Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Getting Failed to create session channel
August 21, 2019
20:32, EEST
Avatar
dipankar.invi@gmail.com
Member
Members
Forum Posts: 16
Member Since:
December 6, 2018
sp_UserOfflineSmall Offline

Below is the DEBUG log I got while the error happened.
Here the only difference I see is the slash(‘/’) at the end of the EndPointUrl . Can it be a reason for the error ???

** I have removed the IP address from EndPointURL rest is as it was.

2019-08-21 14:03:54,557 ERROR [org.o.u.a.Client ] – The endpoint received from GetEndpoints is not in the endpoints of CreateSessionResponse. Endpoint=EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://:48031
Server=null
ServerCertificate=null
SecurityMode=MessageSecurityMode
name=None
ordinal=1
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[3]
[0]=UserTokenPolicy
PolicyId=0
TokenType=UserTokenType
name=Anonymous
ordinal=0
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=null
[1]=UserTokenPolicy
PolicyId=1
TokenType=UserTokenType
name=UserName
ordinal=1
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]=UserTokenPolicy
PolicyId=2
TokenType=UserTokenType
name=Certificate
ordinal=2
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri=http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=0

2019-08-21 14:03:54,559 ERROR [org.o.u.a.Client ] – GetEndpoints returned endpoints=[EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://:48031
Server=null
ServerCertificate=null
SecurityMode=MessageSecurityMode
name=None
ordinal=1
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[3]
[0]=UserTokenPolicy
PolicyId=0
TokenType=UserTokenType
name=Anonymous
ordinal=0
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=null
[1]=UserTokenPolicy
PolicyId=1
TokenType=UserTokenType
name=UserName
ordinal=1
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]=UserTokenPolicy
PolicyId=2
TokenType=UserTokenType
name=Certificate
ordinal=2
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri=http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=0
]
2019-08-21 14:03:54,559 ERROR [org.o.u.a.Client ] – CreateSessionResponse endpoints=[EndpointDescription: EndpointDescription
EndpointUrl=opc.tcp://:48031/
Server=null
ServerCertificate=null
SecurityMode=MessageSecurityMode
name=None
ordinal=1
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#None
UserIdentityTokens=class org.opcfoundation.ua.core.UserTokenPolicy[3]
[0]=UserTokenPolicy
PolicyId=0
TokenType=UserTokenType
name=Anonymous
ordinal=0
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=null
[1]=UserTokenPolicy
PolicyId=1
TokenType=UserTokenType
name=UserName
ordinal=1
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
[2]=UserTokenPolicy
PolicyId=2
TokenType=UserTokenType
name=Certificate
ordinal=2
IssuedTokenType=null
IssuerEndpointUrl=null
SecurityPolicyUri=http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
TransportProfileUri=http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary
SecurityLevel=0
]

August 22, 2019
10:05, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 400
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Yes, that would cause it to fail as they must be exactly the same. The check was added in order to pass the compliance tests. If you trust the server, you could set UaClient.setValidateDiscoveredEndpoints(false) to disable the check.

The specification mentions 1.04 Part 4 section 5.6.2.1 for the CreateSession description:
“The Server returns its EndpointDescriptions in the response. Clients use this information to
determine whether the list of EndpointDescriptions returned from the DiscoveryEndpoint matches
the Endpoints that the Server has. If there is a difference then the Client shall close the Session
and report an error.”

This is a security-check, as the Discovery Service Set can be accessed without a Session thus it doesn’t use message security.

August 22, 2019
10:12, EEST
Avatar
dipankar.invi@gmail.com
Member
Members
Forum Posts: 16
Member Since:
December 6, 2018
sp_UserOfflineSmall Offline

Hi Bjarne,

Thanks for the response.
I want to understand how a opc client connects to opc ua server step by step . Is there any documentation or pdf to which I can look into other than the docs which comes with OPC specification like you mentioned in the last comment ?

Thanks,
Dipankar

August 22, 2019
12:20, EEST
Avatar
dipankar.invi@gmail.com
Member
Members
Forum Posts: 16
Member Since:
December 6, 2018
sp_UserOfflineSmall Offline

Hi Bjarne,

Does the exact match applicable to alphabetic cases as well ? For example : opc.tcp://test-pc-4:48031 and opc.tcp://TEST-pc-4:48031 , will this get passed ?

Thanks,
Dipankar

August 22, 2019
14:25, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 400
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

The client tutorial in the ‘tutorial’ folder of the SDK (downloaded) package maybe, however it is from the SDK’s point of view and the point of the SDK is to make it easy so it is not in that much details.

Generally I would say the specification is probably the best place to look, even if it seems daunting at first. Probably best to start with Part 1, then you could jump to Part 4 section 4&5 for the service sets, Discovery, SecureChannel and Session Service Sets. Basically all that is done when you call UaClient.connect().

Also that would not pass, as it is not the same. In practice any difference should be a server bug. Basically the purpose of the check is to make sure it actually was the endpoints the server sent, not some rogue actor manipulating messages on the network. But as a note if you see differences that some parameters might be null, per the serverEndpoints return parameter in the 5.6.2.2 (1.04 Part 4): “It is recommended that Servers only include the server.applicationUri, endpointUrl, securityMode, securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all other parameters set to null. Only the recommended parameters shall be verified by the client.”

August 23, 2019
10:02, EEST
Avatar
dipankar.invi@gmail.com
Member
Members
Forum Posts: 16
Member Since:
December 6, 2018
sp_UserOfflineSmall Offline

Thanks for the detailed explanation. Smile

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 78

Currently Online:
12 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 91

pramanj: 86

ibrahim: 68

kapsl: 57

gjevremovic: 49

TimK: 41

Fransua33: 39

fred: 36

Rainer Versteeg: 32

peterrob45: 25

Member Stats:

Guest Posters: 0

Members: 866

Moderators: 12

Admins: 1

Forum Stats:

Groups: 3

Forums: 14

Topics: 885

Posts: 3723

Newest Members:

fred, Galla, RMuth, Michael Jacoby, sanjayyadav, sanjayy, AndreasABB, RAMI4.0, nmnemonic, virgie88y3407

Moderators: Jouni Aro: 830, Otso Palonen: 32, Tuomas Hiltunen: 5, janimakela: 0, Pyry: 1, Terho: 0, Petri: 0, Bjarne Boström: 400, Heikki Tahvanainen: 402, Jukka Asikainen: 1, Teppo Uimonen: 15, Markus Johansson: 1

Administrators: admin: 0