Siemens OPC UA and .NET C# client can not connect to server?

3
votes

I tryed to connect to OPC UA server using the client provided on this page: https://support.industry.siemens.com/cs/document/42014088/programming-an-opc-ua-net-client-with-c%23-for-the-simatic-net-opc-ua-server?dti=0&lc=en-US . Connection to OPC UA server using the Siemens OPC Scount v10 works fine. When connecting to the OPC UA server using client provided in the article, I get this message:

Could not open UA TCP request channel.

Stack trace of the exception is this:

    Server stack trace: 
   at Opc.Ua.Bindings.UaTcpRequestChannel.OnEndOpen(IAsyncResult result)
   at Opc.Ua.Bindings.UaTcpRequestChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Opc.Ua.ISessionChannel.CreateSession(CreateSessionMessage request)
   at Opc.Ua.SessionChannel.CreateSession(CreateSessionMessage request)
   at Opc.Ua.SessionClient.CreateSession(RequestHeader requestHeader, ApplicationDescription clientDescription, String serverUri, String endpointUrl, String sessionName, Byte[] clientNonce, Byte[] clientCertificate, Double requestedSessionTimeout, UInt32 maxResponseMessageSize, NodeId& sessionId, NodeId& authenticationToken, Double& revisedSessionTimeout, Byte[]& serverNonce, Byte[]& serverCertificate, EndpointDescriptionCollection& serverEndpoints, SignedSoftwareCertificateCollection& serverSoftwareCertificates, SignatureData& serverSignature, UInt32& maxRequestMessageSize)
   at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales)
   at Opc.Ua.Client.Session.Open(String sessionName, IUserIdentity identity)

Any help would be appreciated. OPC UA server runs on Siemens Simatic HMI TP700 Comfort. Configuration on the OPC UA server is default.

After andrewcullen tip, we are getting the below log in the tracelog.txt file and error when catching the exception that says

An unexpected error occurred while connecting to the server.

    PID:4196 ************************* Logging started at 02/03/2016 07:41:34 *************************
4196 - 07:41:38.742 GetEndpoints Called. RequestHandle=1, PendingRequestCount=1
4196 - 07:41:38.992 SECURE CHANNEL CREATED [TcpClientChannel UA-TCP 1.00.238.1] [ID=12752] Connected To: opc.tcp://xxx.xxx.xxx.xxx:4870/
4196 - 07:41:39.008 TCPCLIENTCHANNEL SOCKET CONNECTED: 00000698, ChannelId=12752
4196 - 07:41:39.008 SECURE CHANNEL CREATED [Opc.Ua.ChannelBase WCF Client 1.00.238.1] [ID=] Connected To: opc.tcp://xxx.xxx.xxx.xxx:4870/
4196 - 07:41:39.101 GetEndpoints Completed. RequestHandle=1, PendingRequestCount=0
4196 - 07:41:39.132 TCPCLIENTCHANNEL SOCKET CLOSED: 00000698, ChannelId=12752
4196 - 07:41:44.230 Writing rejected certificate to directory: 
4196 - 07:41:59.694 CreateSession Called. RequestHandle=1, PendingRequestCount=1
4196 - 07:42:13.672 TCPCLIENTCHANNEL SOCKET CLOSED: 000007C0, ChannelId=0
4196 - 07:42:13.750 CreateSession Completed. RequestHandle=1, PendingRequestCount=0

I got the answer from the Siemens official support:

The application was not tested with Comfort Panel. The code e.g. contains Block Read and Block Write which is not supported from the Panel Server. So this application will not work.

2
c#.netopcopc-ua

2 Answers

2
votes

This Siemens UaClient uses a library 'ClientAPI' which extends the OPC Foundation's Opc.Ua.Core and Opc.Ua.Client. ClientAPI has a lot of nice Helper functions to simplify connecting and subscribing. However, I see in the code for Connect(string Url) that it is using the original WCF-style channel. And your stack trace is showing the WCF types are throwing an exception that is hard to diagnose. I would change two things:

First configure tracing to write to a file. In ClientAPI, find Helpers.CreateClientConfiguration() and add 

// add trace config before calling validate
configuration.TraceConfiguration = new TraceConfiguration {
OutputFilePath="tracelog.txt", 
DeleteOnLoad = true, 
TraceMasks = Utils.TraceMasks.All };
configuration.Validate(ApplicationType.Client);

Second, upgrade the channel type used to connect. In ClientAPI, find Server.Connect(string url) and modify the middle as shown:

// Initialize the channel which will be created with the server.
// SessionChannel channel = SessionChannel.Create(
//    configuration,
//    endpointDescription,
//    endpointConfiguration,
//    bindingFactory,
//    clientCertificate,
//    null);
ITransportChannel channel = WcfChannelBase.CreateUaBinaryChannel(
    configuration,
    endpointDescription,
   endpointConfiguration,
   clientCertificate,
   configuration.CreateMessageContext());

// Wrap the channel with the session object.
// This call will fail if the server does not trust the client certificate.
// m_Session = new Session(channel, configuration, endpoint);
 m_Session = new Session(channel, configuration, endpoint, clientCertificate);

Edit 2/4:

From the tracelog you might find certificate errors. When creating a new session, the client and server both provide and validate each others certificate. By default, UaClient is retrieving it's cert from the windows store LocalMachine\My (aka Personal). The api generates this cert during it's first run, (which requires the first run as administrator) ( to see this cert, run 'certlm.msc').

On the server machine, the server will validate the client's cert, by checking if it matches the certs in its 'TrustedPeerList'. Servers usually use a directory to store the trusted certs. If the client cert is not trusted, the server will copy the client's cert to a 'RejectedCertificates' directory. You are required to copy the cert you find in 'RejectedCertificates' to the trusted cert directory.

Back on the client machine, the client will validate the server's cert. This client uses a windows store for validation 'LocalMachine\My' (aka Personal). Instead of using a 'Rejected' directory, the client registers an event handler that opens a message box, asking if you wish to accept the server's cert. If you choose to accept, the client sets the eventArg e.Accept = true; To suppress the message box, the server's cert should be imported into the client's 'LocalMachine\My' (aka Personal) using the tool 'certlm.msc'.

0
votes

Try to ping the server with DNS name. If the server is not accessible the Hosts file in C:\Windows\System32\drivers\etc... must be edited. Open the notepad as administrator, then open the Hosts file and enter the mapping of IP Address to the host name as follows:

xxx.xxx.xxx.xxx host name