FORUM CTRLX AUTOMATION
ctrlX World Partner Apps for ctrlX AUTOMATION
03-06-2020 02:44 PM - last edited on 03-17-2020 05:10 PM by ChristianZ
The note may be interessting to those of you who wonder .... why a OPC UA setup with a updated device_admin is not working anymore,
.... why the UaExpert testclient is responding unexpeted with ... badhostUnknown
.... why WinStudio OPC UA client is not appropreate anymore to get access to the ctrlX.
At the beginning of ctrlX ( device_admin <=250) unsecure connection/request had been accepted by that ctrlX- device_app. Access to data had been provided and security_features had not been focused on. Nowadays the security token restriction had been implemented inside the device_admin ignoring unsecure requests at all. -> Without securitytoken no answer. (Bad communication .... )
According to that - either fullfill the requirement and get answers or the speak unsecure and do not receive any reply.
Hence, e.g. OPC UA server app needs to talk in a secure manner toward device_admin...which is provide in the updated app.
In addition the communication of the WinStudio located OPC UA client and (ctrlX CORE placed )OPC UA server is not fullfilling the security standards regarding the security-politics. the client does not talk the "security-languages" the server offers.
Unfortunatly the client security features are not update-able yet. Unsecure communication inbetween both OPC UA is only feasible which is not acceptable in many cases.
Further info available:
https://www.unified-automation.com/news/news-details/article/user-authentication-token-exploit.html
https://apps.opcfoundation.org/ProfileReporting/index.htm?ModifyProfile.aspx?ProfileID=45f01bb8-4a15...
In case the WinStudioHMI is supposed to ignore that security standards - WinStudio can be most likely enabled to get permission to the datalayer-data by operating with a modified OPC UA server app. That needs to be checked/tested and judged seperately and in dialog with the corresponding R&D colleagues/application.
Solved! Go to Solution.
05-11-2020 10:47 AM
Release of the new WinStudio with 256bit encryption is planned in Indraworks 15V08 in July of this year.
04-20-2021 09:31 PM
04-21-2021 08:55 AM - edited 04-21-2021 09:04 AM
Please check the system clocks from your ctrlX CORE and your HMI or engineering PC. They have to be the same for correct security checks.
Also with WinStudio included in IW 15V10 is still a bug in the certification tool. You would need the actual IW15V12 with WinStudio runtime 7.4 SP2 on the HMI PC.
At last please beware that the name of the HMI PC has to be insert in the certificate.
04-21-2021 04:13 PM
Thanks. that was it. Now its working
05-04-2021 09:23 AM
Which version you used to make this work?
05-04-2021 09:31 AM - edited 05-04-2021 11:41 AM
IW15V12 with WinStudio runtime 7.4 SP2 on the HMI PC
ctrlX OPCUA Server 1.8.2 on the ctrlX CORE
EDIT: IW15V10.P1 on the Engineering PC.
05-04-2021 10:29 AM
And there is no alternative IW-Suite version - covering the WinStudio runtime 7.4 SP2 - available so far.
(Runtime functionality needs to dock/correspond to the Engineering-tool--functionality).
05-04-2021 11:40 AM - edited 05-04-2021 02:46 PM
You can use an IndraWorks 15V10.P1 on your engineering PC to connect to the latest Winstudio runtime 7.4 SP2 on a target (e.g. VR21).
08-25-2021 01:09 PM
09-03-2021 11:54 AM
11-23-2022 11:55 AM
Update:
If you use WinStudio from IW15V16P1 you can communicate with a VR21. Due to the fact, that there are some files missing in the OS of the VR21, you have to choose OPC_UA communication without Security. This you have also to define inside the ctrlx:
I refer to the actual ctrlx Version (1.16.0)
Peter