Log In
Home
04/29/2019
Offline
Hello sir,
My question is regarding the secure channel requirement for the registration of the OPC UA server with the discovery server. From the spec, I understand that for a registration, a secure channel has to be established. Also, a secure channel has to be having a security token.
To begin with, to register the given OPC UA server with the LDS, the registration would mean that one of the entities will have to behave like a client. Since, the OPC UA server initiates this registration, it would understand that the LDS is a client instance here. Is this correct?
To have the registration, the client opens a secure channel. I have configured to have a channel time of 10 mins and also token lifetime to be 10mins. The server registers to the LDS every 5 mins.
Now what i observe is that, sometimes the secure channel gets renewed with revised lifetime more than 2 times, and sometimes just once.Is this renewal dependent on anything specific. I believe it should depend on the token lifetime which specification says starts to claim a new one upon 75% of its completion time. If that is the case, should it not continue with the same secure channel throughout revising tself?
Some observations below
[2021-02-12 21:37:26.120 (UTC+0100)] [32minfo/channel[0m Connection 5 | SecureChannel 2 | SecureChannel opened with SecurityPolicy https://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2021-02-12 21:37:26.120 (UTC+0100)] [32minfo/client[0m Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-02-12 21:37:26.120 (UTC+0100)] [32minfo/server[0m Server successfully registered. Next periodical register will be in 300 seconds
[2021-02-12 21:42:26.125 (UTC+0100)] [33mwarn/client[0m Client already connected
[2021-02-12 21:42:26.125 (UTC+0100)] [32minfo/server[0m Server successfully registered. Next periodical register will be in 300 seconds
[2021-02-12 21:47:26.128 (UTC+0100)] [33mwarn/client[0m Client already connected
[2021-02-12 21:47:26.128 (UTC+0100)] [32minfo/channel[0m Connection 5 | SecureChannel 2 | SecureChannel renewed with a revised lifetime of 600.00s
[2021-02-12 21:47:26.128 (UTC+0100)] [33mwarn/channel[0m Connection 5 | SecureChannel 2 | Receiving the response failed with StatusCode BadConnectionClosed
[2021-02-12 21:47:26.129 (UTC+0100)] [32minfo/client[0m Client Status: ChannelState: Closed, SessionState: Closed, ConnectStatus: Good
[2021-02-12 21:47:26.129 (UTC+0100)] [31merror/client[0m RegisterServer/RegisterServer2 failed with statuscode BadConnectionClosed
[2021-02-12 21:47:26.129 (UTC+0100)] [32minfo/channel[0m Connection 5 | SecureChannel 3 | SecureChannel opened with SecurityPolicy https://opcfoundation.org/UA/SecurityPolicy#None and a revised lifetime of 600.00s
[2021-02-12 21:47:26.129 (UTC+0100)] [32minfo/client[0m Client Status: ChannelState: Open, SessionState: Closed, ConnectStatus: Good
[2021-02-12 21:47:26.129 (UTC+0100)] [32minfo/server[0m Server successfully registered. Next periodical register will be in 300 seconds
Does receiving the response mean that the securitytoken was not accepted mutually by both entities?
Regards,
Rakshan
05/30/2017
Offline
The Server-LDS connection should be open and closed each time the server registered.
This means the token renewal process never comes into play.
That said, the LDS must be configured to trust the Server.
This can be done if the administrator copies the Server certificate to this trust list.
The location of the trust list is specified in:
C:\ProgramData\OPC Foundation\UA\Discovery\ualds.ini
#Certificate Store Path
Many applications automatically update this store when they are installed or when the admin assigns a new certificate if the application is running with admin rights during configuration.
1 Guest(s)
Usage Policy