support wrote: Hello.

Have you tried to use a directory-based store, but still with the .NET Framework?

Regards

I didn't change the default:
> When targeting .NET Framework, all certificates that QuickOPC works with are located in some "shared" directory-based certificate store by default. (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html)

And i can't use localfolder for full framework:
> On .NET Standard development platform only: "%LocalFolder%" (case sensitive) (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ry%20Certificate%20Stores.html)

support wrote: Yes, a different version of OPC UA stack/SDK is used by QuickOPC in .NET Core as opposed to .NET Framework, so it is possible that there are differences (or, the difference is in the .NET runtime itself).

Referencing the .net standard dlls under .net framework directly, the problem does't occur for me. That makes sense, as the .net standard toolkit saves the certificates in the executable directory instead of the windows certificate store

support wrote: But it should not be needed for suibsequent runs - which I understand is your case, correct?

Yes, starting the application once with elevated privileges doesn't help.

support wrote: I am hypothesizing that there might be some policies in effect that restrict the access even for some "harmless" operations.

I asked our IT support. There shouldn't be any policies in effect.

Update: Everything works as expected when I run my code under .net core (with 5.54.1311). So the error must be in the platform specific net-framework code.

Sadly can't use .net core yet for an wpf application

During evaluation of QuickOPC I always get this error. Something seems to be wrong with my certificate store or maybe it is because the computer is Azure-AD-joined.
I already tried deleting all stored certificates with the "UA Configuration Tool".

The simplest step to reproduce the error is to call "EasyUAClient.Install();", but it also happens for the "Read"-Methods of the EasyUAClient.
The only workaround I found is to run the application as administrator.

Using the Official OPC UA .Net Standard Stack (1.4.356) in the current version directly, the error doesn't occur. I saw that the toolkit does't use the current version. Maybe an update of the embedded SDK could help?

Tested Versions:
5.54.1311 net46
5.55.0-rev12 net47

Message:
OpcLabs.EasyOpc.UA.OperationModel.UAException : An OPC-UA operation failure with error code -1 (0xFFFFFFFF) occurred, originating from 'mscorlib'. The inner exception, of type 'System.Security.Cryptography.CryptographicException', contains details about the problem.
---- System.Security.Cryptography.CryptographicException : The specified network password is not correct.

+ The SDK action called was "ApplicationInstance.CheckApplicationInstanceCertificate".
+ The error occurred while creating or checking the (client) application instance certificate. Check event log entries for errors and warnings.
+ The certificate generator path was "C:\[removed]\bin\Opc.Ua.CertificateGenerator.exe".
Stack Trace:
at NetSdkEasyUAClient.Install()
at EasyUAClient.Install()
at OpcClientIntegrationTests.OpcClient_EngineBroken() in OpcClientIntegrationTests.cs line: 30
at

---

Inner Stack Trace

---

at CryptographicException.ThrowCryptographicException(Int32 hr)
at X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at X509Utils.LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle pCertCtx)
at X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at X509Certificate2.ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at CertificateFactory.Load(X509Certificate2 certificate, Boolean ensurePrivateKeyAccessible)
at CertificateIdentifier.Find(Boolean needPrivateKey)
at ApplicationInstance.CheckApplicationInstanceCertificate(Boolean silent, UInt16 minimumKeySize)
at <>c__DisplayClass31_0.<ValidateOrCreateClientCertificate>b__2()
at UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)