Thank you.

Next time I will start a new thread. I thought it is related...

Two questions regarding solution 2) below,

1) Do you mean this section?

EasyUAApplication.Instance.ApplicationParameters.ApplicationManifest.ApplicationName =
"QuickOPC - VBNet example application"

If we do it, what will be displayed in the Administer OPC UA Application -> Application Certificate -> Subject URL name? See below.



2) Will it show the application name that we set in our code?

Thank you.

Michael

Hello.
next time, please create a new forum thread, for reporting new issues. You can always link to some other thread if there is a relationship.

It is difficult to judge, because the pictures you have attached have degraded resolution. But after some enlarging, and some guesswork, I think that I can see that the reason (see picture):



You have probably updated your software, and also updated its version number. The default QuickOPC behavior is that it constructs the OPC UA Application URI based on various pieces of information, including the version number. But, the Application URI must match the one in the application certificate - and in this case, it does not (the certificate has ....108.0 in it, but the software itself is ....109.0).

Some applications benefit from this behavior (because it allows multiple versions of the application coexist on the same computer), while others do not (because they want the application to effectively remain "THE SAME" application after a version update).

You can either:

1) Regenerate the certificate (the "Create/recreate own certificate"); in turn, you will have to re-establish the trust on the server side (so that the server trusts the new client certificate). And, repeat this process every time the application version changes.

OR

2) At the beginning of your application, place a piece of code that will configure a more "fixed" application URI, such as that it does not change with version number changes [this does not resolve the very current instance of the problem; but it just addresses the same thing for all future deployments]. See: opclabs.doc-that.com/files/onlinedocs/QuickOpc/Latest/User%2...%20Application%20Manifest.html . In short, you need to set some URI string into the EasyUAApplication.Instance.ApplicationParameters.ApplicationManifest.ApplicationUriString property.

Best regards

Hi,

Operating system is Windows Server 2016.

Today we tried connecting and reading OPC items and got an exception. See the attached files.

Any idea what is the problem? UA Expert works fine.






Thank you.

Michael

Hello,

I do not want to side-track you too much from the main issue (which is establishing the communication between the client and the server, and all the certificate-related stuff), but I have some additional questions from the developer regarding the crash you got while browsing (after existing the OPC UA Application Administration dialog). If you can answer at least part of it, it would be nice.

1. Can you reproduce it multiple times, or was it "one-time" occurrence?
2. Did it happen on Windows 10, or Windows 11?
3. Is there an entry in Windows Application log at the time of crash, and if so, can yo please send its full text? Or, if the crash happens again, please select all text in the crash dialog, copy it and send over (i.e. not just the screenshot - because it contains just part of the call stack, not the whole stack)

Many thanks

Hello.

Believe me or not, we are making progress. This error was expected. You now have a new client-side certificate, so the server needs to be configured to accept it.
After you/your customer does so, you should be OK.

Best regards

Hi Thank you for your answers.

See my response below. I still get an exception.









Exceptions

Type: OpcLabs.BaseLib.Browsing.BrowseException
Data:
HelpLink:
HResult: -2146233088 (0x80131500)
InnerException:
OpcLabs.EasyOpc.UA.Engine.UAEngineException: UA SDK error (Opc.UA.ServiceResult=0x80130000) in 'static Session.Create'. OPC UA service result - {BadSecurityChecksFailed}. Error establishing a connection: Error received from remote host:.
+ Connection attempt #1; last connected at 01-01-01 00:00:00 (local); unconnected for 00:00:00.
+ The endpoint URL string used was "opc.tcp://GTCHVE3SA01:4840".
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'. ---> OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadSecurityChecksFailed}. Error establishing a connection: Error received from remote host:.
--> {BadSecurityChecksFailed}. Error received from remote host:. Error establishing a connection: Error received from remote host:
--- End of inner exception stack trace ---
Activity Trace:
Following (25) events were gathered during the action on activity ID [24], in the order of first occurrence:
SDK trace: Imported the PFX private key for [E4497FB07A132B655DEEABCC37B2F547CA162E4A].
SDK trace: An unexpected certificate was used in the certificate chain. [CN=GTCHVE3SA01 Root CA] [11A710E518FAF255C41A884EF3EEEE2E2607C9AE]
2*Exception: {Opc.Ua.ServiceResultException} Certificate chain validation incomplete.
SDK trace: Certificate Validation failed. Reason=BadCertificateChainIncomplete. [CN=GTCHVE3SA01 OPCUA Server] [D4E1EEF087B0B7D54DC8887C97276DFD72B35C7C]
SDK trace: -- BadCertificateUntrusted 'Certificate is not trusted.'
SDK trace: -- BadCertificateUntrusted 'Certificate Issuer is not trusted.'
SDK trace: Validation errors suppressed: [CN=GTCHVE3SA01 OPCUA Server] [D4E1EEF087B0B7D54DC8887C97276DFD72B35C7C]
SDK trace: CreateSession Called. RequestHandle=1, PendingRequestCount=1
SDK trace: ChannelId 0: in Connecting state.
[7] SDK trace: ChannelId 0: SendHelloMessage()
[7] SDK trace: ChannelId 0: ProcessAcknowledgeMessage()
[7] SDK trace: ChannelId 0: in Opening state.
[7] SDK trace: ChannelId 0: Token #0 created. CreatedAt=15:30:44.544. Lifetime=3600000.
[7] SDK trace: ChannelId 0: ProcessErrorMessage(BadSecurityChecksFailed 'Error received from remote host: ')
[31] Exception: {Opc.Ua.ServiceResultException} Error received from remote host:
4*Exception: {Opc.Ua.ServiceResultException} Error establishing a connection: Error received from remote host:
SDK trace: CreateSession Completed. RequestHandle=1, PendingRequestCount=0, StatusCode=-2147483648
[34] SDK trace: ChannelId 0: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[34] SDK trace: ChannelId 0: in Closed state.
[34] SDK trace: ChannelId 0: CLIENTCHANNEL SOCKET CLOSED: 030EEF05
Exception: {System.AggregateException} One or more errors occurred.
Events starting with activity ID in [] may not necessarily be related to the current action.

Data:
ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: OpcLabs.UAEngine=1
7b4d9f28-22a8-41d6-93ea-e4d8c2a75da8:
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((24, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((7, 0), Opc.Ua.TraceEventArgs)
((7, 0), Opc.Ua.TraceEventArgs)
((7, 0), Opc.Ua.TraceEventArgs)
((7, 0), Opc.Ua.TraceEventArgs)
((7, 0), Opc.Ua.TraceEventArgs)
((31, 0), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((24, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((24, 1), Opc.Ua.TraceEventArgs)
((24, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((34, 0), Opc.Ua.TraceEventArgs)
((34, 0), Opc.Ua.TraceEventArgs)
((34, 0), Opc.Ua.TraceEventArgs)
((24, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((24, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
((24, 1), System.Runtime.ExceptionServices.FirstChanceExceptionEventArgs)
c3c0e69e-bf8f-4bfa-8e93-816783737e55: 24
8970fe52-aaa4-40f7-9a6e-74cdcee56724: static Session.Create
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Error Code: 1
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException:
OpcLabs.EasyOpc.UA.UAServiceException: OPC UA service result - {BadSecurityChecksFailed}. Error establishing a connection: Error received from remote host:.
--> {BadSecurityChecksFailed}. Error received from remote host:. Error establishing a connection: Error received from remote host:
Data:
ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: Opc.UA.ServiceResult=0x80130000
OpcLabs.EasyOpc.UA.Implementation.ErrorEnhancingEasyUAClient.Processed: True
Help Link:
HResult: -2146232832 (0x80131600)
InnerException:
Internal Code: 2148728832
Message:
OPC UA service result - {BadSecurityChecksFailed}. Error establishing a connection: Error received from remote host:.
--> {BadSecurityChecksFailed}. Error received from remote host:. Error establishing a connection: Error received from remote host:
Service Result: BadSecurityChecksFailed
Additional Info:
Description: Error establishing a connection: Error received from remote host:
Inner Result: BadSecurityChecksFailed
Additional Info:
>>> Error received from remote host:
--- at Opc.Ua.Bindings.ChannelAsyncOperation`1.End(Int32 timeout, Boolean throwOnError)
--- at Opc.Ua.Bindings.UaSCUaBinaryClientChannel.OnConnectOnDemandComplete(Object state)
Description: Error received from remote host:
Inner Result:
Message: Error received from remote host:.
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Is Standard: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadSecurityChecksFailed
Code Bits: 32787
Code Bits Symbol: BadSecurityChecksFailed
Condition: 19
Description: An error occurred verifying security.
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2148728832
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text: {BadSecurityChecksFailed}. Error received from remote host:.
Message: Error establishing a connection: Error received from remote host:.
Qualified Symbolic ID:
Expanded Text:
Is Null: True
Is Standard: True
Name:
Namespace Index: 0
Namespace URI:
Namespace URI String:
Standard Name:
Status Code: BadSecurityChecksFailed
Code Bits: 32787
Code Bits Symbol: BadSecurityChecksFailed
Condition: 19
Description: An error occurred verifying security.
Flag Bits: 0
Has Data Value Info: False
Info Type: NotUsed
Internal Value: 2148728832
Is Bad: True
Is Good: False
Is Uncertain: False
Limit Info: None
Overflow: False
Semantics Changed: False
Severity: BadOrFailure
Status Info: Error
Structure Changed: False
Text:
{BadSecurityChecksFailed}. Error establishing a connection: Error received from remote host:.
--> {BadSecurityChecksFailed}. Error received from remote host:.
Service Target Site: T End(Int32, Boolean)
DeclaringType: Opc.Ua.Bindings.ChannelAsyncOperation`1[T]
Module: Opc.Ua.Core.dll
Assembly: Opc.Ua.Core, Version=1.4.371.0, Culture=neutral, PublicKeyToken=bfa7a73c5cf4b6e8
CustomAttributes:
FullyQualifiedName: C:\Program Files (x86)\Control-See\EBO-OPC Client\BIN\Opc.Ua.Core.dll
MDStreamVersion: 131072
MetadataToken: 1
ModuleHandle: System.ModuleHandle
MDStreamVersion: 131072
ModuleVersionId: e90038f5-d9d5-4c0c-b2e7-eda655301ec4
Name: Opc.Ua.Core.dll
ScopeName: Opc.Ua.Core.dll
Source: Opc.Ua.Core
Stack Trace:
at Opc.Ua.Bindings.ChannelAsyncOperation`1.End(Int32 timeout, Boolean throwOnError)
at Opc.Ua.Bindings.UaSCUaBinaryClientChannel.EndSendRequest(IAsyncResult result)
at Opc.Ua.Bindings.UaSCUaBinaryTransportChannel.EndSendRequest(IAsyncResult result)
at Opc.Ua.Bindings.UaSCUaBinaryTransportChannel.SendRequest(IServiceRequest request)
at Opc.Ua.SessionClient.CreateSession(RequestHeader requestHeader, ApplicationDescription clientDescription, String serverUri, String endpointUrl, String sessionName, Byte[] clientNonce, Byte[] clientCertificate, Double requestedSessionTimeout, UInt32 maxResponseMessageSize, NodeId& sessionId, NodeId& authenticationToken, Double& revisedSessionTimeout, Byte[]& serverNonce, Byte[]& serverCertificate, EndpointDescriptionCollection& serverEndpoints, SignedSoftwareCertificateCollection& serverSoftwareCertificates, SignatureData& serverSignature, UInt32& maxRequestMessageSize)
at Opc.Ua.Client.Session.CreateSession(RequestHeader requestHeader, ApplicationDescription clientDescription, String serverUri, String endpointUrl, String sessionName, Byte[] clientNonce, Byte[] clientCertificate, Double requestedSessionTimeout, UInt32 maxResponseMessageSize, NodeId& sessionId, NodeId& authenticationToken, Double& revisedSessionTimeout, Byte[]& serverNonce, Byte[]& serverCertificate, EndpointDescriptionCollection& serverEndpoints, SignedSoftwareCertificateCollection& serverSoftwareCertificates, SignatureData& serverSignature, UInt32& maxRequestMessageSize)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.CreateSession(RequestHeader requestHeader, ApplicationDescription clientDescription, String serverUri, String endpointUrl, String sessionName, Byte[] clientNonce, Byte[] clientCertificate, Double millisecondsRequestedSessionTimeout, UInt32 maxResponseMessageSize, NodeId& sessionId, NodeId& authenticationToken, Double& millisecondsRevisedSessionTimeout, Byte[]& serverNonce, Byte[]& serverCertificate, EndpointDescriptionCollection& serverEndpoints, SignedSoftwareCertificateCollection& serverSoftwareCertificates, SignatureData& serverSignature, UInt32& maxRequestMessageSize)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.Open2(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at OpcLabs.EasyOpc.UA.Sdk.Shims.SessionShim.<Create>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at OpcLabs.EasyOpc.UA.Toolkit.Sdk.ToolkitSession.<Create>d__2.MoveNext()
TargetSite:
Message:
UA SDK error (Opc.UA.ServiceResult=0x80130000) in 'static Session.Create'. OPC UA service result - {BadSecurityChecksFailed}. Error establishing a connection: Error received from remote host:.
+ Connection attempt #1; last connected at 01-01-01 00:00:00 (local); unconnected for 00:00:00.
+ The endpoint URL string used was "opc.tcp://GTCHVE3SA01:4840".
+ The client method called (or event/callback invoked) was 'BrowseMultiple[1]'.
Source:
Stack Trace:
== Activity Trace ==
Following (25) events were gathered during the action on activity ID [24], in the order of first occurrence:
SDK trace: Imported the PFX private key for [E4497FB07A132B655DEEABCC37B2F547CA162E4A].
SDK trace: An unexpected certificate was used in the certificate chain. [CN=GTCHVE3SA01 Root CA] [11A710E518FAF255C41A884EF3EEEE2E2607C9AE]
2*Exception: {Opc.Ua.ServiceResultException} Certificate chain validation incomplete.
SDK trace: Certificate Validation failed. Reason=BadCertificateChainIncomplete. [CN=GTCHVE3SA01 OPCUA Server] [D4E1EEF087B0B7D54DC8887C97276DFD72B35C7C]
SDK trace: -- BadCertificateUntrusted 'Certificate is not trusted.'
SDK trace: -- BadCertificateUntrusted 'Certificate Issuer is not trusted.'
SDK trace: Validation errors suppressed: [CN=GTCHVE3SA01 OPCUA Server] [D4E1EEF087B0B7D54DC8887C97276DFD72B35C7C]
SDK trace: CreateSession Called. RequestHandle=1, PendingRequestCount=1
SDK trace: ChannelId 0: in Connecting state.
[7] SDK trace: ChannelId 0: SendHelloMessage()
[7] SDK trace: ChannelId 0: ProcessAcknowledgeMessage()
[7] SDK trace: ChannelId 0: in Opening state.
[7] SDK trace: ChannelId 0: Token #0 created. CreatedAt=15:30:44.544. Lifetime=3600000.
[7] SDK trace: ChannelId 0: ProcessErrorMessage(BadSecurityChecksFailed 'Error received from remote host: ')
[31] Exception: {Opc.Ua.ServiceResultException} Error received from remote host:
4*Exception: {Opc.Ua.ServiceResultException} Error establishing a connection: Error received from remote host:
SDK trace: CreateSession Completed. RequestHandle=1, PendingRequestCount=0, StatusCode=-2147483648
[34] SDK trace: ChannelId 0: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[34] SDK trace: ChannelId 0: in Closed state.
[34] SDK trace: ChannelId 0: CLIENTCHANNEL SOCKET CLOSED: 030EEF05
Exception: {System.AggregateException} One or more errors occurred.
Events starting with activity ID in [] may not necessarily be related to the current action.

TargetSite:
Message: Problem browsing OPC Unified Architecture nodes.
Source:
StackTrace:
TargetSite:






Thank you.

Michael

Hello, and thank you.

Notes:
- No wonder "Refresh Trust Lists" does not work; I have not instructed you to do that
- The crash after exiting the dialog: This is clearly our problem, I will pass it onto the developer.

But, from the screenshots I have enough information to proceed forward.
Please do the following:

1. Invoke the OPC UA Application Administration dialog again.
2. Switch to the "Application Certificate" tab.
3. Press "Create/recreate own certificate". If you get Yes/No confirmation about certificate validation, answer Yes.
4. Take a screenshot of the "Application Certificate" tab after the previous step.
5. Exit the OPC UA Application Administration dialog.
6. Retest. If you run into problems, send me the information about the behavior, AND the screenshot from Step 4.

Best regards

Hi,

See my answers below.

1. See the screen captures below.



2. After clicking on "Refresh Trust list, we got this error:


The exception details are below:
Exception Details: Error Refreshing OPC UA Application Trust Lists

Type: OpcLabs.BaseLib.Portable.CustomException
Data: ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: OpcLabs.{82C2F70B}
HelpLink:
HResult: -2146232832 (0x80131600)
InnerException: OpcLabs.BaseLib.Licensing.LicensingException: License for specialized client 'EasyUAGlobalDiscoveryClient' is not granted. Obtain and install proper license to resolve this error.
Data: ErrorId_{045406CD-8EEA-4F21-B3D6-DC9DB5A34E58}: {7479D92B}
HelpLink:
HResult: -2146232063 (0x80131901)
InnerException:
Instance:
System.Reflection.TargetInvocationException: Property accessor 'Instance' on object 'OpcLabs.BaseLib.Licensing.LicensingException' threw the following exception:'The member with the specified name "instance" has not been found.' ---> OpcLabs.BaseLib.MemberNotFoundException: The member with the specified name "instance" has not been found.
at OpcLabs.BaseLib.Extensions.Internal.ObjectExtension.GetFieldValue(Object obj, String name)
at OpcLabs.BaseLib.Licensing.LicensingException.get_Instance()
--- End of inner exception stack trace ---
at System.ComponentModel.ReflectPropertyDescriptor.GetValue(Object component)
at OpcLabs.BaseLib.Forms.Common.ReadOnlyPropertyDescriptor.OriginalPropertyDescriptorGetValue(Object component)
LicensedType: OpcLabs.EasyOpc.UA.Gds.EasyUAGlobalDiscoveryClient
Message: License for specialized client 'EasyUAGlobalDiscoveryClient' is not granted. Obtain and install proper license to resolve this error.
Source:
StackTrace:
TargetSite:
Message: Error finding OPC UA applications for URI "uri:GTCPMP1:EBOOPCClientCFG:1.0.108.0" in GDS "opc.tcp://localhost:58810/GlobalDiscoveryServer".
Source:
StackTrace:
TargetSite:


After exitng the "Administer OPC UA" window and trying to browse, we got the error below.


3. I am not sure I understand what you mean by "Are you able to connect when you answer "Yes" to the notification?" . The exception is when we try to browse for OPC UA items.

4. I tried it. See the screen captures below.


5. When we tried browsing we got the same error as before.



Thank you.

Michael

Hello.

You have not answered any of my questions in my last post. I need those answers.
Here are the questions again:

Questions:

1. Please also include screenshot of the "Application Certificate" tab of the dialog.
2. Please also include screenshot of the "Application Manifest" tab of the dialog.
3. Are you able to connect when you answer "Yes" to the notification? If not, is the exception in "Browse for OPC-UA Data" different between the Yes and No responses - and what are the 2 exceptions in these cases?
4. On the "Trusted Certificates" tab, select the second row (the one with "GTCHVE3SA01 OPCUA Server". Then, click the "Trusted" item under "Trust Status" in the action pane on the right side. The "Trust Status" column for that certificate should change to "Trusted, Issuer". Exit the dialog, exit the application, and start it again. Is the problem resolved now? If not, are you getting the same symptoms, or is the behavior now different? If it is different, please describe the new behavior.

Regards

Hi,

Now our OPC Client is based on Quick OPC V2023.1.
OPC UA Expert can connect with the remote OPC server with no errors. See below.



Our OPC UA Client fails to connect to the same server. See the error below.



Thank you.

Michael