Showing results for 
Search instead for 
Did you mean: 

Problems with OPC UA Server

Problems with OPC UA Server

Long-established Member


We have a machine with a CtrlX on an End User in the pharmaceutical sector and we have to communicate with their MES via OPC UA Server. On this machine we use a CtrlX Core with OPC UA Server 1.16. 

There are two WinStudio screens working locally communicating via OPC UA perfectly. Then on a server we have the OPC UA client from MES called Traksys.

The problem is that we have installed the certificates both in the MES client and in the Server (CtrlX Core), we even get the client's certificate as Reject, we do the Trust, but then the client does not connect and closes the connection.

From the same server we tested it with UA Expert and it works. It must be something to do with the configuration or the type of certificate but we can't find it.

We have tried None/None and it doesn't work either. The connection is not counted by the CtrlX Core as rejected.

We have looked at the connections with Wireshark from the server and I don't understand why the connection is refused.

Attached are the Wireshark data the OPC UA Expert and MES client. Also the certificates.

One of the differences I see between certificates is the Basic Constraints. I don't know if this can affect it.



I am not an expert on these certificate and security issues. Do you see any problem in the client certificate that is incompatible with the OPC UA Server of CtrlX Core?

Anything you can try tell me, the customer is very important and has a lot of equipment from other manufacturers that work with OPC UA without problems.

Thanks in advance.


Established Member

Hello colleagues, 

In addition to what David said (we are trying together to solve the problem and visited the customer on site).

The MES system requires this Security Policy , and we tested it on the OPC UA Expert from the server itself and no problem.
The policy required by the MES System is Aes256-Sha256-RsaPss

Do you know if it could be any problem with the default OPC UA certificate self generated by the CtrlX Controller? 

Community Moderator
Community Moderator

If I understand it correct you have a OpcUA client, and you can't esatblish the communication.

You should verify the following:

  • Certificate trusted and still valid (date & time)
  • Date and time of Opc Server & Client correct set
  • Security configuration of ctrlX matches security requested by client (requested security option enabled?)
  • User used for OpcUA client login has at least access to OpcUA server and datalayer 
  • Maybe the OpcUa server diagnostics on the datalayer provide any information, which helps you to find the problem.


Established Member

Hello HMIGuide,

Thanks for the tips and the answer. We managed to connect with the same PC via OPC UA Expert (as OPC UA Client).
But there is something we are not doing right with the MES Server (OPC UA Client).

Do you know if there could be a problem regarding the OPC UA App version (Version 1.16 on the machine).

Community Moderator
Community Moderator

When you connecting with UA Expert I expect, that you use the same security settings.
Therefore I expect the problem on Opc UA client side (check docu of the client).

I once had problems with establishing a connection with WebIQ UA client, and couldn't find a missconfiguration. At the end I delete the configuration and created it new, and than it worked.

I don't think that the problem is on OpcUA server side, but as I mentioned you can try version 1.18 and check the OpcUA diagnostic on datalayer.