RobotStudio event

OPC-Client can not build connectionto the IRC OPC UA Server

OPC-Client  can not be connected to the IRC OPC UA Server.
 
Errors picture were attached to this message.
I haven already taken next actions.
1. I turned off firewalls and Antivirus protections. 
2. Checked Task Manager and made sure that IRC5 OPC UA Server is running.
3. Several times clicked on button validate/connect on the client side application.
 
Meanwhile I noticed that on the page settings (IRC5 OPC UA Server configuration) - no OPC Client Certificates. And I guess that problem is in OPC Client Certificates (IRC5 OPC UA Server configuration).
I do not know exactly what is the reason of this error.
 
If the reason is in OPC Client Certificate then please give me a hand with this error. Give me some guidance how to get the OPC Client Certificates. Or some other way.
Any help  would be useful.
 

Comments

  • Hello,

    Please take a look at the tutorial available here: https://developercenter.robotstudio.com/opcserver-ua/tutorials

    Maxim Riabichev
    PC Software Support Engineer
  • g327igor
    g327igor
    edited December 2020
    I followed this video tutorial. But there is just some words "go to Client certificates, tab on "IRC5 OPC UA config tool" and that can be seen here". I am not able to find this  button "IRC5 OPC UA config tool". Where is this button or application? Please, give  more details how to find this button.
  • Hi,
    - First off you need to install the IRC5 OPC UA server: https://developercenter.robotstudio.com/opcserver-ua
    - Once installed (if installed with the default directory) it should be located under START-menu --> ABB --> IRC5 OPC UA config tool. So this is an application not a button. 
    - Then start by navigating to the tab "Server Control" and Check the following settings:

    Make sure that these are the settings you enter on the client-side.
    - Next up I see that you have a forbidden security setup on the client in your snippet you have posted. Please check the security part in the documentation for more information on valid setups. But roughly you need to have either sign or sign & encrypt. ABB does not accept None as security settings because of "Security reasons" ;)
    - Once that is solved hit connect in your Application and it will fail :) But this time you should be able to navigate to the certificate tab in the IRC 5 OPC UA config tool and hit refresh. Now there should be a line in the untrusted window that refers to your client app. If so click Trust.
    - Now go to the client and connect again. this time everything should be up and running!

    Best regards,
    Daniel   

  • g327igor
    g327igor
    edited December 2020
     "Please check the security part in the documentation for more information on valid setups. But roughly you need to have either sign or sign & encrypt." - How to check this and where is the documentation to resolve this? I could not find any documentation how to "sign or sign&encrypt" for ABB OPC UA server. I am stuck on this step. I need more details about this. Video tutorial which I followed is really the advertisement and does not work properly to help me.
    Post edited by g327igor on
  • g327igor
    g327igor
    edited December 2020
    Thank you for idea. I will check this.
  • I see your frustration!

    In the tutorial on the developer page links to you will see that they do have Sign & Encrypt set when they connect @08:30. However, I can agree that the tutorial should highlight this setting a lot better. And we have provided this feedback to the development team.

    Having said that a tutorial will never let you replace the need of reading the user manual and release notes, no matter who the publisher of the tutorial is. This is especially important for safety-critical products where people's lives could be at stake.

    If you open the release notes, on page 6. Following information is provided:
    "
    Security
    The default security configuration of the IRC5 OPC UA Server requires the use of certificates to authenticate OPC UA clients, and in general, follows the “Practical Security Recommendations for Building OPC UA applications” published by the OPC Foundation."
     

    To clarify, The Sign & Encrypt setting isn't anything that is configured in the IRC 5OPC UA config tool. This should be set on the client-side. So that when the Server requests the certificate from the client, the client sends a valid certificate back that you could choose to accept in the config tool.

    Best regards,
    Daniel


  • g327igor
    g327igor
    edited December 2020
    Thank you, everything works. It was my fault. Security policy must be "Basic256Sha256", but mine was "Basic256". I was not careful. ABB IRC5 OPC UA Server connection based on specific crypt-hash algorithm "Basic256Sha256".
    I am terribly sorry for my previous post. Thank you a lot for your support.


  • At the same time I would like to ask you - how to get access in order to write I/O signals on the  OPC UA client side, I could not do this.