Online Forums
Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.
Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.
Do not use the Contact page for technical issues.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- Cannot connect to KepServer - OPC UA service result - {BadUserAccessDenied}
Cannot connect to KepServer - OPC UA service result - {BadUserAccessDenied}
Please Log in or Create an account to join the conversation.
Best regards,
Michael
Please Log in or Create an account to join the conversation.
micham wrote: Hi,
I am using this code in my OPC client.
Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity("micham", "*********")
I have defined a user in the KepWare OPC UA server (see attached)
I have set "Allow Anonymous Login" to "No".
I tried browsing and got the following error. Any idea what is the problem?
Thank you.
Michael
Exceptions
Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
--- End of inner exception stack trace ---
Activity Trace:
Data:
ErrorId: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 19
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Data: ErrorId: Opc.UA.ServiceResult=0x801F0000
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2149515264
Message: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Result: BadUserAccessDenied
Additional Info:
Description: Endpoint does not supported the user identity type provided.
Inner Result:
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadUserAccessDenied
Code Bits: 32799
Code Bits Symbol: BadUserAccessDenied
Condition: 31
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2149515264
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Target Site: Void Open(System.String, UInt32, Opc.Ua.IUserIdentity, System.Collections.Generic.IList`1[System.String], Boolean)
DeclaringType: Opc.Ua.Client.Session
Module: Opc.Ua.Client.dll
Assembly: Opc.Ua.Client, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(1)\bin\Debug\Opc.Ua.Client.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: f685d7d5-5ec1-45ad-986e-dc91a46c4268
Name: Opc.Ua.Client.dll
ScopeName: Opc.Ua.Client.dll
Source: Opc.Ua.Client
Stack Trace:
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.ClientServer.UAClientSessionBase.<>c__DisplayClass147_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:
Please Log in or Create an account to join the conversation.
BTW, please edit your previous post and remove your password in case it is something you do not want the world to see.
Best regards
Please Log in or Create an account to join the conversation.
I am using this code in my OPC client.
Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity("micham", "**************")
I have defined a user in the KepWare OPC UA server (see attached)
I have set "Allow Anonymous Login" to "No".
I tried browsing and got the following error. Any idea what is the problem?
Thank you.
Michael
Exceptions
Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
--- End of inner exception stack trace ---
Activity Trace:
Data:
ErrorId: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((19, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 19
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Data: ErrorId: Opc.UA.ServiceResult=0x801F0000
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2149515264
Message: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Result: BadUserAccessDenied
Additional Info:
Description: Endpoint does not supported the user identity type provided.
Inner Result:
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadUserAccessDenied
Code Bits: 32799
Code Bits Symbol: BadUserAccessDenied
Condition: 31
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2149515264
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Target Site: Void Open(System.String, UInt32, Opc.Ua.IUserIdentity, System.Collections.Generic.IList`1[System.String], Boolean)
DeclaringType: Opc.Ua.Client.Session
Module: Opc.Ua.Client.dll
Assembly: Opc.Ua.Client, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(1)\bin\Debug\Opc.Ua.Client.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: f685d7d5-5ec1-45ad-986e-dc91a46c4268
Name: Opc.Ua.Client.dll
ScopeName: Opc.Ua.Client.dll
Source: Opc.Ua.Client
Stack Trace:
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.ClientServer.UAClientSessionBase.<>c__DisplayClass147_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:
Please Log in or Create an account to join the conversation.
a) Additional question: Which checkboxes do you have enabled under "Security Policies" in the Endpoint Configuration for the endpoint you are using, in the KEPServerEx? I am referring to the dialog (example) below:
b) The "appuser" username and "demo" password are for the GDS example server. I am not sure if you have configured your server to use the very same user name and password.
Best regards
Attachments:
Please Log in or Create an account to join the conversation.
Sure. See below.
Dim gdsEndpointDescriptor As UAEndpointDescriptor =
New UAEndpointDescriptor(MyServerURL) _
.WithUserNameIdentity("appuser", "demo")
Regards,
Michael
Please Log in or Create an account to join the conversation.
Thank you
Please Log in or Create an account to join the conversation.
1. I tried it. It is working fine now with anonymous user.
2. I tried it. I get this error when trying to browse:
OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Exceptions
Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
--- End of inner exception stack trace ---
Activity Trace:
Data:
ErrorId: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((5, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((5, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 5
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Data: ErrorId: Opc.UA.ServiceResult=0x801F0000
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2149515264
Message: OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Result: BadUserAccessDenied
Additional Info:
Description: Endpoint does not supported the user identity type provided.
Inner Result:
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadUserAccessDenied
Code Bits: 32799
Code Bits Symbol: BadUserAccessDenied
Condition: 31
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2149515264
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
Service Target Site: Void Open(System.String, UInt32, Opc.Ua.IUserIdentity, System.Collections.Generic.IList`1[System.String], Boolean)
DeclaringType: Opc.Ua.Client.Session
Module: Opc.Ua.Client.dll
Assembly: Opc.Ua.Client, Version=1.3.342.0, Culture=neutral, PublicKeyToken=6faddca41dacb409
CustomAttributes:
FullyQualifiedName: D:\MyBin\Proj-VS2017\EBO-OPC Client\Configuration(1)\bin\Debug\Opc.Ua.Client.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: 5171d3a9-7cd0-4339-8411-4626e4a4b08c
Name: Opc.Ua.Client.dll
ScopeName: Opc.Ua.Client.dll
Source: Opc.Ua.Client
Stack Trace:
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupSession, Action`1 setupTransportChannel)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.Create(ApplicationConfiguration configuration, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 millisecondsSessionTimeout, Func`2 identityFunction, IList`1 preferredLocales, Action`2 domainCheckError, Action`1 setupTransportChannel, UAClientSessionBase clientSession)
at OpcLabs.EasyOpc.UA.Toolkit.ClientServer.UAClientSessionBase.<>c__DisplayClass147_0.<CreateSdkSession>b__2()
at OpcLabs.EasyOpc.UA.Toolkit.UAEngineBase.PerformSdkAction(UASdkCallType callType, Func`1 usingFunction, String name, Action sdkAction)
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x801F0000) in 'static Session.Create'. OPC UA service result - {BadUserAccessDenied}. Endpoint does not supported the user identity type provided.
+ This error should mean an authorization (permissions) problem, not an authentication problem, but some servers are using it instead of rejecting the identity token (BadIdentityTokenRejected).
+ The user identity used was: Anonymous.
+ The problem might be caused by the fact that no (non-anonymous) user name token was specified.
+ The client method called (or event/callback invoked) was 'BrowseMultiple'.
Source:
Stack Trace:
TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:
Can you please advise?
Thank you.
Michael
Please Log in or Create an account to join the conversation.
1. I have quickly checked, and I suggest that in KEPServerEX configuration, you verify what you have under Edit -> Properties, OPC UA -> Client Sessions -> Allow anonymous login. It should be "Yes" if you want to connect without user authentication.
I want to make clear that it is not our task to provide support for the server side.
2. My fault. It should be WithUserNameIdentity.
Best regards
Please Log in or Create an account to join the conversation.
- Forum
- Discussions
- QuickOPC-UA in .NET
- Connections, Reconnections, Certificates
- Cannot connect to KepServer - OPC UA service result - {BadUserAccessDenied}