Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Exception in SDK action ApplicationInstance.CheckApplicationInstanceCertificate

More
16 Jun 2021 07:08 - 16 Jun 2021 07:12 #9752 by support
We have been able to identify at least one possible cause of this issue, and suggest a solution. Please see: kb.opclabs.com/Error_%22The_specified_network_password_is_not_correct.%22 .
Last edit: 16 Jun 2021 07:12 by support.

Please Log in or Create an account to join the conversation.

More
17 Sep 2019 17:33 #7733 by admin
What I was suggesting was that you change the default - an example is here:

opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ic%20Certificate%20Stores.html

and store an absolute path into EasyUAClient.SharedParameters.EngineParameters.ApplicationParameters.ApplicationCertificateStore .

Best regards

Please Log in or Create an account to join the conversation.

More
17 Sep 2019 13:03 #7732 by boppbo

support wrote: Hello.

Have you tried to use a directory-based store, but still with the .NET Framework?

Regards


I didn't change the default:
> When targeting .NET Framework, all certificates that QuickOPC works with are located in some "shared" directory-based certificate store by default. (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html)

And i can't use localfolder for full framework:
> On .NET Standard development platform only: "%LocalFolder%" (case sensitive) (opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...ry%20Certificate%20Stores.html)

Please Log in or Create an account to join the conversation.

More
16 Sep 2019 18:57 #7729 by support
Hello.

Have you tried to use a directory-based store, but still with the .NET Framework?

Regards

Please Log in or Create an account to join the conversation.

More
12 Sep 2019 06:35 #7723 by boppbo

support wrote: Yes, a different version of OPC UA stack/SDK is used by QuickOPC in .NET Core as opposed to .NET Framework, so it is possible that there are differences (or, the difference is in the .NET runtime itself).

Referencing the .net standard dlls under .net framework directly, the problem does't occur for me. That makes sense, as the .net standard toolkit saves the certificates in the executable directory instead of the windows certificate store

support wrote: But it should not be needed for suibsequent runs - which I understand is your case, correct?

Yes, starting the application once with elevated privileges doesn't help.

support wrote: I am hypothesizing that there might be some policies in effect that restrict the access even for some "harmless" operations.

I asked our IT support. There shouldn't be any policies in effect.

Please Log in or Create an account to join the conversation.

More
07 Sep 2019 12:17 #7715 by support
Yes, a different version of OPC UA stack/SDK is used by QuickOPC in .NET Core as opposed to .NET Framework, so it is possible that there are differences (or, the difference is in the .NET runtime itself).

QuickOPC attempts to find the application certificate in the certificate store and if it does not find, it attempts to create it and save it into the store. Normally, it is the saving of the certificate into the store that requires elevate dprivileges - and it is therefore normal that running the application as administrator is required the first time it runs. But it should not be needed for suibsequent runs - which I understand is your case, correct? But still, the issue seems to be related to the permission of the user account used - and you might be right about the Azure AD. I am hypothesizing that there might be some policies in effect that restrict the access even for some "harmless" operations.

Sadly, I cannot offer more concrete suggestions or help. You may try to experiment with choosing different cert store, or a specific certificate:
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...html#Certificate%20Stores.html
- opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...%20Instance%20Certificate.html

Best regards

Please Log in or Create an account to join the conversation.

More
06 Sep 2019 10:44 #7712 by boppbo
Update: Everything works as expected when I run my code under .net core (with 5.54.1311). So the error must be in the platform specific net-framework code.

Sadly can't use .net core yet for an wpf application

Please Log in or Create an account to join the conversation.

More
06 Sep 2019 09:20 #7710 by boppbo
During evaluation of QuickOPC I always get this error. Something seems to be wrong with my certificate store or maybe it is because the computer is Azure-AD-joined.
I already tried deleting all stored certificates with the "UA Configuration Tool".

The simplest step to reproduce the error is to call "EasyUAClient.Install();", but it also happens for the "Read"-Methods of the EasyUAClient.
The only workaround I found is to run the application as administrator.

Using the Official OPC UA .Net Standard Stack (1.4.356) in the current version directly, the error doesn't occur. I saw that the toolkit does't use the current version. Maybe an update of the embedded SDK could help?

Tested Versions:
5.54.1311 net46
5.55.0-rev12 net47

Message:
OpcLabs.EasyOpc.UA.OperationModel.UAException : An OPC-UA operation failure with error code -1 (0xFFFFFFFF) occurred, originating from 'mscorlib'. The inner exception, of type 'System.Security.Cryptography.CryptographicException', contains details about the problem.
---- System.Security.Cryptography.CryptographicException : The specified network password is not correct.

+ The SDK action called was "ApplicationInstance.CheckApplicationInstanceCertificate".
+ The error occurred while creating or checking the (client) application instance certificate. Check event log entries for errors and warnings.
+ The certificate generator path was "C:\[removed]\bin\Opc.Ua.CertificateGenerator.exe".
Stack Trace:
at NetSdkEasyUAClient.Install()
at EasyUAClient.Install()
at OpcClientIntegrationTests.OpcClient_EngineBroken() in OpcClientIntegrationTests.cs line: 30
at
Inner Stack Trace
at CryptographicException.ThrowCryptographicException(Int32 hr)
at X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at X509Utils.LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle pCertCtx)
at X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at X509Certificate2.ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at CertificateFactory.Load(X509Certificate2 certificate, Boolean ensurePrivateKeyAccessible)
at CertificateIdentifier.Find(Boolean needPrivateKey)
at ApplicationInstance.CheckApplicationInstanceCertificate(Boolean silent, UInt16 minimumKeySize)
at <>c__DisplayClass31_0.<ValidateOrCreateClientCertificate>b__2()
at UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.063 seconds