Servers can't register to discovery server on remote machine

[wim]

Hi,

As I'm exploring the capabilities of the C++ SDK for Linux, everything is going really well except for one thing: I cannot register my servers to an "external" discovery server.

This is my setup:

• the LDS is the one from the OPC Foundation (included in the ‘OPC UA SDK 1.1 Discovery Services' package), running on a 32-bit Windows 7 machine.
• I've copied bin/PKI/CA/certs/uaservercpp.der from the Linux to the Windows machine and imported it in certmgr.msc
• I've added the discovery server address (opc.tcp://10.33.178.231:4840 in this case) to the ServerConfig.xml file
• I'm running bin/uademoserver

The demo server is not getting registered at the discovery server: see log file at http://sharesend.com/snhnd.

Am I doing something wrong here, or is this is a known issue? Has anyone succeeded in registering servers to a remote discovery server?

Any help appreciated, thanks!

Wim

[Support Team]

Hello Wim,

What is the exact version of the LDS your are using?
Where did you copied the server certificate to on the windows box?
Can you see the LDS certificate in your server trust list?

best regards,
Support Team

[wim]

Hi support team,

thanks for the follow up!

I'm using the latest version of the LDS: 1.01.33100.
I've used certmgr.msc to import the "uaservercpp.der" certificate in the "Trusted Root Certification Authorities".
I've also exported the "UA Local Discovery Server" certificate from the "Trusted Root Certification Authorities" to a file named "lds.der", and copied this to PKI/CA/certs.

This is the configuration from the server:

Code: Select all

  <!--Discovery configuration
      Configuration for registration with discovery server(s)-->
  <DiscoveryRegistration>
    <!--Flag indicating if the certificates should be exchanged with the windows certificate store -->
    <AutomaticCertificateExchange>true</AutomaticCertificateExchange>
    <!--File name and path of the discovery server certificate to be stored in a file based sever trust list 
        This parameter is ignored if the Windows certificate store is used for the first configured endpoint -->
    <DiscoveryServerCertificateFile>/software/sdk/bin/PKI/CA/certs/lds.der</DiscoveryServerCertificateFile>
    <!--Store name used for the local discovery server in the windows certificate store -->
    <DiscoveryServerStoreName>UA Applications</DiscoveryServerStoreName>
    <!--Certificate name of the local discovery server in the windows certificate store -->
    <DiscoveryServerCertificateName>UA Local Discovery Server</DiscoveryServerCertificateName>
    <!--Interval in milliseconds for registration with discovery server(s) -->
    <RegistrationInterval>30000</RegistrationInterval>
    <!--List of discovery servers to register with.
        If the list is empty, no registration is executed. 
        Default ist opc.tcp://localhost:4840 for the local discovery server.
        Additional remot discovery servers can be added-->
    <Url>opc.tcp://localhost:4840</Url>
    <Url>opc.tcp://windows-pc:4840</Url>
  </DiscoveryRegistration>

If you're convinced that it should work and the problem is on my side, then I'll see if I can find another windows PC and start from scratch.

In any case thanks for the help!

Wim

[Support Team]

Hello Wim,

I think everything is right on the Linux server side. The only thing you can change is to remove opc.tcp://localhost:4840 from the discovery registration list since you do not have a LDS on the Linux box.

But something is at least "not normal" on the LDS (Windows) side.
The trust list of the LDS is normally in "UA Applications". Nothing from the LDS should be in "Trusted Root Certification Authorities". Please make sure you copy the LDS certificate from "UA Applications" to Linux and the server certificate from Linux to "UA Applications".

Another question:
Why do you configure the windows LDS at all?
If you run the server on Linux on Port 4840, the server will be LDS for itself. The LDS is only necessary if you have more than one OPC UA server on a node.
You can register with a LDS on another node but you should run your server on Port 4840 if you have only one on the Linux box.


Best regards,
Support Team

[wim]

Hi support team,

thanks for the info!

I have installed the LDS on another PC and properly configured the certificates, and now my Linux servers (and my Beckhoff PLCs, which also seem to be based on your SDK) can register to the Windows LDS, just like you said.

Unfortunately the result is not quite what I hoped for. I assumed that by registering all my servers to a single LDS with a well known address in the network, clients could invoke FindServers on this LDS in order to know the addresses of all servers. It appears however that the ApplicationDescriptions returned by the FindServers invokation replace the hostname of the servers by the hostname of the LDS machine. I.e. the configuration of my servers say:


Binary
opc.tcp://MyServerHostName:4840

But the discoveryUrls of the ApplicationDescription returned by FindServers replace MyServerHostName by MyLdsHostName.

I don't fully understand if this is the desired behaviour (because if it is, then it makes no sense to allow servers to register to remote discovery servers) but since my problem is clearly related to the LDS specification and/or implementation, I should contact the OPC Foundation on this issue.

In any case many thanks for the help and if you happen to have good ideas for what I'm trying to achieve (i.e. make sure that clients can discover servers by querying a single "well known" discovery server), I'm all ear for it...

Wim

[wim]

It turns out that the issue we are facing is not the desired behavior, since it's due to a bug in the LDS. The OPC Foundation will release a new version of the LDS over the "next month or so", so then it will be solved.

Cheers,

Wim

[wim]

Hi,

While the issue described above is due to a bug in the LDS, I'm experiencing another issue which appears to be related to the client. According to the comments inside ServerConfig.xml, it is possible to register the server to multiple Discovery Servers (to increase availability). However, if more than one URL is added to ServerConfig.xml, registration fails:

I.e.

Code: Select all

    <!--List of discovery servers to register with.
        If the list is empty, no registration is executed. 
        Default ist opc.tcp://localhost:4840 for the local discovery server.
        Additional remot discovery servers can be added-->
    <Url>opc.tcp://somelds:4840</Url> 

works fine, but:

Code: Select all

    <!--List of discovery servers to register with.
        If the list is empty, no registration is executed. 
        Default ist opc.tcp://localhost:4840 for the local discovery server.
        Additional remot discovery servers can be added-->
    <Url>opc.tcp://somelds:4840</Url>
    <Url>opc.tcp://anotherlds:4840</Url> 

fails: the server doesn't get registered to any LDS. It doesn't matter if the second URL points to a valid LDS, or not.

Could this be a bug?

Thanks,

Wim