Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-UA in COM
- Connection, Reconnections, Certificates
- QuickOPC VBScript ASP example script not working, cont.
QuickOPC VBScript ASP example script not working, cont.
I am glad you got it working.
Regarding the type mismatch, may I ask you to create a new forum topic?
Regrads
Please Log in or Create an account to join the conversation.
- Kyle.Oshima@caltrol.com
- Topic Author
- Offline
- Platinum Member
- Posts: 35
- Thank you received: 1
On OPC UA client machine, moving noted rejected server certificate file from \RejectedCertificates\certs folder to \UA Applications\certs folder appears to resolve aforementioned {BadCertificateUntrusted} error -- nothing changed on OPC UA server machine.
Next step, ultimately our application needs to write to same node ID now shown to successfully be able to read from.
Following QuickOPC COM programming examples, QuickOPC OPC UA object call is returning {BadTypeMismatch} error, and am having difficulty finding how proper datatyping is to be specified.
From Examples - OPC Unified Architecture - Write and specify data type Example 1 states "...If you are calling from a COM language or tool, use the WriteMultipleValues method instead..." Following Examples - OPC Unified Architecture - Write multiple values as template, re-revised "ReadAndDisplayValue_VBScript.asp" example file (see code below) returns following error message: "Result 0: OPC UA service result - {BadTypeMismatch}. The value supplied for the attribute is not of the same type as the attribute's value. + The type of the value provided to the Write service was "System.Int16". + The type of the value passed to the operation was "System.Int16". + The attribute Id used was 'Value'. + The node descriptor used was: NodeId="ns=2;s=0:UM1/PARAM1.CV". + The client method called (or event/callback invoked) was 'WriteMultiple[1]'." (see screenshot below)
Please advise.
<!--$$Header: $-->
<!-- Copyright (c) CODE Consulting and Development, s.r.o., Plzen. All rights reserved. -->
<!---->
<!--Find all latest examples here : opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .-->
<%@ LANGUAGE="VBSCRIPT" %>
<html><head><t-itle>ReadAndDisplayValue_VBScript.asp</title></head>
<body>
<%
' Create EasyOPC-DA component
<!-- Dim Client: Set Client = CreateObject("OpcLabs.EasyOpc.DataAccess.EasyDAClient")-->
Dim Client: Set Client = CreateObject("OpcLabs.EasyOpc.UA.EasyUAClient")
Dim WriteValueArguments1: Set WriteValueArguments1 = CreateObject("OpcLabs.EasyOpc.UA.OperationModel.UAWriteValueArguments")
WriteValueArguments1.EndpointDescriptor.UrlString = "opc.tcp://ILDDEV-PROPLUS:9409/DvOpcUaServer"
WriteValueArguments1.NodeDescriptor.NodeId.ExpandedText = "ns=2;s=0:UM1/PARAM1.CV"
WriteValueArguments1.Value = 23456
Dim arguments(0)
Set arguments(0) = WriteValueArguments1
' Modify values of nodes
Dim results: results = Client.WriteMultipleValues(arguments)
' Display results
Dim i: For i = LBound(results) To UBound(results)
Dim WriteResult: Set WriteResult = results(i)
If WriteResult.Succeeded Then
Response.Write "Result " & i & " success"
Else
Response.Write "Result " & i & ": " & WriteResult.Exception.GetBaseException().Message
End If
Next
%>
</body>
</html>
Attachments:
Please Log in or Create an account to join the conversation.
- The "C:\ProgramData\OPC Foundation\CertificateStores" directory on the client machine contains the expected structure and certificates, but the server certificate is not trusted
- The target server is currently running on the same computer as the client, but in other system configurations it may also be on a different computer
- The target server uses a location different from "C:\ProgramData\OPC Foundation\CertificateStores" for its certificate storage
General information to OPC UA security: In general there are following security modes: insecure (MessageSecurityMode=None) and secure (MessageSecurityMode=Sign or SignAndEncrypt). The server and the client negotiate the security mode.
- When any secure mode is used, application certificates (from both sides) MUST be exchanged. There is absolutely no way around it. The client and the server also verify the certificate of the other side. The verification step, in theory, can be suppressed if the server or client allows it (QuickOPC has such a setting), but that should be reserved for testing/troubleshooting purposes.
- When insecure mode is used, whether the certificates must be present and exchanged depends on the precise version of the OPC UA protocol. Older versions required it; in the current version the exchange of certificates is optional when MessageSecurityMode=None.
General information to QuickOPC behavior:
- In the default state, if the server exposes an endpoint with MessageSecurityMode=None, QuickOPC will try to use it. This means that it will neither require nor verify the server certificate. The fact that the EasyOPCUADemo application has asked you for confirmation of the certificate is a clear indication that the server did NOT expose an endpoint with MessageSecurityMode=None at that time. From that, I can conclude that a) EasyOPCUADemo is using secure communication with certificates, and b) I think UaExpert and Matrikon's OPC UA Explorer are doing the same; you just forgot that at some point, a similar dialog was presented to you and the server certificate made permanently trusted in these tools.
Comments and answers related to the email exchange:
- "Can QuickOPC OPC UA object call(s) be made to work inside web application (classic ASP) without certificates […]? ". If the server had exposed an insecure endpoint, the answer would be Yes. But it currently does not expose an insecure endpoint (it may be configurable), therefore with the current server configuration the answer is No.
- "[…] can you provide details of steps needed to setup QuickOPC OPC UA object accordingly? ". Steps to make the server certificate trusted are described in QuickOPC User's Guide. In your case, in the "C:\ProgramData\OPC Foundation\CertificateStores" structure, simply copy the rejected server certificate, which is in "opcua_server [91E2037134DEC9FB9D7725CB0857890CCF8A0EF1].der" file, from RejectedCertificates\certs to UA Applications\certs . Note that after doing this, the error might change to something like BadSecureChannelClosed. This is expected. You now need to also tell the server to trust the client certificate. This is server specific and you should consult the server documentation on that.
- The server and client can very well be on different machines, and the only thing that changes is the endpoint URL of the server. The reason why the "which software is on which machine " issue came in the conversation was because it was not clear how your current system is set up and to which part of it your answers apply.
"[…] does that imply QuickOPC should be installed on the same machine running IIS?". Yes. I thought that was clear. Your ASP script in the IIS is instantiating COM objects (of QuickOPC) that need to reside there. But the QuickOPC objects can then connect to servers elsewhere.
Regards
Please Log in or Create an account to join the conversation.
In this case the likely reason of the error is that the client (your app) does not trust the server. In a secure OPC UA system, this is an expected and good thing. You are expected to specify which servers your application trusts, otherwise the application could be tricked to communicating with a malicious server.
Please verify that your system contains following directory: "C:\ProgramData\OPC Foundation\CertificateStores".
If so, start command line (with elevated privileges), switch to that directory, and enter command
dir /s >out.txt
Best regards
Please Log in or Create an account to join the conversation.
- Kyle.Oshima@caltrol.com
- Topic Author
- Offline
- Platinum Member
- Posts: 35
- Thank you received: 1
<!--$$Header: $-->
<!-- Copyright (c) CODE Consulting and Development, s.r.o., Plzen. All rights reserved. -->
<!---->
<!--Find all latest examples here : opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Latest/examples.html .-->
<%@ LANGUAGE="VBSCRIPT" %>
<html><head><t-itle>ReadAndDisplayValue_VBScript.asp</title></head>
<body>
<%
' Create EasyOPC-DA component
<!-- Dim Client: Set Client = CreateObject("OpcLabs.EasyOpc.DataAccess.EasyDAClient")-->
Dim Client: Set Client = CreateObject("OpcLabs.EasyOpc.UA.EasyUAClient")
' Read item value and display it
' Note: An exception can be thrown from the statement below in case of failure. See other examples for proper error
' handling practices!
On Error Resume Next
<!-- Dim value: value = Client.ReadItemValue("", "OPCLabs.KitServer", "Demo.Single")-->
Dim value: value = Client.ReadValue("opc.tcp://ILDDEV-PROPLUS:9409/DvOpcUaServer", "ns=2;s=0:UM1/PARAM1.CV")
If Err.Number <> 0 Then
Response.Write "*** Failure: " & Err.Source & ": " & Err.Description
End If
On Error Goto 0
' Display results
Response.Write "value: " & value
%>
</body>
</html>
Please Log in or Create an account to join the conversation.
- Kyle.Oshima@caltrol.com
- Topic Author
- Offline
- Platinum Member
- Posts: 35
- Thank you received: 1
Note, as noted in earlier related post chain, was able to get original OPC DA VBScript ASP example script working with classic ASP thru IIS.
re: question.1, line returning “error '80131600'” is .ReadValue() QuickOPC OPC UA object call
re: question.2, revised VBScript ASP example script incorporating similar On Error handler from noted Examples - OPC Unified Architecture - Read a single value -- returns following Err details "*** Failure: : OPC UA service result - {BadCertificateUntrusted}. Certificate is not trusted. Certificate is not trusted." (see screenshot below of returned webpage)
As noted, our application requires OPC UA interface to work inside web application, not console or desktop application.
Attachments:
Please Log in or Create an account to join the conversation.
I am confident we can make this work, but it will need multiple steps.
For start, I have some questions:
1. When you wrote "QuickOPC OPC UA object call is returning “error '80131600'” error", which line specifically is returning the error? Can you post your code and identify the line?
2. Is "“error '80131600'”" all the error info you could obtain? I would expect that if you do "On Error Resume Next", then there should be more interesting stuff in the Err object - mainly, the Err.Source and Err.Description properties - what values do they contain?
To your questions:
QuickOPC has a built-in user interface for dealing with some situations, like an untrusted certificate. However, that only works in console applications, and Windows desktop application. It does not work inside Web applications. I can point you to the place in our User's Guide that described this, but since you indicated you want to do ASP, you probably do not actually need that because you cannot use it.
It is quite possible that the error you are getting is also related to the certificate verification. I can help with that too, but I need the answers to the questions first.
Best regards
Please Log in or Create an account to join the conversation.
- Kyle.Oshima@caltrol.com
- Topic Author
- Offline
- Platinum Member
- Posts: 35
- Thank you received: 1
Since then our application requirements have been revised from interface over OPC DA to OPC UA.
Using QuickOPC demos from default product install (C:\Program Files (x86)\OPC Labs OPC Studio 2024.1\Demos-COM\EasyOPCUADemo.exe) we have been able to demonstrate the product appears capable of successfully communicating with the DCS OPC UA server and manipulating namespace control module values as needed (see screenshot below)
However, following QuickOPC COM programming examples (C:\Program Files (x86)\OPC Labs OPC Studio 2024.1\Examples-COM\VBScript\ASP\ReadAndDisplayValue_VBScript.asp and Examples - OPC Unified Architecture - Read a single value ) as template, QuickOPC OPC UA object call is returning “error '80131600'” error, and am having difficulty troubleshooting problem.
Note, with aforementioned EasyOPCUADemo.exe tool, when initially trying to read the DCS OPC UA server node ID, tool posts invalid certificate notification (see screenshot below) clicking "Yes" to accept the certificate anyway, tool appears to successfully return correct namespace control module values – is certificate issue likely the root cause of aforementioned "80131600" error?
Is there more detailed product documentation or examples providing specific steps needed for QuickOPC OPC UA object to communicate with OPC UA server without certificate authentication, similar to what aforementioned EasyOPCUADemo.exe tool apparently does if aforementioned notification dialog is simply acknowledged with “Yes”?
Attachments:
Please Log in or Create an account to join the conversation.
- Forum
- Discussions
- QuickOPC-UA in COM
- Connection, Reconnections, Certificates
- QuickOPC VBScript ASP example script not working, cont.