Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

BadNonceInvalid error connecting to multiple OPC-UA Servers

More
30 May 2022 14:36 #10923 by support
Hello.

this error is generated on the client side, but indicates a problem in the server.

To help you understand what is happening, here is how the checking works. You need to understand that QuickOPC calls code in OPC Foundation UA stack, and both parts are involved in the checks.

1. OPC Foundation UA stack validates the server nonce only if security is actually in use (security policy URI does not correspond to "None" policy), AND there is non-anonymous user identity associated with the session.
2. If the conditions above are fulfilled, the OPC Foundation UA stack checks that the server nonce has at least the minimum length (default is 32), and that it is not all zeros. If there is a problem, it throws the error you are observing.
3. When it gets here, the OPC Foundation UA stack checks that the server nonce is not the same as previous one provided by the same server. If there is a problem, it would throw an BadNonceInvalid error too, but with a text saying "Server nonce is equal with previously returned nonce.".
4. QuickOPC later checks the server nonce again, but it does it regardless of the security policy URI or the usage of anonymous user identity. It does so because the OPC Foundation compliance test requires this behavior from compliant clients. The checks done in the QuickOPC layer can be turned off by the settings you have mentioned. Error codes/messages given by the QuickOPC layer are very different (they do *not* have the ServiceResult with BadNonceInvalid in them).

As you can see, in your case the problem is detected in the OPC UA stack, and therefore there is no setting to turn it off.

This has to be fixed by the server vendor.

Best regards

Please Log in or Create an account to join the conversation.

More
30 May 2022 13:38 #10922 by spicerno
Hello,

we're using the latest quickopc binary from .net framework 4.7.x.

Our application is running in a windows service, and is connecting to TWO distinct OPCUA servers, each one using a different EasyUAClient instance.
When we attempt to connect to the second server, the error below is returned:
UA SDK error (Opc.UA.ServiceResult=0x80240000) in 'static Session.Create'. OPC UA service result - {BadNonceInvalid}. Server nonce is not the correct length or not random enough.
+ Connection attempt #17; last connected at 1/1/0001 12:00:00 AM (local); unconnected for 00:03:58.6410000.
+ The client method called (or event/callback invoked) was 'DataChangeNotification'.",

It's not clear to me if it's an error raised by OPC UA server, or by QuickOPC UA layer.

I tired disabling client side ServerNonce checks with the code below, but the error generated is always the same
            EasyUAClient easyUAClient = new EasyUAClient();
            easyUAClient.Isolated = true;
            easyUAClient.IsolatedParameters.SessionParameters.RequireUniqueServerNonce = false;
            easyUAClient.IsolatedParameters.SessionParameters.RequireValidServerNonce = false;

Do you have any advice ?

Best regards,
Stefano

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.041 seconds