OPC UA Client Driver

Hi Brian,

The issue appears to be authentication related. Below is from the troubleshooting section in the driver help. Could you please check the first highlighted part in your configuration?

• The current Windows logon user must be in Citect.User.Drivers group when the project is running in the desktop mode
  
  
• Virtual service account -  "NT SERVICE\Citect Runtime Manager" must be in Citect.User.Drivers group if the project is running in the service mode.

If the issue still persists, try to execute the second highlighted part for further troubleshooting. Hope this would help.

------------------------------------------------------------------------------------------------------------------------------------------------------------------

OPC UA Server Connection
If secure connection is not required, only the OPC UA server URL needs to be specified in the I/O Device address form to establish the connection. But if the user authentication or message encryption is required, the security settings will need to be configured by using the "OPC UA Client Driver" Configurator plugin.

The plugin provides an option to check if the connection can be established after the settings have been configured.

If the connection cannot be established, the specific error will help to identify the cause of the problem.

Points to consider include:

• The user credentials are stored in ArchestraA Data Store and the ArchestraA Data Store service must be running on the machine for the plug-in to store the data and for the driver to read it. The ArchestraA Data Store service should be installed and running after the driver installation.
• When the user credentials are configured for the first time, the plug-in adds the currently logged-in user to the Citect.User.Drivers Windows group so that the I/O Server running under the same user account can read the data. When a user is added to that group for the first time, you will need either to restart the computer or to log in / log out.
• The client and server certificates must be present in the Windows certificate store. The client certificate must have a private key and its "Subject Alternative Name" field should be in the format "urn:HostMachineName:Citect.OPCUA.Client.Driver", where the HostMachineName is the host name of the computer running the driver.

The driver logs can also help to find out why the driver cannot connect to the server.

When full driver logging in enabled by setting the ini parameters ([OPCUA]DebugLevel=ALL and [OPCUA]DebugCategory=ALL), the driver log will contain a number of messages or errors describing the connection attempt for each I/O Device.

Hi Brian,

The issue appears to be authentication related. Below is from the troubleshooting section in the driver help. Could you please check the first highlighted part in your configuration?

• The current Windows logon user must be in Citect.User.Drivers group when the project is running in the desktop mode
  
  
• Virtual service account -  "NT SERVICE\Citect Runtime Manager" must be in Citect.User.Drivers group if the project is running in the service mode.

If the issue still persists, try to execute the second highlighted part for further troubleshooting. Hope this would help.

------------------------------------------------------------------------------------------------------------------------------------------------------------------

OPC UA Server Connection
If secure connection is not required, only the OPC UA server URL needs to be specified in the I/O Device address form to establish the connection. But if the user authentication or message encryption is required, the security settings will need to be configured by using the "OPC UA Client Driver" Configurator plugin.

The plugin provides an option to check if the connection can be established after the settings have been configured.

If the connection cannot be established, the specific error will help to identify the cause of the problem.

Points to consider include:

• The user credentials are stored in ArchestraA Data Store and the ArchestraA Data Store service must be running on the machine for the plug-in to store the data and for the driver to read it. The ArchestraA Data Store service should be installed and running after the driver installation.
• When the user credentials are configured for the first time, the plug-in adds the currently logged-in user to the Citect.User.Drivers Windows group so that the I/O Server running under the same user account can read the data. When a user is added to that group for the first time, you will need either to restart the computer or to log in / log out.
• The client and server certificates must be present in the Windows certificate store. The client certificate must have a private key and its "Subject Alternative Name" field should be in the format "urn:HostMachineName:Citect.OPCUA.Client.Driver", where the HostMachineName is the host name of the computer running the driver.

The driver logs can also help to find out why the driver cannot connect to the server.

When full driver logging in enabled by setting the ini parameters ([OPCUA]DebugLevel=ALL and [OPCUA]DebugCategory=ALL), the driver log will contain a number of messages or errors describing the connection attempt for each I/O Device.

Thanks Jacky, Bradley - i feel i'm very close now. I had not added the virtual service account.

I am now getting a BadAttributeInvalid fault, can you suggest any means to fault-find this further?

Looking at the device in UAExpert, it seems to be fine - i've configured the various tags as different datatypes, but i'm getting the same result across all..

In your case, .Value, .Label and .Status etc. are all attributes as shown in UaExpert browse view. So, the tags do not need to have the .Value part in the address fields as the drive will automatically use AttributeId=13 (.Value) when tags are subscribed. Hope it would help.

I have removed the Value section of the tag poll ID, I am still having same issue:


Do you think it is an issue that I am unable to see any actual tags in the Tag Import tool? Only folders..

I take another look at the screenshot of the browse view of UaExpert, and it looks like Value, Status and Label are all variables not attributes. So, .Value should be part of NodeId in the tag address fields.


As for the browse issue with Tag Import Tool, I suspect there is a timeout or error occurring in a browse or read request resulting in the empty list. 

In fact, the OPC UA client driver does behavior differently compared with other OPC UA clients in browse operations because the driver needs browsing all variables in a selected object node and then perform a read operation of Attributes Value and ValueRank (telling us if it is an array) of these variables in a single request, while other clients will request the details of an attribute on demand when a user click on a node through UI. The default timeout of the driver is 10 seconds. Is there any log file available on the server side?

I am not familiar with Industrial HiVision OPC UA server. Some attributes are optional for certain NodeClasses. If the server hasn't implemented or provided a value for an optional attribute, it may return "BadAttributeIdInvalid.