session.Connect "An unexpected error occured while connectin

[marek]

Hi, we have updated our Runtime version on our B&R PLC's and ever since we are having problem connecting to OPC from .NET Client.
The only exception details from I get is: "An unexpected error occured while connecting to the server." (image 02) which does not tell a lot ... This happen always on

this.session.Connect("opc.tcp://10.8.4.20:4840", SecuritySelection.None);

When I try to check the connection via uaExpert I get message with title
"Replaced Hostname - The hostname of the discovery URL used to call GetEndpoint (kama) was repalced by the hostname
used to call FindServers(10.8.4.20). DO you also want to replace the hostname of the EndpointURLs with this hostname?" (image 01).

The endpoint EndpointUrl from server is opc.tcp://KaMa:4840, which make absolutelly no sense ...

If I'll retrieve the EndpointUrl from discovery.FindServers, change the url manualy from opc.tcp://KaMa:4840 to opc.tcp://10.8.4.20:4840 and connect session with Endpoint I will get an error: "Cannot send user credentials over an insecure connection [The Server did not provide enough random data to use for encryption]"

To connect to server from C# I'm using IP address and port.
I'm using UaSDKNetBundle 2.5.0

Any ideas what is how to fix this?

Thank you

P.S. I would love to attache some screenshots, but when I try to do so I'll get a message saying "Sorry, the board attachment quota has been reached" ...

[Support Team]

There are two different issues.
First you are having problems with name resolution. The (simple) Connect-Method calls GetEndpoints and uses the result to create a session. The EndpointUrl in the GetEndpoints result contains a hostname (KaMa) instead of the ip address (10.8.4.20). The resolution from hostname to ip address does not work on your machine. Please try to set the UseDnsNameAndPortFromDiscoveryUrl property at the Session class. Please see also UseDnsNameAndPortFromDiscoveryUrl and Simple Connect.

For the second issue we assume that you are trying to connect with username password.
The server has to send some random data (so called nonce) that the client uses for encrypting its password. If this nonce is too short, the client password can be found out e.g. by sniffering the network. So the password is not secure and connecting does not work out of the box. If you want to accept the risk, you can implement the InsecureCredicalsEventHandler. Please see Authentication.

[marek]

I can confirm there is something really wierd in the latest used B&R OPC server and documentation is nowhere to be seen. We use IP addresses, no DNS so it is quite unclear why is the client trying to connect to server via its name rather than using IP address as instructed... I I have some more info from B&R on this I will update this post, might help someone ...

[Support Team]

Hello,

why is the client trying to connect to server via its name rather than using IP address as instructed

because the server has told him to do so. You did not "instruct" the client to use the DiscoveryURL for connection establishment. To do so you must set the "UseDnsNameAndPortFromDiscoveryURL".

The second issue is an error in the server. The server MUST return a ServerNonce that is at leat 32bytes long. If not, this server has a massive secutity issue, because the server "forces" the Client to transfer PWD information in an insecure manner. The Client behaves totally correct by throwing an exception and refusing to do so. You could get around this by using the "InsecureCredentialsHandler", but this workaround is dangerous and from a security viewpoint not recommended. Instead you should contact B&R to resolve this issue in the server.

Best Regards
Support Team

[marek]

That sounds about right, unfortunatelly B&R does not care about this at the moment ...

Thank you for your help...

[marek]

Here is official response from B&R:

The global hostname in AS 4.2.4 is different to the hostname configured on the ETH port of the PLC. This is the reason the the different hostnames in the SDM and the PLC configuration.

You can use the hostname in the ETH port to connect to the PLC. The server will answer only via hostname and not via IP address which is the reason why your client is not able to connect to the server anymore, because it cannot resolve the host name the server sends back (this OPC UA specification was changed between AR D4.21 and D4.24).

The message 'Replaced Hostname' appears because it does not know that the hostname 'kama' is connected with the IP address 10.8.4.20. Is there a DNS server connected on this network to resolve the hostnames? If not you will have to manually add in the IP address and hostname in the windows file: Windows\System32\drivers\etc\host

In AS 4.2.5 there will be only one hostname and the development team recommended to upgrade to this version if possible as there were improvements regarding OPC UA