Hello Sgilk,

Unfortunately the needed certificate is not added on Server side when Client is a CtrlX Core.
However if Client is UA Expert, the needed certificate is added on Server side in the list (like you show) and then must be "Trusted".

Hello,

I discussed your issue with development to find out what's going on. With the information we have, we think that the OpenSecureConnection fails and this leads to the error message. This would fit to the point, because the server dosn't receives a certificate from the client.

To find the reason for this behavior we need more information. Could you please discribe your system a bit more in detail?

As far as we understood, you use 2 real ctrlX CORE and the both are version 2.6.x systems, right? Or did you only updated the OPC UA server and client app?

You disguised the IP adresses so I have to ask the following questions. How are the network interfaces of both crtlX CORE configured. Which RJ45 ports are used for the connection to the second crtlX CORE and the PC with the UA Expert? Are the two ctrlX CORE conected direcly or is there a switch inbetween?

Hello,

OPC-Client Core is located in our customer office whereas OPC Server Core and 2 additional machines are located in a plant.
Today, these 2 addtional machines equipped with B&R PLC and OPC Servers are properly operating with OPC UA communication (I mean with the OPC Client Core).

Here is the explanation you asked for the Core application:

Hello,

It's still not 100% clear for me what is the reason for the problem, so I will try to summarise all the information I have right now. Please correct me if someting is wrong:

• The ctrlX CORE X3 is in the office is acting as OPC UA server
• The ctrlX CORE X7 is located in the plant and working as a OPC UA client.
• The OPC UA client (X7) can't connect to the OPC UA server (X3).
• The OPC UA client (X7) can connect to the OPC UA server of two B&R machines inside the plant.
• You can ping the X3 (office) from the X7 (plant) by using the hostname.
• You can connect to OPC UA server of the X3 (office) with the UA-Expert from a PC within the office network

So the setting should look like this:

I guess a ping from the X3 (office) to the X7 (plant) would also work.

We think that the OpenSecureConnection fails because of firewall settings between the two networks.

Your screenshot of the installed apps showed that the OPC UA server app is installed on the X7. Can you please try to connect OPC UA server of the X7 (plant) with the UA Expert (PC in the office)? Does it work and if not, which error message do you get inside the UA Expert? Please create a WireShark trace of this connection attempt, so we can see more details. 

Hello,

Basically, I also misunderstood a bit our customer architecture and I messed up a bit the case... sorry 😔

Here is the current architecture:

So, OPC UA communication operates properly between the office and the 2 plants with B&R PLC as Clients.
But not operating between the office and the plant with CtrlX Core as Client.

After a discussion with customer, he's going on site next week and will test with UA Expert as well from the plant where the CtrlX Core (Client OPC UA) is located, in order to check if this is related to plant IT issues or CtrlX Core issues with OPC-UA.

Then, I will inform you about the status.

Many thanks for your support and the time you spend 😉

Hello,
As mentionned previoulsy, our customer made a test with UA Expert on plant side and it was successful.

Here is my latest version of drawing to sum-up everything:

Hi @Nathanael,

currently we still cannot reproduce the issue. We try out different scenarios, which all works for use. Therefore we require your help. Is it possible to activate trace on ctrlX OPC UA Client? To activate that, please do the following steps using the Data Layer Editor (Settings->Data Layer in ctrlX WebUI):

• Go to DL Address opcuaclient/trace-configuration/facility-mask and set the last three figure to 599
• Go to DL Address opcuaclient/trace-configuration/trace-level and set the value to 511
  

   

• Go to DL Address DL Address "trace/rexroth-opcua-client/units/comm/opcua" and set all three values to true

   

  Afterwards try to connect again over OPC UA Client. Try it at least 2 times. Please generate a system report of the last hour after doing that and sending it to use.

After restarting the control the trace will be deactivated again.

Thanks and Best regards

smueller

Hello @smueller ,

Many thanks for your involvement.
Please find in attached the required system report.
Hope this will fulfill your needs.

Hello @Nathanael,

the trace helps a lot. What we see:

• The client can determine the address of server probably
• The client also start to sent to the server
• But the client cannot connect/bind to local socket to receive data

It seems for us there a issue on connection configuration on ctrlX with OPC UA Client.

Can you tell us how the connection is done on this side. Is the ctrlX connected over the ctrlX VPN Manager or is there a gateway behind which did the VPN connection? If the connection done over ctrlX VPN Manager can please provide its configuration to use. If the connection is done over gateway please check if there is a gateway configured in the corresponding interface.

Best regards

Sebastian

Hello @smueller ,

Sorry for my late reply due to business with customers.

The CtrlX Client is directly connected on an internet box like my PC with which connection to Server is ok by UA Expert.
We do not use any VPN connection and OPC server is reachable through internet.

I'll send you a private message with required user authentification so that you can try as well from your side.

Regards,
Nathanaël