question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Selection of wrong security Policy

See original GitHub issue

Describe the bug The Connection to a OPC-Server with multiple security Policy uses always None insteed of the Best “Basic256Sha256” with the Security Mode Sign & Encrypt.

I Use the Image mcr.microsoft.com/iotedge/opc-publisher:2.8.6

The OPC Server has the following Policy: image

The publishednodes.jsonc files is configured as follow:

[
  {
    "EndpointUrl": "opc.tcp://192.168.1.123:4840",
    "UseSecurity": true,
    "OpcAuthenticationMode": "UsernamePassword",
    "OpcAuthenticationUsername": "foo",
    "OpcAuthenticationPassword": "bar",
    "DataSetWriterGroup": "assetx",
    "DataSetWriterId": "assetx",
    "OpcNodes": [
      {
        "Id": "ns=1;i=5",
        "DisplayName": "SW_Lufttemperatur"
      }
    ]
  }
]

The own Certificate is bind to the container on /app/pki/own/…

"modules": {
          "AutoclaveOpcPublisher": {
            "version": "1.0",
            "type": "docker",
            "status": "running",
            "restartPolicy": "always",
            "startupOrder": 50,
            "env": {
              "ApplicationName": {
                "value": "opc-client-cert"
              },
              "ApplicationCertificateSubjectName": {
                "value": "CN = opc-client-cert"
              },
              "MessagingMode": {
                "value": "PubSub"
              },
              "AutoAcceptUntrustedCertificates": {
                "value": true
              },
              "RejectUnknownRevocationStatus": {
                "value": false
              },
              "DefaultSamplingInterval": {
                "value": "00:00:00.500"
              },
              "DefaultPublishingInterval": {
                "value": "00:00:01"
              },
              "DefaultHeartbeatInterval": {
                "value": "00:00:00"
              },
              "DefaultQueueSize": {
                "value": 3
              },
              "BatchSize": {
                "value": 100
              },
              "BatchTriggerInterval": {
                "value": "00:00:01"
              },
              "loglevel": {
                "value": "Debug"
              },
              "RuntimeLogLevel": {
                "value": "Debug"
              },
              "UpstreamProtocol": {
                "value": "Amqp"
              },
              "Transport": {
                "value": "Amqp"
              }
            },
          "settings": {
              "image": "${MODULES.OpcPublisher}",
              "createOptions": {
                "HostConfig": {
                  "Memory": 268435456,
                  "MemorySwap": 268435456,
                  "CapDrop": [
                    "CHOWN",
                    "SETUID"
                  ],
                  "Binds": [
                    "/srv/certs/opc-client-cert.der:/app/pki/own/certs/opc-client-cert.der",
                    "/srv/certs/opc-client-cert_decr.pem:/app/pki/own/private/opc-client-cert.pem"
                  ]
                }
              }
            }
          },

Cleaned Log

[2023-06-26 08:52:00.724 INF Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory] Connecting all clients to edgeHost using AmqpOverTcp.
[2023-06-26 08:52:00.795 INF Microsoft.Azure.IIoT.OpcUa.Edge.Publisher.Engine.StandaloneJobOrchestrator] File /srv/publishednodes.jsonc has changed, last known hash , new hash 996CFC2F7F459C5A88A6D8FA46C940EA391F162E927305C780FEB7768410C936, reloading...
[2023-06-26 08:52:01.195 INF Microsoft.Azure.IIoT.OpcUa.Edge.Publisher.Models.PublishedNodesJobConverter] Read 1 entry models from published nodes file in 00:00:00.3986700
[2023-06-26 08:52:01.287 INF Microsoft.Azure.IIoT.OpcUa.Edge.Publisher.Models.PublishedNodesJobConverter] Total count of OpcNodes after job conversion: 6
[2023-06-26 08:52:01.288 INF Microsoft.Azure.IIoT.OpcUa.Edge.Publisher.Models.PublishedNodesJobConverter] Converted published nodes entry models to jobs in 00:00:00.0840198
[2023-06-26 08:52:01.306 INF Microsoft.Azure.IIoT.OpcUa.Edge.Publisher.Engine.StandaloneJobOrchestrator] Job opc.tcp://192.168.1.123:4840_7D48BB10_Assetx loaded with dataSetGroup Assetx with dataSetWriters Assetx
[2023-06-26 08:52:01.411 INF Root] Starting module OpcPublisher version 2.8.6.2.
[2023-06-26 08:52:01.412 INF Root] Initiating prometheus at port 9702/metrics
[2023-06-26 08:52:01.427 INF Root] Prometheus metric server started.
[2023-06-26 08:52:01.435 INF Microsoft.Azure.IIoT.Http.HealthChecks.HealthCheckManager] Health checks started.
[2023-06-26 08:52:01.440 WRN Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory] Bypassing certificate validation for client.
[2023-06-26 08:52:01.446 INF Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory] Running in iotedge context.
[2023-06-26 08:52:02.550 INF Microsoft.Azure.IIoT.Module.Framework.Client.IoTSdkFactory] 0: Module iot-edgeHost_OpcPublisher reconnected due to Connection_Ok.
[2023-06-26 08:52:02.769 INF Microsoft.Azure.IIoT.Module.Framework.Hosting.ModuleHost] Initialize device twin for iot-edgeHost - OpcPublisher
[2023-06-26 08:52:02.849 INF Microsoft.Azure.IIoT.Module.Framework.Hosting.ModuleHost] Applying initial desired state.
[2023-06-26 08:52:02.855 INF Microsoft.Azure.IIoT.Module.Framework.Hosting.ModuleHost] Reporting currently initial state.
[2023-06-26 08:52:03.032 INF Microsoft.Azure.IIoT.Module.Framework.Hosting.ModuleHost] Module Host started.
[2023-06-26 08:52:03.043 INF Microsoft.Azure.IIoT.Agent.Framework.Agent.WorkerSupervisor] Creating new worker with id StandalonePublisher_0
[2023-06-26 08:52:03.043 INF Microsoft.Azure.IIoT.Agent.Framework.Agent.WorkerSupervisor] Starting worker 'StandalonePublisher_0'...
[2023-06-26 08:52:03.048 INF Microsoft.Azure.IIoT.Agent.Framework.Agent.Worker] Starting worker StandalonePublisher_0: {}
[2023-06-26 08:52:03.070 INF Microsoft.Azure.IIoT.Agent.Framework.Agent.Worker] Worker StandalonePublisher_0 processing job opc.tcp://192.168.1.123:4840_7D48BB10_Assetx, mode: Active
[2023-06-26 08:52:04.071 INF OpcUa] Imported the PEM private key for [xxxxxxxxxxxxxxxy].
[2023-06-26 08:52:04.136 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Own certificate Subject 'CN=edgeHost.company.com' (thumbprint: xxxxxxxxxxxxxxxy) loaded.
[2023-06-26 08:52:04.139 INF OpcUa] Checking application instance certificate.
[2023-06-26 08:52:05.061 INF OpcUa] Imported the PEM private key for [xxxxxxxxxxxxxxxy].
[2023-06-26 08:52:05.062 INF OpcUa] Check certificate: [CN=edgeHost.company.com] [xxxxxxxxxxxxxxxy]
[2023-06-26 08:52:05.065 INF OpcUa] Check application instance certificate. [CN=edgeHost.company.com] [xxxxxxxxxxxxxxxy]
[2023-06-26 08:52:05.220 INF OpcUa] Updated the ApplicationUri: urn:edgeHost:edgeHost.company.com:microsoft: --> urn:edgeHost.company.com:host.docker.internal:
[2023-06-26 08:52:05.220 INF OpcUa] Using the ApplicationUri: urn:edgeHost.company.com:host.docker.internal:
[2023-06-26 08:52:05.228 INF OpcUa] Adding application certificate to trusted peer store. [CN=edgeHost.company.com] [xxxxxxxxxxxxxxxy]
[2023-06-26 08:52:05.232 INF OpcUa] Added application certificate to trusted peer store.
[2023-06-26 08:52:05.242 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Application own certificate store contains 1 certs.
[2023-06-26 08:52:05.243 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] 01: Subject 'CN=edgeHost.company.com' (thumbprint: xxxxxxxxxxxxxxxy)
[2023-06-26 08:52:05.245 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Trusted issuer store contains 2 certs.
[2023-06-26 08:52:05.245 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] 01: Subject 'CN=company Ltd Root CA' (thumbprint: xxxxxxxxxxxxxxx)
[2023-06-26 08:52:05.246 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] 02: Subject 'CN=company Ltd Issuing CA, DC=company, DC=com' (thumbprint: xxxxxxxxxxxxxxxas)
[2023-06-26 08:52:05.248 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Trusted issuer store has 0 CRLs.
[2023-06-26 08:52:05.251 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Trusted peer store contains 4 certs.
[2023-06-26 08:52:05.252 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] 01: Subject 'CN=company Ltd Root CA' (thumbprint: xxxxxxxxxxxxxxx)
[2023-06-26 08:52:05.252 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] 02: Subject 'CN=edgeHost.company.com' (thumbprint: xxxxxxxxxxxxxxxy)
[2023-06-26 08:52:05.252 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] 03: Subject 'CN=OpcUA, O=ServerCompany, L=xxx, S=xxx, C=DE' (thumbprint: yyyyyyyyyyyyy)
[2023-06-26 08:52:05.253 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] 04: Subject 'CN=company Ltd Issuing CA, DC=company, DC=com' (thumbprint: xxxxxxxxxxxxxxxas)
[2023-06-26 08:52:05.253 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Trusted peer store has 0 CRLs.
[2023-06-26 08:52:05.253 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Rejected certificate store contains 0 certs.
[2023-06-26 08:52:05.282 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Subscription 'Assetx' registered/updated in session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' in state Init
[2023-06-26 08:52:05.293 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Subscription 'Assetx' registered/updated in session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' in state Init
[2023-06-26 08:52:05.305 INF Microsoft.Azure.IIoT.Agent.Framework.Agent.Worker+JobProcess] Job opc.tcp://192.168.1.123:4840_7D48BB10_Assetx started.
[2023-06-26 08:52:05.472 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:05.495 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:05.496 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:05.496. Lifetime=3600000.
[2023-06-26 08:52:05.516 INF OpcUa] Security Policy: http://opcfoundation.org/UA/SecurityPolicy#None
[2023-06-26 08:52:05.516 INF OpcUa] Sender Certificate: (none)
[2023-06-26 08:52:05.526 INF OpcUa] ChannelId 1302212128: Token #1 activated. CreatedAt=08:52:05.496. Lifetime=3600000.
[2023-06-26 08:52:05.527 INF OpcUa] ChannelId 1302212128: in Open state.
[2023-06-26 08:52:05.527 INF OpcUa] ChannelId 1302212128: Token Expiry 06/26/2023 09:52:05, renewal scheduled in 2699976 ms.
[2023-06-26 08:52:05.554 INF OpcUa] ChannelId 1302212128: in Closing state.
[2023-06-26 08:52:05.561 WRN OpcUa] ChannelId 1302212128: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:05.564 INF OpcUa] ChannelId 1302212128: in Closed state.
[2023-06-26 08:52:05.565 INF OpcUa] ChannelId 1302212128: CLIENTCHANNEL SOCKET CLOSED: 026D4BC3
[2023-06-26 08:52:05.566 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Creating session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' for endpoint 'opc.tcp://192.168.1.123:4840'...
[2023-06-26 08:52:05.574 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:05.576 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:05.577 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:05.577. Lifetime=3600000.
[2023-06-26 08:52:05.578 INF OpcUa] Security Policy: http://opcfoundation.org/UA/SecurityPolicy#None
[2023-06-26 08:52:05.578 INF OpcUa] Sender Certificate: (none)
[2023-06-26 08:52:05.578 INF OpcUa] ChannelId 1302212129: Token #1 activated. CreatedAt=08:52:05.577. Lifetime=3600000.
[2023-06-26 08:52:05.579 INF OpcUa] ChannelId 1302212129: in Open state.
[2023-06-26 08:52:05.579 INF OpcUa] ChannelId 1302212129: Token Expiry 06/26/2023 09:52:05, renewal scheduled in 2699997 ms.
[2023-06-26 08:52:05.586 INF OpcUa] ChannelId 1302212129: in Closing state.
[2023-06-26 08:52:05.587 WRN OpcUa] ChannelId 1302212129: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:05.587 INF OpcUa] ChannelId 1302212129: in Closed state.
[2023-06-26 08:52:05.588 INF OpcUa] ChannelId 1302212129: CLIENTCHANNEL SOCKET CLOSED: 00AC6622
[2023-06-26 08:52:05.684 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:05.686 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:05.687 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:05.687. Lifetime=3600000.
[2023-06-26 08:52:05.859 WRN OpcUa] ChannelId 0: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:05.859 INF OpcUa] ChannelId 0: in Closed state.
[2023-06-26 08:52:05.859 INF OpcUa] ChannelId 0: CLIENTCHANNEL SOCKET CLOSED: 00D5F953
[2023-06-26 08:52:05.896 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Azure IIoT opc.tcp://192.168.1.123:4840_7D48BB10_Assetx took 00:00:00.3289797.
[2023-06-26 08:52:05.897 WRN Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Failed to create session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' due to One or more errors occurred. (BadSecureChannelClosed)
[2023-06-26 08:52:15.297 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:15.300 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:15.300 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:15.300. Lifetime=3600000.
[2023-06-26 08:52:15.301 INF OpcUa] Security Policy: http://opcfoundation.org/UA/SecurityPolicy#None
[2023-06-26 08:52:15.302 INF OpcUa] Sender Certificate: (none)
[2023-06-26 08:52:15.302 INF OpcUa] ChannelId 1302212130: Token #1 activated. CreatedAt=08:52:15.300. Lifetime=3600000.
[2023-06-26 08:52:15.302 INF OpcUa] ChannelId 1302212130: in Open state.
[2023-06-26 08:52:15.302 INF OpcUa] ChannelId 1302212130: Token Expiry 06/26/2023 09:52:15, renewal scheduled in 2699997 ms.
[2023-06-26 08:52:15.305 INF OpcUa] ChannelId 1302212130: in Closing state.
[2023-06-26 08:52:15.306 WRN OpcUa] ChannelId 1302212130: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:15.306 INF OpcUa] ChannelId 1302212130: in Closed state.
[2023-06-26 08:52:15.306 INF OpcUa] ChannelId 1302212130: CLIENTCHANNEL SOCKET CLOSED: 01D565B8
[2023-06-26 08:52:15.307 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Creating session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' for endpoint 'opc.tcp://192.168.1.123:4840'...
[2023-06-26 08:52:15.307 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:15.309 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:15.309 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:15.309. Lifetime=3600000.
[2023-06-26 08:52:15.310 INF OpcUa] Security Policy: http://opcfoundation.org/UA/SecurityPolicy#None
[2023-06-26 08:52:15.310 INF OpcUa] Sender Certificate: (none)
[2023-06-26 08:52:15.310 INF OpcUa] ChannelId 1302212131: Token #1 activated. CreatedAt=08:52:15.309. Lifetime=3600000.
[2023-06-26 08:52:15.310 INF OpcUa] ChannelId 1302212131: in Open state.
[2023-06-26 08:52:15.311 INF OpcUa] ChannelId 1302212131: Token Expiry 06/26/2023 09:52:15, renewal scheduled in 2699998 ms.
[2023-06-26 08:52:15.313 INF OpcUa] ChannelId 1302212131: in Closing state.
[2023-06-26 08:52:15.313 WRN OpcUa] ChannelId 1302212131: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:15.314 INF OpcUa] ChannelId 1302212131: in Closed state.
[2023-06-26 08:52:15.314 INF OpcUa] ChannelId 1302212131: CLIENTCHANNEL SOCKET CLOSED: 014FF46B
[2023-06-26 08:52:15.342 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:15.344 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:15.344 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:15.344. Lifetime=3600000.
[2023-06-26 08:52:15.509 INF OpcUa] ChannelId 0: in Closed state.
[2023-06-26 08:52:15.509 INF OpcUa] ChannelId 0: CLIENTCHANNEL SOCKET CLOSED: 00C0B7B0
[2023-06-26 08:52:15.509 WRN OpcUa] ChannelId 0: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:15.510 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Azure IIoT opc.tcp://192.168.1.123:4840_7D48BB10_Assetx took 00:00:00.2028655.
[2023-06-26 08:52:15.510 WRN Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Failed to create session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' due to One or more errors occurred. (Error establishing a connection: Error received from remote host: )
[2023-06-26 08:52:25.296 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:25.298 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:25.298 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:25.298. Lifetime=3600000.
[2023-06-26 08:52:25.299 INF OpcUa] Security Policy: http://opcfoundation.org/UA/SecurityPolicy#None
[2023-06-26 08:52:25.299 INF OpcUa] Sender Certificate: (none)
[2023-06-26 08:52:25.300 INF OpcUa] ChannelId 1302212132: Token #1 activated. CreatedAt=08:52:25.298. Lifetime=3600000.
[2023-06-26 08:52:25.300 INF OpcUa] ChannelId 1302212132: in Open state.
[2023-06-26 08:52:25.300 INF OpcUa] ChannelId 1302212132: Token Expiry 06/26/2023 09:52:25, renewal scheduled in 2699997 ms.
[2023-06-26 08:52:25.302 INF OpcUa] ChannelId 1302212132: in Closing state.
[2023-06-26 08:52:25.303 WRN OpcUa] ChannelId 1302212132: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:25.304 INF OpcUa] ChannelId 1302212132: in Closed state.
[2023-06-26 08:52:25.304 INF OpcUa] ChannelId 1302212132: CLIENTCHANNEL SOCKET CLOSED: 02CD6BF9
[2023-06-26 08:52:25.304 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Creating session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' for endpoint 'opc.tcp://192.168.1.123:4840'...
[2023-06-26 08:52:25.304 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:25.306 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:25.307 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:25.307. Lifetime=3600000.
[2023-06-26 08:52:25.307 INF OpcUa] Security Policy: http://opcfoundation.org/UA/SecurityPolicy#None
[2023-06-26 08:52:25.308 INF OpcUa] Sender Certificate: (none)
[2023-06-26 08:52:25.308 INF OpcUa] ChannelId 1302212133: Token #1 activated. CreatedAt=08:52:25.307. Lifetime=3600000.
[2023-06-26 08:52:25.309 INF OpcUa] ChannelId 1302212133: in Open state.
[2023-06-26 08:52:25.309 INF OpcUa] ChannelId 1302212133: Token Expiry 06/26/2023 09:52:25, renewal scheduled in 2699997 ms.
[2023-06-26 08:52:25.311 INF OpcUa] ChannelId 1302212133: in Closing state.
[2023-06-26 08:52:25.312 WRN OpcUa] ChannelId 1302212133: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:25.312 INF OpcUa] ChannelId 1302212133: in Closed state.
[2023-06-26 08:52:25.312 INF OpcUa] ChannelId 1302212133: CLIENTCHANNEL SOCKET CLOSED: 03BD0A82
[2023-06-26 08:52:25.340 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:25.343 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:25.343 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:25.343. Lifetime=3600000.
[2023-06-26 08:52:25.508 WRN OpcUa] ChannelId 0: Force reconnect reason=BadConnectionClosed 'Remote side closed connection'
[2023-06-26 08:52:25.508 INF OpcUa] ChannelId 0: in Closed state.
[2023-06-26 08:52:25.509 INF OpcUa] ChannelId 0: CLIENTCHANNEL SOCKET CLOSED: 01175721
[2023-06-26 08:52:25.509 INF Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Azure IIoT opc.tcp://192.168.1.123:4840_7D48BB10_Assetx took 00:00:00.2052271.
[2023-06-26 08:52:25.510 WRN Microsoft.Azure.IIoT.OpcUa.Protocol.Services.DefaultSessionManager] Failed to create session 'opc.tcp://192.168.1.123:4840_7D48BB10_Assetx' due to One or more errors occurred. (BadSecureChannelClosed)
[2023-06-26 08:52:35.297 INF OpcUa] ChannelId 0: in Connecting state.
[2023-06-26 08:52:35.299 INF OpcUa] ChannelId 0: in Opening state.
[2023-06-26 08:52:35.299 INF OpcUa] ChannelId 0: Token #0 created. CreatedAt=08:52:35.299. Lifetime=3600000.
[2023-06-26 08:52:35.300 INF OpcUa] Security Policy: http://opcfoundation.org/UA/SecurityPolicy#None

Expected behavior OPC Publisher should use the configured security and connect to Basic256Sha256 with Sign & Encrypt and use the password and username i configured.

Desktop:

  • OS: Ubuntu 20.04
  • Version [e.g. 22]
  • iotedge 1.4.3

Issue Analytics

  • State:closed
  • Created 3 months ago
  • Comments:8 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
marcschiercommented, Jul 10, 2023

Added logging to show which security mode and profile was selected based on the chosen configuration. Please re-open the issue if the original issue is still occurring with the connection logs. If the bad encoding limits error occurs despite disabling metadata and preloading (per previous comment), please open a new issue.

1reaction
bqstonycommented, Jun 26, 2023

Thanks for the fast response. I have first to deactivate the Authentication on the server to create a new log as you needed.

I will come back with the information you need.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Five basic mistakes of security policy
This story presents five mistakes that companies commonly make when writing and implementing security policies.
Read more >
Security Policy
Security policy rules are evaluated left to right and from top to bottom. A packet is matched against the first rule that meets...
Read more >
Security Policy Rule Best Practices
Create Security policy rules that are as specific as possible to apply the principle of least privilege access and to segment the network....
Read more >
Refining Security Policies with Learning - MyF5 | Support
You can examine the requests that cause learning suggestions, and then use the suggestions to refine the security policy. In some cases, learning...
Read more >
Preset security policies
Preset security policies allow you to apply protection features to users based on our recommended settings. Unlike custom policies that are ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found