[zzz]

@MikHail: What is ByDriver mode, is the usually omitted modbus-tcp station number used?

[zzz]

So this is a reversely connected Modbus TCP setup.
ConnectionMode = Shared doesn’t seem logically possible. I think it only make sense for RTU over TCP when multiple device go through the same TCP Gateway ?

[zzz]

Do you have channels bound to the tag_code or cnlnum ?

– topic needs to have a tag code defined in mqttclient.xml Properties.
– Bound to the configuration database needs to be checked in Line options

– That same tag code needs to be filled into Code col of Channels table in conf db.

For Channels related setting changes to take effect when uploading the conf db, both Server and Communicator needs to be restarted.

• This reply was modified 1 year, 3 months ago by zzz.

[zzz]

However, sometimes even if the SCADA side drops the socket connection, it does not inform the 4G modem that the connection has been terminated.

If the 4G gateway client lost connection, the server has no way to notify this client. The client must detect this itself by timeout or communication attempts. Maybe dig into the settings of this 4G modem or 4G data gateway.

[zzz]

Could it be the cause of addition of more server channels ? or communicator polling comm. line ?

[zzz]

Yes, make changes in
$Project\Instances\Default\ScadaComm\Config\DrvOpcUa.View.xml, once it works ok in ScadaAdmin OpcUA View, duplicate that xml as DrvOpcUa.Logic.xml in the same folder and upload, Communicator shall take the same OpcUA setting.

The change is the addition of the following two settings, as was stated in link in the first post:

<SecurityConfiguration>
...
    <!-- Re-enable SHA-1024 for old server -->
    <RejectSHA1SignedCertificates>false</RejectSHA1SignedCertificates>
    <MinimumCertificateKeySize>1024</MinimumCertificateKeySize>
...
</SecurityConfiguration>

• This reply was modified 1 year, 3 months ago by zzz.

[zzz]

Maybe use formula to convert them in the first place ?
Remove archive bits on the original channel, add a calculated channel with formula to scale and set archives bit on this calculated channel.

Not sure about the trends.

[zzz]

ok. I give up. I thought I could poll data into db with RS6, it seems currently storing str type data is not supported in postgres or influxdb archive.
I think adding an external string resource table and storing the string offset maybe easier than the current way, and easier to map to current supported dbs, only my shallow guess though.

• This reply was modified 1 year, 4 months ago by zzz.

[zzz]

This is not working on the server side, since the changes in DrvOpcUa.View.xml only affects the client side, and when uploaded to ScadaComm, its loading OpcUa configs from DrvOpcUa.Logic.xml.

[zzz]

Delete this post thank you. It just mean, I need to trust the certificate in the server setting.

[zzz]

OK, I found the settings in config Project\Instances\Default\ScadaComm\Config\DrvOpcUa.View.xml
Setting the above setting respectively, solves this error.

But its strange override the config in config property gives no effect. 🙁

This is now solved, please help update the title. “Legacy server get rejected by RS6”

Now am getting new error.

Opc.Ua.ServiceResultException: Error establishing a connection: Error received from remote host:

Will start new post if turns out to persist.

• This reply was modified 1 year, 4 months ago by zzz.
• This reply was modified 1 year, 4 months ago by zzz.

[zzz]

Based on info from previous github issue link, I tried to disable it without success. I am not sure what did I miss ?

// OpenDrivers/DrvOpcUa.Common/OpcClientHelperBase.cs

...
using (Stream stream = ReadConfiguration())
    {
        config = await application.LoadApplicationConfiguration(stream, false);
        Console.WriteLine("RejectSHA1SignedCertificates = {0}", 
                    config.SecurityConfiguration.RejectSHA1SignedCertificates);
        config.SecurityConfiguration.RejectSHA1SignedCertificates = false;
        config.SecurityConfiguration.MinimumCertificateKeySize = 1024;
    }
...
    // create session
    EndpointConfiguration endpointConfiguration = EndpointConfiguration.Create(config);
    ConfiguredEndpoint endpoint = new(null, selectedEndpoint, endpointConfiguration);
    UserIdentity userIdentity = connectionOptions.AuthenticationMode == AuthenticationMode.Username ?
        new UserIdentity(connectionOptions.Username, connectionOptions.Password) :
        new UserIdentity(new AnonymousIdentityToken());

    Console.WriteLine("Before OpcSession Create");
    Console.WriteLine("RejectSHA1SignedCertificates = {0}", 
        config.SecurityConfiguration.RejectSHA1SignedCertificates);
    Console.WriteLine("MinimumCertificateKeySize = {0}", 
        config.SecurityConfiguration.MinimumCertificateKeySize);
     OpcSession = await Session.Create(config, endpoint, false, GetSessionName(),
        (uint)config.ClientConfiguration.DefaultSessionTimeout, userIdentity, null);

    log.WriteLine(Locale.IsRussian ?
        "OPC-сессия создана успешно" :
        "OPC session created successfully");

RejectSHA1SignedCertificates = True
Before OpcSession Create
RejectSHA1SignedCertificates = False
MinimumCertificateKeySize = 1024
====ERROR===
Opc.Ua.ServiceResultException: Certificate doesn’t meet minimum key length requirement. (1024<2048)
—> Opc.Ua.ServiceResultException: Certificate doesn’t meet minimum key length requirement. (1024<2048)
— End of inner exception stack trace —
at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain, ConfiguredEndpoint endpoint)
at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain)
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales, Boolean checkDomain)
at Opc.Ua.Client.Session.Create(ApplicationConfiguration configuration, ITransportWaitingConnection connection, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales)
at Scada.Comm.Drivers.DrvOpcUa.OpcClientHelperBase.ConnectAsync()
at Scada.Comm.Drivers.DrvOpcUa.View.Forms.FrmDeviceConfig.ConnectToOpcServer()
====END OF ERROR===

• This reply was modified 1 year, 4 months ago by zzz.

[zzz]

Hi Mik, if it is the other way around please help update the post title. And please shed light on how to workaround this check. Thanks.

I do everything to avoid laying hands on that OPC server again since an old system’s client it served also use OPC UA and is very quirky. No more incidents from me.

[zzz]

Opc.Ua.ServiceResultException: Certificate doesn’t meet minimum key length requirement. (1024<2048)
—> Opc.Ua.ServiceResultException: Certificate doesn’t meet minimum key length requirement. (1024<2048)
— End of inner exception stack trace —
at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain, ConfiguredEndpoint endpoint)
at Opc.Ua.CertificateValidator.Validate(X509Certificate2Collection chain)
at Opc.Ua.Client.Session.Open(String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`
1 preferredLocales, Boolean checkDomain)
at Opc.Ua.Client.Session.Create(ApplicationConfiguration configuration, ITransportWaitingConnection connection, ConfiguredEndpoint endpoint, Boolean updateBeforeConnect, Boolean checkDomain, String sessionName, UInt32 sessionTimeout, IUserIdentity identity, IList`1 preferredLocales)
at Scada.Comm.Drivers.DrvOpcUa.OpcClientHelperBase.ConnectAsync() in scada-v6/ScadaComm/OpenDrivers/DrvOpcUa.Common/OpcClientHelperBase.cs:line 198
at Scada.Comm.Drivers.DrvOpcUa.View.Forms.FrmDeviceConfig.ConnectToOpcServer()

• This reply was modified 1 year, 4 months ago by zzz.
• This reply was modified 1 year, 4 months ago by zzz.

[zzz]

In my case I am not worried by the offline issue, since without connection to the RS instance, SA also can’t connect, to me there’s nothing to config. If I am offered connectivity to the remote RS box, I can port forward the remote OPC UA addr+port to a local port for SA to connect through the RS box, it’s just the address will not be the same.

In the case of running a dotnet tool on an existing OPC servers, if that box has restrictions, quirky settings or very old OS, things might not necessarily go easier.

[Author]

Posts