PyModbus failing to read holding registers

0
votes

I'm trying to use PyModbus 2.3.0 to read the values from some holding registers on a Siemens S7-1200 PLC. I've set up some ladder logic to test this out on the PLC, with some registers holding random floating-point test values. I'm trying to do this all from the standard Raspbian installation on a Raspberry Pi 3. The connection is over Ethernet, and I've confirmed that PyModbus can connect to the PLC (I've pinged the PLC and the PyModbus status request returns true, as you'll see shortly). The incriminating piece of code is this:

import pymodbus
import logging
import logging.handlers as Handlers
from pymodbus.client.sync import ModbusTcpClient

logging.basicConfig()
log = logging.getLogger()
log.setLevel(logging.DEBUG)

client = ModbusTcpClient('192.168.15.16', port = '443', timeout = 10, baudrate = 38400)
connection = client.connect()
print('PLC connection status: ', connection)
response = client.read_holding_registers(address = 50, length = 64, unit = 1)
print(response)
client.close()

and the result is this:

PLC connection status:  True
DEBUG:pymodbus.transaction:Current transaction state - IDLE
DEBUG:pymodbus.transaction:Running transaction 1
DEBUG:pymodbus.transaction:SEND: 0x0 0x1 0x0 0x0 0x0 0x6 0x1 0x3 0x0 0x32 0x0 0x1
DEBUG:pymodbus.client.sync:New Transaction state 'SENDING'
DEBUG:pymodbus.transaction:Changing transaction state from 'SENDING' to 'WAITING FOR REPLY'
DEBUG:pymodbus.transaction:Transaction failed. (Modbus Error: [Invalid Message] Incomplete message received, expected at least 8 bytes (0 received)) 
DEBUG:pymodbus.framer.socket_framer:Processing: 
DEBUG:pymodbus.transaction:Getting transaction 1
DEBUG:pymodbus.transaction:Changing transaction state from 'PROCESSING REPLY' to 'TRANSACTION_COMPLETE'
Modbus Error: [Input/Output] Modbus Error: [Invalid Message] Incomplete message received, expected at least 8 bytes (0 received)

I'm not able to show the ladder logic I used exactly right now, however the address given by TIA for the register with the test value is "%MD50", which I believe means I need to do as I did above and look to register 50 (the holding registers) with 64 bits of data. However, the PLC doesn't seem to send anything in response; am I doing something wrong? I'm fairly confused on why this isn't working right now.

1
modbusplcmodbus-tcppymodbussiemens
Hello fherder, if you can ping the PLC address from the Pi and the port (you are using a non-default port, have you written that port on the PLC's config too?) is correct you are all set from the Pi's side. Your problem is most likely on the PLC, are you aware that you have to make those memory addresses available on TIA? Have you followed some guide or tutorial? Take a look at this oneMarcos G.
And a couple of things more: on your Python code you should drop the baudrate=38400, that's only needed for Modbus RTU over serial but not for Modbus TCP. There is a video you can use to guide you through the configuration on your PLC, it might be worth checking. It's also a good idea to check your Modbus setup from the same PC you are using for TIA with something like Modbus Poll or QModMaster (like in the video).Marcos G.

1 Answers

0
votes

You can use Wireshark to monitor the communication between the client and server. This will help you to better diagnose the error. Each location of the holding register for Modbus holds 16bits of data. The instruction : client.read_holding_registers(address = 50, length = 64, unit = 1) will return the values from address location 50 to 50+64 of the holding register.