Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Prosys OPC UA Server leads to 0x80240000
January 17, 2023
16:46, EET
Avatar
gerstale
Member
Members
Forum Posts: 11
Member Since:
November 26, 2019
sp_UserOfflineSmall Offline

Hello,

during evaluation tests we faced a problem with Prosys OPC UA Server. Our test client fails to establish connection and reports:
The nonce does appear to be not a random value or it is not the correct length. (Status code = 0x80240000).
Could someone please advise how to impelemnt/configure server to avoid the issue?

Thank you in advance

January 18, 2023
14:20, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 877
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

Hmm.. in most cases an error like this is due to the client implementation. I assume this test client was not made with our SDK? Is it possible to say what SDK was being used? However, while checking this I did notice a potential bug in our implementation, though it requires a very specific scenario. Anyway, thanks.

Thus, asking first below some questions, because the answer depends on these:
What security mode was used i.e. None, Sign or Sign&Encrypt?
What user authentication method i.e. Anonymous, Username+password or user certificate?
Does the client send a certificate?

P.S.
The very specific scenario, if exactly all following happens:
1. None security mode was being used
2. Client didn’t send a certificate, but indicated this with empty ByteString (this is encoded as length 0) instead of null (length -1)
3. Send exactly null (-1 length) ByteString as the nonce
Then we would fail creating a signature and this would also throw Bad_NonceInvalid. If the client sends null certificate we skip the creation of the signature (though this can only be done in None securitymode).
Let us know if you know if this specifically happened

January 18, 2023
16:09, EET
Avatar
gerstale
Member
Members
Forum Posts: 11
Member Since:
November 26, 2019
sp_UserOfflineSmall Offline

Hello,

I can not tell you what SDK is being used on client side.(Simatic WinCC). Answers to your questions:
– Security mode – None
– Authentication method – Anonymous
– Client doesn’t send certificate.
It seems to be exactly the scenario, which you describes. I can provide you the TCP dump for further analysis, if you want.

Best regards

January 18, 2023
16:11, EET
Avatar
gerstale
Member
Members
Forum Posts: 11
Member Since:
November 26, 2019
sp_UserOfflineSmall Offline

Frame 25: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Ethernet II, Src: VMware_ee:0e:97 (00:0c:29:ee:0e:97), Dst: SiemensP_35:e2 (38:fd:fe:30:35:e2)
Internet Protocol Version 4, Src: 172.16.213.132, Dst: 172.16.213.125
Transmission Control Protocol, Src Port: 50555, Dst Port: 52520, Seq: 70, Ack: 29, Len: 132
OpcUa Binary Protocol
Message Type: OPN
Chunk Type: F
Message Size: 132
SecureChannelId: 0
SecurityPolicyUri: http://opcfoundation.org/UA/Se…..olicy#None
SenderCertificate: [OpcUa Null ByteString]
ReceiverCertificateThumbprint: [OpcUa Null ByteString]
SequenceNumber: 1
RequestId: 1
Message : Encodeable Object
TypeId : ExpandedNodeId
NodeId EncodingMask: Four byte encoded Numeric (0x01)
NodeId Namespace Index: 0
NodeId Identifier Numeric: OpenSecureChannelRequest (446)
OpenSecureChannelRequest
RequestHeader: RequestHeader
AuthenticationToken: NodeId
…. 0000 = EncodingMask: Two byte encoded Numeric (0x0)
Identifier Numeric: 0
Timestamp: Jan 17, 2023 15:11:45.693136800 CET
RequestHandle: 0
Return Diagnostics: 0x00000000
…. …. …. …0 = ServiceLevel / SymbolicId: False
…. …. …. ..0. = ServiceLevel / LocalizedText: False
…. …. …. .0.. = ServiceLevel / AdditionalInfo: False
…. …. …. 0… = ServiceLevel / Inner StatusCode: False
…. …. …0 …. = ServiceLevel / Inner Diagnostics: False
…. …. ..0. …. = OperationLevel / SymbolicId: False
…. …. .0.. …. = OperationLevel / LocalizedText: False
…. …. 0… …. = OperationLevel / AdditionalInfo: False
…. …0 …. …. = OperationLevel / Inner StatusCode: False
…. ..0. …. …. = OperationLevel / Inner Diagnostics: False
AuditEntryId: [OpcUa Null String]
TimeoutHint: 0
AdditionalHeader: ExtensionObject
TypeId: ExpandedNodeId
EncodingMask: 0x00, EncodingMask: Two byte encoded Numeric
Identifier Numeric: 0
EncodingMask: 0x00
…. …0 = has binary body: False
…. ..0. = has xml body: False
ClientProtocolVersion: 0
SecurityTokenRequestType: Issue (0x00000000)
MessageSecurityMode: None (0x00000001)
ClientNonce: [OpcUa Null ByteString]
RequestedLifetime: 3600000

January 18, 2023
17:00, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 877
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Do we respond the Bad_NonceInvalid to the OpenSecureChannelRequest or does it continue to CreateSessionRequest? I assume this was done using wireshark (like https://www.prosysopc.com/blog/opc-ua-wireshark/ thus it should be quite easy to see). If to CreateSession could I see that as well? And in either case is it possible to see the response we send?

January 18, 2023
17:11, EET
Avatar
gerstale
Member
Members
Forum Posts: 11
Member Since:
November 26, 2019
sp_UserOfflineSmall Offline

Here you go…

Frame 26: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits)
Ethernet II, Src: SiemensP_35:e2 (38:fd:fe:30:35:e2), Dst: VMware_ee:0e:97 (00:0c:29:ee:0e:97)
Internet Protocol Version 4, Src: 172.16.213.125, Dst: 172.16.213.132
Transmission Control Protocol, Src Port: 52520, Dst Port: 50555, Seq: 29, Ack: 202, Len: 135
OpcUa Binary Protocol
Message Type: OPN
Chunk Type: F
Message Size: 135
SecureChannelId: 123
SecurityPolicyUri: http://opcfoundation.org/UA/Se…..olicy#None
SenderCertificate: [OpcUa Null ByteString]
ReceiverCertificateThumbprint: [OpcUa Null ByteString]
SequenceNumber: 399
RequestId: 1
Message : Encodeable Object
TypeId : ExpandedNodeId
NodeId EncodingMask: Four byte encoded Numeric (0x01)
NodeId Namespace Index: 0
NodeId Identifier Numeric: OpenSecureChannelResponse (449)
OpenSecureChannelResponse
ResponseHeader: ResponseHeader
Timestamp: No time specified (0)
RequestHandle: 0
ServiceResult: 0x00000000 [Good]
ServiceDiagnostics: DiagnosticInfo
EncodingMask: 0x00
…. …0 = has symbolic id: False
…. ..0. = has namespace: False
…. .0.. = has localizedtext: False
…. 0… = has locale: False
…0 …. = has additional info: False
..0. …. = has inner statuscode: False
.0.. …. = has inner diagnostic info: False
StringTable: Array of String
ArraySize: -1
AdditionalHeader: ExtensionObject
TypeId: ExpandedNodeId
EncodingMask: 0x00, EncodingMask: Two byte encoded Numeric
…. 0000 = EncodingMask: Two byte encoded Numeric (0x0)
.0.. …. = has server index: False
0… …. = has namespace uri: False
Identifier Numeric: 0
EncodingMask: 0x00
…. …0 = has binary body: False
…. ..0. = has xml body: False
ServerProtocolVersion: 0
SecurityToken: ChannelSecurityToken
ChannelId: 123
TokenId: 1
CreatedAt: Jan 17, 2023 15:11:40.177000000 CET
RevisedLifetime: 3600000
ServerNonce: [OpcUa Empty ByteString]

January 18, 2023
17:38, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 877
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hmm I fail to see Bad_NonceInvalid in that OpenSecureChannelResponse (the ServiceResult is 0x00000000 [Good]), so either the communication continues to CreateSession (I would need to see that next) OR the WinCC didn’t like something about this response and just used the same statuscode to show the situation (it is always hard to know, without checking wireshark, i.e. maybe we didn’t send this statuscode from the server side) and “closed the line”. Can you verify which of the 2 it is?

Hmm.. since the ServerNonce we seem to give is [OpcUa Empty ByteString] and not [OpcUa Null ByteString], maybe WinCC wont like that. Though, it is something that might have been fixed by an update, so can you check does the WinCC has any updates?

January 19, 2023
10:51, EET
Avatar
gerstale
Member
Members
Forum Posts: 11
Member Since:
November 26, 2019
sp_UserOfflineSmall Offline

WinCC didn’t like the Prosys OPC UA server response, reports the 0x80240000 and closes connection. I can send you the complete TCP dump, just let me know how?

January 19, 2023
11:43, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 877
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

You can send the dump (as a zip) to uajava-support@prosysopc.com and refer this chain. Normally the email-based support is only for license/active-maintenance holders, but that is the best way I can see the dump (we also have a file upload system, I can tell the details via email). Though, I’m not sure there is exactly that much useful info in the dump, as it most likely just contains the closing TCP handshake if WinCC closed the line.

But we can make a beta version of the SDK that will have some flag to send null ByteString as the nonce instead of empty to see if it helps here. I can give that via email as well.

Also I assume you did check for WinCC updates and there either was none and/or they didn’t help with this?

January 23, 2023
11:13, EET
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 877
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

So turns out the client did send a CreateSessionRequest after all and a null nonce, thus it was the “The very specific scenario” of my first post in this chain. Thus, our bug; the next release will have a fix.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
6 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 124

pramanj: 86

ibrahim: 74

rocket science: 65

kapsl: 57

Sabari: 51

gjevremovic: 49

Xavier: 43

fred: 41

TimK: 41

Member Stats:

Guest Posters: 0

Members: 684

Moderators: 15

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1335

Posts: 5711

Newest Members:

daniel.boada@soprasteria.com, Ratheesh, Dustingen, janessawhittell, ravi_prabhakar, dustyy137676428, Douglasabibe, DonaldWibip, kennithmazza4, Heiko Geissler

Moderators: Jouni Aro: 963, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 877, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 25, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 230, Lusetti: 0

Administrators: admin: 1