endpoints
// TCP Port number for the UA TCP protocol
server.setPort(Protocol.OpcTcp, port);

// optional server name part of the URI (default for all protocols)
server.setServerName(“OPCUA/” + applicationName);

// Optionally restrict the InetAddresses to which the server is bound.
// You may also specify the addresses for each Protocol.

// The default is binding to IPv6 wildcard ‘[::]’ when isEnableIPv6 is true
// or to IPv4 wildcard ‘0.0.0.0’ otherwise.

// Alternatively, the Server can be bound to all available InetAddresses.
// isEnableIPv6 defines whether IPv6 address should be included in the bound addresses.
// Note that it requires Java 7 or later to work in practice in Windows

// bind address from config
if(OpcServerConfig.FIXED_SOCKET_IP) {
Set bindAddresses = new HashSet();
InetAddress a = InetAddress.getByName(OpcServerConfig.GATEWAY_OPC_IP);
bindAddresses.add(a);
server.setBindAddresses(bindAddresses);

LogManager.getLogger(getClass()).info(“OpcServerConfig.GATEWAY_SOCKET_IP = ” + OpcServerConfig.GATEWAY_OPC_IP);
LogManager.getLogger(getClass()).info(“OpcServerConfig.GATEWAY_OPCSERVER_PORT = ” + OpcServerConfig.GATEWAY_OPC_PORT);
}

// *** Certificates
LogManager.getLogger(getClass()).info(“Loading certificates..”);
File privatePath = new File(applicationCertificateStore.getBaseDir(), “private”);

// // Define a certificate for a Certificate Authority (CA) which is used
// // to issue the keys. Especially
// // the HTTPS certificate should be signed by a CA certificate, in order
// // to make the .NET applications trust it.
// //
// // If you have a real CA, you should use that instead of this listener CA
// // and create the keys with it.
// // Here we use the IssuerCertificate only to sign the HTTPS certificate
// // (below) and not the Application Instance Certificate.
// KeyPair issuerCertificate = ApplicationIdentity.loadOrCreateIssuerCertificate(
// “MieleTCA@” + ApplicationIdentity.getActualHostNameWithoutDomain() + “_https_” + certKeySize, privatePath,
// “opcua”, 3650, false, certKeySize);
//
//
int[] keySizes = new int[]{certKeySize};
// If you wish to use big certificates (4096 bits), you will need to
// define two certificates for your application, since to interoperate
// with old applications, you will also need to use a small certificate
// (up to 2048 bits).
// keySizes = new int[] { 2048, 4096 };

// *** Application Identity
// Define the Server application identity, including the Application
// Instance Certificate (but don’t sign it with the issuerCertificate as
// explained above).
final ApplicationIdentity identity = ApplicationIdentity.loadOrCreateCertificate(
appDescription,
“Miele T”,
/* Private Key Password */”cZlK14r3″,
/* Key File Path */privatePath,
/* Issuer Certificate & Private Key */null,
/* Key Sizes for instance certificates to create */keySizes,
/* Enable renewing the certificate */true
);

// // Create the HTTPS certificate bound to the hostname.
// // The HTTPS certificate must be created, if you enable HTTPS.
// String hostName = ApplicationIdentity.getActualHostName();
// identity.setHttpsCertificate(ApplicationIdentity.loadOrCreateHttpsCertificate(appDescription, hostName, “opcua”,
// issuerCertificate, privatePath, true, certKeySize));

server.setApplicationIdentity(identity);

// *** Security settings
/*
* Define the security modes to support for the Binary protocol.
*/
Set supportedSecurityPolicies = new HashSet();
supportedSecurityPolicies.add(SecurityPolicy.NONE);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_101);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_102);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_103);
// supportedSecurityPolicies.addAll(SecurityPolicy.ALL_SECURE_104);

Set supportedMessageSecurityModes = new HashSet();
supportedMessageSecurityModes.add(MessageSecurityMode.None);
// supportedMessageSecurityModes.add(MessageSecurityMode.Sign);
// supportedMessageSecurityModes.add(MessageSecurityMode.SignAndEncrypt);

/*
* This creates all possible combinations (NONE pairs only with None) of the configured
* MessageSecurityModes and SecurityPolicies) for opc.tcp communication.
*/
server.getSecurityModes()
.addAll(SecurityMode.combinations(supportedMessageSecurityModes, supportedSecurityPolicies));

// Define the supported user authentication methods
server.addUserTokenPolicy(UserTokenPolicies.ANONYMOUS);
server.addUserTokenPolicy(UserTokenPolicies.SECURE_USERNAME_PASSWORD);
// server.addUserTokenPolicy(UserTokenPolicies.SECURE_CERTIFICATE);

// Define a validator for checking the user accounts
server.setUserValidator(tandemUserValidator);

// // Register to the local discovery server (if present)
// try {
// server.setDiscoveryServerUrl(discoveryServerUrl);
// } catch (URISyntaxException e) {
// LogManager.getLogger(getClass()).error(“DiscoveryURL is not valid”, e);
// }

// *** ‘init’ creates the service handlers and the default endpoints
// *** according to the settings defined above
server.init();
initBuildInfo();

// “Safety limits” for ill-behaving clients
server.getSessionManager().setMaxSessionCount(500);
server.getSessionManager().setMaxSessionTimeout(3600000); // one hour
server.getSubscriptionManager().setMaxSubscriptionCount(50);

/*
* Safety limits for XXXContinuationPoints. Note! These are the current defaults. Technically a
* value of 0 (unlimited) is allowed by the OPC UA Specification, but our implementation does
* allocate server-side memory, thus do not use value of 0 (or you can run out of memory).
* Future SDK releases may improve this.
*/
ServerCapabilitiesTypeNode serverCapabilities =
server.getAddressSpace().getNodeManagerRoot().getServerData().getServerCapabilitiesNode();
serverCapabilities.setMaxBrowseContinuationPoints(UnsignedShort.MAX_VALUE);
serverCapabilities.setMaxQueryContinuationPoints(UnsignedShort.MAX_VALUE);
serverCapabilities.setMaxHistoryContinuationPoints(UnsignedShort.MAX_VALUE);

int foo = 0;
}

/**
*
* @throws UaServerException
*/
protected void run() throws UaServerException {
server.start();
printConnectionAddresses();

// *** Main Menu Loop
while(true) {
try {
Thread.sleep(10000);
} catch (InterruptedException e) {
LogManager.getLogger(getClass()).fatal(“run | InterruptedException = ” + e.getMessage());
}
}
}

public void stop() {
// todo
}
}