Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions or issues. You do not have to own a commercial license in order to use the OPC Labs support. Our team is actively monitoring the forums, and provides replies as soon as possible.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible.

Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

Connecting to a PLC with anonymous users turned off

support
Away
Moderator

More

24 Nov 2025 16:51 #14483 by support

Replied by support on topic Connecting to a PLC with anonymous users turned off

I am sorry but I do not understand you.

Are you getting the same results as I reported?
If so, do you expect a different behavior from the software, and what is the behavior you expect?

Note that in my test, when the anonymous logon is disabled in Kepware, I can *not* connect initially. Is that a difference from your observations?

Regards

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

24 Nov 2025 16:47 #14482 by Cwardltu

Replied by Cwardltu on topic Connecting to a PLC with anonymous users turned off

Yes I found that when i disallowed anon user i would get the same result. Why is that intended. is reconnect not allowed at a anon user?

Please Log in or Create an account to join the conversation.

support
Away
Moderator

More

24 Nov 2025 16:45 - 24 Nov 2025 16:46 #14481 by support

Replied by support on topic Connecting to a PLC with anonymous users turned off

Hello.
I am confused here. The repro class you sent does not contain any username/password authentication from the client side.

When I run it as is, with "Allow anonymous login" in Kepware turned on, it successfuly connects, and after Reinitialize, it successfuly reconnects, which is expected.
When I run it as is, with "Allow anonymous login" in Kepware turned off, it always fails to connect (with BadUserAccessDenied), which is also expected.

Best regards

Last edit: 24 Nov 2025 16:46 by support.

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

24 Nov 2025 16:07 #14480 by Cwardltu

Replied by Cwardltu on topic Connecting to a PLC with anonymous users turned off

I have added a kepware opf project and a visual studio class that replicates the issue i am having. yes i am subscribing to values that are changing periodically

Attachments:

Please Log in or Create an account to join the conversation.

support
Away
Moderator

More

24 Nov 2025 15:37 #14479 by support

Replied by support on topic Connecting to a PLC with anonymous users turned off

Thank you.

I will try to setup a repro here with Kepware, and let you know the results. I will post here when I know more. Please allow some time for this.

Best regards

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

24 Nov 2025 13:31 #14478 by Cwardltu

Replied by Cwardltu on topic Connecting to a PLC with anonymous users turned off

I am using kepware. I click reinitialize to trigger a reconnect. I do have a 3 subscriptions in this specific test.

Please Log in or Create an account to join the conversation.

support
Away
Moderator

More

22 Nov 2025 09:30 #14477 by support

Replied by support on topic Connecting to a PLC with anonymous users turned off

You are right, it should make no difference whether it is an initial connection or a subsequent connection.
I do not see a problem in your code.

How do you trigger the reconnection, in your tests? E.g. by unplugging the network cable? Or by turning off the PLC? Etc...

And, you simply let you client program run? - Is it doing any subscriptions, or has no subscriptions but is doing periodic/one-time operations such as reads/writes?

Thank you

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

21 Nov 2025 14:12 #14476 by Cwardltu

Replied by Cwardltu on topic Connecting to a PLC with anonymous users turned off

If that were the case wouldnt it be true that the initial connection would be denied aswell? I am only getting the denial when the automatic opclabs reconnection logic is triggered. I am wondering if there is a setting i need to set or something is wrong with my code?

Please Log in or Create an account to join the conversation.

support
Away
Moderator

More

21 Nov 2025 09:53 #14475 by support

Replied by support on topic Connecting to a PLC with anonymous users turned off

Hello.

The OPC UA server decides whether it allows username/password authentication without a certificate. Most servers do not allow it, for security reasons (without the certificate, the username/password appear unencrypted on the wire and can be eavesdropped on).

From the error you are getting, it looks like that your server either does not all allow username/password authentication without a certificate, or it may allow it but is not currently configured is such a way. Consult the server vendor/documentation if this can be changed.

To resolve the error *with* the use of certificates, you need to go to the server side and make it trust the client certificate from your app (QuickOPC has created one for you).

Best regards

Please Log in or Create an account to join the conversation.

Cwardltu
Topic Author
Offline
Elite Member

More

20 Nov 2025 21:34 #14472 by Cwardltu

Connecting to a PLC with anonymous users turned off was created by Cwardltu

Is it possible to connect to a plc using a username and password with anonymous users turned off and not trusted cert configured. I am having issues doing so; initially i connect fine but if i were to reinitialize i start getting issues like the ones below:

I have also added a code snipit below.

x80860000: OPC UA service result - {BadSecureChannelClosed}. The secure channel has been closed. [...]
[Connection Event] Server is UNAVAILABLE - OPC UA service result - {BadSecureChannelClosed}. The secure channel has been closed.
+ The server may have rejected the connection because it does not trust the client (e.g. certificate problem); check the diagnostics on the server side, if possible.
+ The client method called (or event/callback invoked) was 'ServerConditionChanged'.

Code:

public void ConnectAsync(string serverURL, string userName = null, string password = null)
{
    if (string.IsNullOrWhiteSpace(serverURL))
        throw new ArgumentNullException(nameof(serverURL));

    if (_connected)
        Disconnect();

    if (_client == null)
        _client = new EasyUAClient();

    // Accept any certificate
    EasyUAClientCore.SharedParameters.EngineParameters.CertificateAcceptancePolicy.AcceptAnyCertificate = true;

    _serverUrl = serverURL;

    Console.WriteLine("========================================");
    Console.WriteLine($"[Connect] Server URL: {serverURL}");

    // Simple endpoint creation - let client auto-select best available
    Endpoint = new UAEndpointDescriptor(serverURL);

    // Add username/password if provided
    if (!string.IsNullOrWhiteSpace(userName) && !string.IsNullOrWhiteSpace(password))
    {
        Console.WriteLine($"[Connect] Username: {userName}");
        Endpoint.UserIdentity.UserNameTokenInfo = new OpcLabs.BaseLib.IdentityModel.User.UserNameTokenInfo(userName, password);
    }
    else
    {
        Console.WriteLine("[Connect] Authentication: Anonymous");
    }

    // Try to connect by reading namespaces
    _namespaces = new Dictionary<int, string>();
    try
    {
        Console.WriteLine("[Connect] Connecting...");
        var nsValues = _client.ReadValue(Endpoint, UAVariableIds.Server_NamespaceArray);

        if (nsValues != null && nsValues is string[] namespaceValues)
        {
            int i = 0;
            foreach (var nsValue in namespaceValues)
            {
                _namespaces.Add(i++, nsValue);
            }
            Console.WriteLine($"[Connect] ✓ SUCCESS - {_namespaces.Count} namespaces");
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine("========================================");
        Console.WriteLine("[Connect] ✗ FAILED");
        Console.WriteLine($"[Connect] Exception: {ex.GetType().Name}");
        Console.WriteLine($"[Connect] Message: {ex.Message}");

        if (ex.InnerException != null)
        {
            Console.WriteLine($"[Connect] Inner: {ex.InnerException.GetType().Name}");
            Console.WriteLine($"[Connect] Inner Message: {ex.InnerException.Message}");

            if (ex.InnerException.InnerException != null)
            {
                Console.WriteLine($"[Connect] Inner-Inner: {ex.InnerException.InnerException.Message}");
            }
        }

        Console.WriteLine("========================================");
        throw;
    }

    _connected = _namespaces.Count > 0;

    if (_connected)
    {
        Console.WriteLine("========================================");
    }
    // SET UP CONNECTION MONITORING
    _connectionMonitoring = _client.GetService<IEasyUAClientConnectionMonitoring>();
    if (_connectionMonitoring != null)
    {
        _connectionMonitoring.ServerConditionChanged += onServerConditionChanged;
        Console.WriteLine("Connection monitoring enabled");
    }
    else
    {
        Console.WriteLine("Warning: Connection monitoring service not available");
    }

    _connectionControl = _client.GetService<IEasyUAClientConnectionControl>();
    if (_connectionControl == null)
    {
        Console.WriteLine("Warning: Connection control service not available");
    }
}

Please Log in or Create an account to join the conversation.

Moderators: support, vaclav.zaloudek

Time to create page: 0.147 seconds

Powered by Kunena Forum