Log In
Register
Forum
Topic RSS
16:46, EET
November 26, 2019
Offline
Hello,
during evaluation tests we faced a problem with Prosys OPC UA Server. Our test client fails to establish connection and reports:
The nonce does appear to be not a random value or it is not the correct length. (Status code = 0x80240000).
Could someone please advise how to impelemnt/configure server to avoid the issue?
Thank you in advance
14:20, EET
April 3, 2012
Offline
Hi,
Hmm.. in most cases an error like this is due to the client implementation. I assume this test client was not made with our SDK? Is it possible to say what SDK was being used? However, while checking this I did notice a potential bug in our implementation, though it requires a very specific scenario. Anyway, thanks.
Thus, asking first below some questions, because the answer depends on these:
What security mode was used i.e. None, Sign or Sign&Encrypt?
What user authentication method i.e. Anonymous, Username+password or user certificate?
Does the client send a certificate?
P.S.
The very specific scenario, if exactly all following happens:
1. None security mode was being used
2. Client didn’t send a certificate, but indicated this with empty ByteString (this is encoded as length 0) instead of null (length -1)
3. Send exactly null (-1 length) ByteString as the nonce
Then we would fail creating a signature and this would also throw Bad_NonceInvalid. If the client sends null certificate we skip the creation of the signature (though this can only be done in None securitymode).
Let us know if you know if this specifically happened
16:09, EET
November 26, 2019
Offline
Hello,
I can not tell you what SDK is being used on client side.(Simatic WinCC). Answers to your questions:
– Security mode – None
– Authentication method – Anonymous
– Client doesn’t send certificate.
It seems to be exactly the scenario, which you describes. I can provide you the TCP dump for further analysis, if you want.
Best regards
16:11, EET
November 26, 2019
Offline
Frame 25: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits)
Ethernet II, Src: VMware_ee:0e:97 (00:0c:29:ee:0e:97), Dst: SiemensP_35:e2 (38:fd:fe:30:35:e2)
Internet Protocol Version 4, Src: 172.16.213.132, Dst: 172.16.213.125
Transmission Control Protocol, Src Port: 50555, Dst Port: 52520, Seq: 70, Ack: 29, Len: 132
OpcUa Binary Protocol
Message Type: OPN
Chunk Type: F
Message Size: 132
SecureChannelId: 0
SecurityPolicyUri: http://opcfoundation.org/UA/Se…..olicy#None
SenderCertificate: [OpcUa Null ByteString]
ReceiverCertificateThumbprint: [OpcUa Null ByteString]
SequenceNumber: 1
RequestId: 1
Message : Encodeable Object
TypeId : ExpandedNodeId
NodeId EncodingMask: Four byte encoded Numeric (0x01)
NodeId Namespace Index: 0
NodeId Identifier Numeric: OpenSecureChannelRequest (446)
OpenSecureChannelRequest
RequestHeader: RequestHeader
AuthenticationToken: NodeId
…. 0000 = EncodingMask: Two byte encoded Numeric (0x0)
Identifier Numeric: 0
Timestamp: Jan 17, 2023 15:11:45.693136800 CET
RequestHandle: 0
Return Diagnostics: 0x00000000
…. …. …. …0 = ServiceLevel / SymbolicId: False
…. …. …. ..0. = ServiceLevel / LocalizedText: False
…. …. …. .0.. = ServiceLevel / AdditionalInfo: False
…. …. …. 0… = ServiceLevel / Inner StatusCode: False
…. …. …0 …. = ServiceLevel / Inner Diagnostics: False
…. …. ..0. …. = OperationLevel / SymbolicId: False
…. …. .0.. …. = OperationLevel / LocalizedText: False
…. …. 0… …. = OperationLevel / AdditionalInfo: False
…. …0 …. …. = OperationLevel / Inner StatusCode: False
…. ..0. …. …. = OperationLevel / Inner Diagnostics: False
AuditEntryId: [OpcUa Null String]
TimeoutHint: 0
AdditionalHeader: ExtensionObject
TypeId: ExpandedNodeId
EncodingMask: 0x00, EncodingMask: Two byte encoded Numeric
Identifier Numeric: 0
EncodingMask: 0x00
…. …0 = has binary body: False
…. ..0. = has xml body: False
ClientProtocolVersion: 0
SecurityTokenRequestType: Issue (0x00000000)
MessageSecurityMode: None (0x00000001)
ClientNonce: [OpcUa Null ByteString]
RequestedLifetime: 3600000
17:00, EET
April 3, 2012
Offline
Do we respond the Bad_NonceInvalid to the OpenSecureChannelRequest or does it continue to CreateSessionRequest? I assume this was done using wireshark (like https://www.prosysopc.com/blog/opc-ua-wireshark/ thus it should be quite easy to see). If to CreateSession could I see that as well? And in either case is it possible to see the response we send?
17:11, EET
November 26, 2019
Offline
Here you go…
Frame 26: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits)
Ethernet II, Src: SiemensP_35:e2 (38:fd:fe:30:35:e2), Dst: VMware_ee:0e:97 (00:0c:29:ee:0e:97)
Internet Protocol Version 4, Src: 172.16.213.125, Dst: 172.16.213.132
Transmission Control Protocol, Src Port: 52520, Dst Port: 50555, Seq: 29, Ack: 202, Len: 135
OpcUa Binary Protocol
Message Type: OPN
Chunk Type: F
Message Size: 135
SecureChannelId: 123
SecurityPolicyUri: http://opcfoundation.org/UA/Se…..olicy#None
SenderCertificate: [OpcUa Null ByteString]
ReceiverCertificateThumbprint: [OpcUa Null ByteString]
SequenceNumber: 399
RequestId: 1
Message : Encodeable Object
TypeId : ExpandedNodeId
NodeId EncodingMask: Four byte encoded Numeric (0x01)
NodeId Namespace Index: 0
NodeId Identifier Numeric: OpenSecureChannelResponse (449)
OpenSecureChannelResponse
ResponseHeader: ResponseHeader
Timestamp: No time specified (0)
RequestHandle: 0
ServiceResult: 0x00000000 [Good]
ServiceDiagnostics: DiagnosticInfo
EncodingMask: 0x00
…. …0 = has symbolic id: False
…. ..0. = has namespace: False
…. .0.. = has localizedtext: False
…. 0… = has locale: False
…0 …. = has additional info: False
..0. …. = has inner statuscode: False
.0.. …. = has inner diagnostic info: False
StringTable: Array of String
ArraySize: -1
AdditionalHeader: ExtensionObject
TypeId: ExpandedNodeId
EncodingMask: 0x00, EncodingMask: Two byte encoded Numeric
…. 0000 = EncodingMask: Two byte encoded Numeric (0x0)
.0.. …. = has server index: False
0… …. = has namespace uri: False
Identifier Numeric: 0
EncodingMask: 0x00
…. …0 = has binary body: False
…. ..0. = has xml body: False
ServerProtocolVersion: 0
SecurityToken: ChannelSecurityToken
ChannelId: 123
TokenId: 1
CreatedAt: Jan 17, 2023 15:11:40.177000000 CET
RevisedLifetime: 3600000
ServerNonce: [OpcUa Empty ByteString]
17:38, EET
April 3, 2012
Offline
Hmm I fail to see Bad_NonceInvalid in that OpenSecureChannelResponse (the ServiceResult is 0x00000000 [Good]), so either the communication continues to CreateSession (I would need to see that next) OR the WinCC didn’t like something about this response and just used the same statuscode to show the situation (it is always hard to know, without checking wireshark, i.e. maybe we didn’t send this statuscode from the server side) and “closed the line”. Can you verify which of the 2 it is?
Hmm.. since the ServerNonce we seem to give is [OpcUa Empty ByteString] and not [OpcUa Null ByteString], maybe WinCC wont like that. Though, it is something that might have been fixed by an update, so can you check does the WinCC has any updates?
10:51, EET
November 26, 2019
Offline
WinCC didn’t like the Prosys OPC UA server response, reports the 0x80240000 and closes connection. I can send you the complete TCP dump, just let me know how?
11:43, EET
April 3, 2012
Offline
You can send the dump (as a zip) to uajava-support@prosysopc.com and refer this chain. Normally the email-based support is only for license/active-maintenance holders, but that is the best way I can see the dump (we also have a file upload system, I can tell the details via email). Though, I’m not sure there is exactly that much useful info in the dump, as it most likely just contains the closing TCP handshake if WinCC closed the line.
But we can make a beta version of the SDK that will have some flag to send null ByteString as the nonce instead of empty to see if it helps here. I can give that via email as well.
Also I assume you did check for WinCC updates and there either was none and/or they didn’t help with this?
11:13, EET
April 3, 2012
Offline
So turns out the client did send a CreateSessionRequest after all and a null nonce, thus it was the “The very specific scenario” of my first post in this chain. Thus, our bug; the next release will have a fix.
Most Users Ever Online: 518
Currently Online:
21 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
hbrackel: 135
pramanj: 86
Francesco Zambon: 81
rocket science: 77
ibrahim: 76
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
fred: 41
Member Stats:
Guest Posters: 0
Members: 680
Moderators: 16
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1467
Posts: 6260
Newest Members:
sagarchau, elviralangwell4, Donnavek, Eddiefauth, DonaldPooma, fidelduke938316, Jan-Pfizer, DavidROunc, fen.pang@woodside.com, aytuleModerators: Jouni Aro: 1009, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 983, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 321, Lusetti: 0, Ari-Pekka Soikkeli: 5
Administrators: admin: 1
