Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- OPCuA durch eine Firewall oder einen ssh-Tunnel
OPCuA durch eine Firewall oder einen ssh-Tunnel
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
If you are really getting the precise error message on the problematic computers and not something else (the errors may look confusingly same at the first sight), then let me repeat, the problem is not at all related to how you connect from QuickOPC, and all those SSH/DNAT things. It has to do with creation or checking the client instance certificate, which is independent from what later happens, connection-wise.
Regards
Please Log in or Create an account to join the conversation.
If you are looking at the right store but no certificates are there, are you sure you are running the program at least one with elevated privileges? This may be difference between the computers you are using. I know this gets into IT knowledge etc., but it cannot be avoided. Basically, in order for the certificate be placed to the store for the first time, it is possible that not only you need to be an administrator of the machine, but (depending on the UAC settings) you specifically have to tell Windows you want to run as administrator. And, if your program is in Python, this may mean you need to run Python in this way. It can get complicated, yes.
If you could you provide me with remote access to the machine, I might be able to resolve it remotely.
You cannot use certificate from other application (UAExpert), because it has a different subject name.
Best regards
Please Log in or Create an account to join the conversation.
i am programming a "workaround" :
the students get a class, which connects a win-server in school by http through a ssh-tunnel.
on this server, a python-cgi runs the tools of opclabs easy-opc, and so i can connect my plc.
this way, it works ...
Please Log in or Create an account to join the conversation.
i tried to contact my plant, but the same error was given.
with the launcher and its ua configuration tool, i opened the certificate store : "no certificates are in the store!
now i connected the plc with ua-expert opc client, and tried to import the certificate generated into the opc-labs store. it worked, but there is still the same error.
what to do ?
Please Log in or Create an account to join the conversation.
This error is not related to the DNAT or SSH usage; in fact, it is strictly "local" problem, not related to any connections made out of your application. The error indicates a problem with application's own instance certificate. The use of it cannot be turned off, unfortunately.
It is not clear what is causing the error - some users have reported it earlier, and as far as I can tell always with non-English Windows.
The help might be to delete the existing certificate, which will force QuickOPC to generate a new one. The procedure for it is here:
kb.opclabs.com/How_to_recreate_an_OPC_UA_application_instance_certificate
You probably will not have many OPC UA applications on the system, so recognizing the right certificate to delete should not be a problem. I do not know how the certificate name will look like, but if you are running from Python, it may even have the Python executable name in it.
I hope this helps. Let me know.
Best regards
Please Log in or Create an account to join the conversation.
hier in der Technikerschule München betreiben wir auf sehr niedrigem Niveau Programmierung mit OPCuA.
Mit dem Toolkit von OPCLabs prgrammieren wir in Python Zugriffe auf diverse SPS-Stuerungen.
Nun (Corona etc.) benötigen wir diese Zugriffe für Praxisübungen remote, also von den Heimrechnern der Schüler auf die Anlage in der Schule.
Ich möchte zwei Wege : DNAT über die Firewall, und ssh-Tunnel durch ein Linux auf die Steuerung.
Es funktioniert leider nicht, mit folgender Fehlermeldung :
File "<COMObject OpcLabs.EasyOPC.UA.EasyUAClient>", line 2, in ReadValue File "C:\python\lib\site-packages\win32com\client\dynamic.py",
line 271, in _ApplyTypes_
result = self._oleobj_.InvokeTypes(*(dispid,
LCID, wFlags, retType, argTypes) + args)
pywintypes.com_error: (-2147352567,
'Ausnahmefehler aufgetreten.', (0, 'mscorlib', 'Das angegebene Netzwerkkennwort ist falsch.\r\n\r\n+ The SDK action called was "ApplicationInstance.CheckApplicationInstanceCertificate".\r\n+
Following (1) events were gathered during the action on activity ID [10], in the order of first occurrence:\r\n SDK trace: Checking application instance certificate.\r\n+ The error occurred while creating or checking the (client) application instance certificate. Check event log entries for errors and warnings.\r\n+ The certificate generator path was "C:\\python\\Opc.Ua.CertificateGenerator.exe".\r\n+
This is an engine-level error.\r\n+ The client method called was \'ReadMultiple\'.', None, 0, -2147024810), None)
> Es liegt wohl am Zertifikatshandling, und dort am fehlerhaften Hostnamen durch den indirekten Zugriff ?
Ich verstehe nicht genug davon, um da selber einzugreifen. Optimal wäre, wenn ich den Zertifikatsmechanismus einfach ausschalten könnte, aber das muß unkompliziert machbar sein
Hilfe wäre super, es hängen viele Praktika mit Schülern daran, die sonst nicht durchgeführt werden können !
Reiner Doll
Please Log in or Create an account to join the conversation.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- OPCuA durch eine Firewall oder einen ssh-Tunnel