Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Exception while trying to connect to an OPC UA Server

More
13 Sep 2023 09:10 #12100 by support
Hello.

The attachment is missing (after selecting the file, do not forget to "insert" it into the post).
We only do online forums and email, for tech support.

Regards

Please Log in or Create an account to join the conversation.

More
13 Sep 2023 08:03 #12099 by micham
Hi,

See the attached document that shows all the steps in UA Expert to connect to the Honeywell OPC UA server.

I understand that supporting us with this issue is out of the scope of your support. Are you willing to remotely connect to the customer's computer (in Belgium) and help us for an additional fee?

I appreciate your answer.

Thank you.

Michael
Attachments:

Please Log in or Create an account to join the conversation.

More
12 Sep 2023 15:04 #12097 by support
You will have to show me the UaExpert does that. Maybe it asks the user whether he wants to trust an otherwise unaccepted certificate anyway. Or is not connecting securely (with the use of certificate) at all. There are multiple possibilities.

To the question: "What do you recommend?" : I have already answered that. The CA certificate(s) need to be placed into the Trusted issuers store (in addition to Trusted peers). This is fairly standard procedure.

There are also ways to tell QuickOPC to blindly accept the certificate anyway, but of course that's totally insecure.

Regards

Please Log in or Create an account to join the conversation.

More
12 Sep 2023 14:59 #12096 by micham
Hi,

Thank you for your answer. So if something is wrong with the certificate how come that the UA Expert is able to deal with it and browsing is Okay?

I don't know what kind of certificate is it. Our OPC Client software is installed in the customer's site in Belgium. He needs to connect to the UA Server...

What do you recommend?

Thank you.

Michael

Please Log in or Create an account to join the conversation.

More
12 Sep 2023 14:54 #12095 by support
From the name of the issuer of the server certificate ("CN=GTCHVE3SA01 Root CA."), I can guess that this is not a self-signed certificate, but a certificate issued by a certificate authority, i.e. a part of the PKI infrastructure.

In this case also you also need to manage the CA certificates (the trusted CA certificates need to be in Trusted Issuers certificate store). This is more complicated than with self-signed certificates.

You need to get a reasonable understanding of how this kind of security setup works, but explaining it is outside of the scope of the forum and our tech support. There are whole parts of the OPC UA specification dedicated to it. I am willing to help, but mainly with issues that have to do with specifically with QuickOPC support for this.

Regards

Please Log in or Create an account to join the conversation.

More
12 Sep 2023 14:47 #12094 by micham
Hi,

I am getting an exception when trying to connect to an OPC UA Server (Honeywell EBI). See the details below. Browsing is Okay when using UA Expert using the same security policy and security mode.

Exception 1)
======================================================

Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x80130000) in 'static Session.Create'. OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
+ Connection attempt #5; last connected at 01-01-01 00:00:00 (local); unconnected for 00:32:44.2030000.
+ The endpoint URL string used was "opc.tcp://10.19.166.10:4840".
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
--- End of inner exception stack trace ---
Activity Trace:
Following (3) events were gathered during the action on activity ID [26], in the order of first occurrence:
3*Exception: {Opc.Ua.ServiceResultException} Certificate chain not complete. SubjectName: CN=GTCHVE3SA01 OPCUA Server IssuerName: CN=GTCHVE3SA01 Root CA

Data:
ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((26, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((26, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((26, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 26
8970fe52-aaa4-40f7-9a6e-74cdcee56724: static Session.Create
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException:
OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Data:
ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: Opc.UA.ServiceResult=0x80130000
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2148728832
Message:
OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Service Result: BadSecurityChecksFailed
Additional Info:
Description:
Inner Result: BadSecurityChecksFailed
Additional Info:
>>> Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA
--- at Opc.Ua.CertificateValidator.GetIssuersWithChainSupportEnabled(X509Certificate2Collection certificates, List`1 issuers)
--- at Opc.Ua.CertificateValidator.InternalValidateWithChainSupportEnabled(X509Certificate2Collection certificates)
--- at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain)
Description:
Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA
Inner Result:
Message:
Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Is Standard: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadSecurityChecksFailed
Code Bits: 32787
Code Bits Symbol: BadSecurityChecksFailed
Condition: 19
Description: An error occurred verifying security.
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2148728832
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text:
{BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Message: An error occurred verifying security.
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Is Standard: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadSecurityChecksFailed
Code Bits: 32787
Code Bits Symbol: BadSecurityChecksFailed
Condition: 19
Description: An error occurred verifying security.
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2148728832
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text:
{BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Service Target Site: Void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2Collection)
DeclaringType: Opc.Ua.CertificateValidator
Module: Opc.Ua.Core.dll
Assembly: Opc.Ua.Core, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: C:\Program Files (x86)\Control-See\EBO-OPC Client\BIN\Opc.Ua.Core.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: de76a6af-12bb-481b-8ef7-2df5f7a00d0a
Name: Opc.Ua.Core.dll
ScopeName: Opc.Ua.Core.dll
Source: Opc.Ua.Core
Stack Trace:
at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitCertificateValidator.Validate(X509Certificate2Collection chain)
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.Client.UAClientSessionBase.<>c__DisplayClass144_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x80130000) in 'static Session.Create'. OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
+ Connection attempt #5; last connected at 01-01-01 00:00:00 (local); unconnected for 00:32:44.2030000.
+ The endpoint URL string used was "opc.tcp://10.19.166.10:4840".
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'.
Source:
Stack Trace:
== Activity Trace ==
Following (3) events were gathered during the action on activity ID [26], in the order of first occurrence:
3*Exception: {Opc.Ua.ServiceResultException} Certificate chain not complete. SubjectName: CN=GTCHVE3SA01 OPCUA Server IssuerName: CN=GTCHVE3SA01 Root CA

TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:



Exception 2)
=======================
Exceptions

Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x80130000) in 'static Session.Create'. OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
+ Connection attempt #5; last connected at 01-01-01 00:00:00 (local); unconnected for 00:32:44.2030000.
+ The endpoint URL string used was "opc.tcp://10.19.166.10:4840".
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
--- End of inner exception stack trace ---
Activity Trace:
Following (3) events were gathered during the action on activity ID [26], in the order of first occurrence:
3*Exception: {Opc.Ua.ServiceResultException} Certificate chain not complete. SubjectName: CN=GTCHVE3SA01 OPCUA Server IssuerName: CN=GTCHVE3SA01 Root CA

Data:
ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((26, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((26, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((26, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 26
8970fe52-aaa4-40f7-9a6e-74cdcee56724: static Session.Create
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException:
OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Data:
ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: Opc.UA.ServiceResult=0x80130000
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2148728832
Message:
OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Service Result: BadSecurityChecksFailed
Additional Info:
Description:
Inner Result: BadSecurityChecksFailed
Additional Info:
>>> Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA
--- at Opc.Ua.CertificateValidator.GetIssuersWithChainSupportEnabled(X509Certificate2Collection certificates, List`1 issuers)
--- at Opc.Ua.CertificateValidator.InternalValidateWithChainSupportEnabled(X509Certificate2Collection certificates)
--- at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain)
Description:
Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA
Inner Result:
Message:
Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Is Standard: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadSecurityChecksFailed
Code Bits: 32787
Code Bits Symbol: BadSecurityChecksFailed
Condition: 19
Description: An error occurred verifying security.
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2148728832
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text:
{BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Message: An error occurred verifying security.
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Is Standard: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadSecurityChecksFailed
Code Bits: 32787
Code Bits Symbol: BadSecurityChecksFailed
Condition: 19
Description: An error occurred verifying security.
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2148728832
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text:
{BadSecurityChecksFailed}. An error occurred verifying security.
--> {BadSecurityChecksFailed}. Certificate chain not complete.
SubjectName: CN=GTCHVE3SA01 OPCUA Server
IssuerName: CN=GTCHVE3SA01 Root CA.
Service Target Site: Void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2Collection)
DeclaringType: Opc.Ua.CertificateValidator
Module: Opc.Ua.Core.dll
Assembly: Opc.Ua.Core, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: C:\Program Files (x86)\Control-See\EBO-OPC Client\BIN\Opc.Ua.Core.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: de76a6af-12bb-481b-8ef7-2df5f7a00d0a
Name: Opc.Ua.Core.dll
ScopeName: Opc.Ua.Core.dll
Source: Opc.Ua.Core
Stack Trace:
at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitCertificateValidator.Validate(X509Certificate2Collection chain)
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.Client.UAClientSessionBase.<>c__DisplayClass144_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x80130000) in 'static Session.Create'. OPC UA service result - {BadSecurityChecksFailed}. An error occurred verifying security.
+ Connection attempt #5; last connected at 01-01-01 00:00:00 (local); unconnected for 00:32:44.2030000.
+ The endpoint URL string used was "opc.tcp://10.19.166.10:4840".
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'.
Source:
Stack Trace:
== Activity Trace ==
Following (3) events were gathered during the action on activity ID [26], in the order of first occurrence:
3*Exception: {Opc.Ua.ServiceResultException} Certificate chain not complete. SubjectName: CN=GTCHVE3SA01 OPCUA Server IssuerName: CN=GTCHVE3SA01 Root CA

TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:


Any idea what is causing the exception?
Thank you.

Michael

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.201 seconds