The X20CP1585 has been running as an OpcUa Server for 5 years and has 5 4PPC50 clients connected to it.
I have an X20CP1585 in my office with the same program loaded and I need to connect another OpcUa Client to it , this time an X20CP1685.
In this new CPU, the UA_WriteList() function executes with the Error == 1 and with ErrorID == 0, but the NodeErrorIDs[…] fields contain the codes 0x801F0000 (Bad_UserAccessDenied).
I have searched the AS help and also this forum, but have not found a solution yet.
Has anyone encountered this error?
Thank you.
Lubos
HI Lubos, are the projects the same? including AR version? I suppose that not Could you please try it with UAExpert client? From my point of view node access is limited and user you are using (probably everyone) has no rights for this action.
Hi Jaroslav,
UAExpert works ok, it just warned me that the server certificate has expired.
Server X20CP1585 = AR J4.25
Clients 4PPC50 = AR B4.73 (not available in my office)
New Client X20CP1685 = AR B4.92
The projects for the original PLCs are all available, I just converted them from AS 4.7 to AS 4.11. I am creating the new client in AS4.11.
The difference may be that mappXXXX is on the 4PPC50, I didn’t use it on the X20CP1685.
Yes, the user is Everyone, so far I am lost in the access rights of the clients, I don’t see any settings in the original projects and I have no idea where the rights can be set.
Hi, the first of all server certificated expired. If you do not create certificate manually, it is created automatically with current PLC date and time set on PLC + 10 years. So please set PLC time to the same one you have on your PC and generate new CF card. New certificate will be created automatically with proper date and time and expiration. The second, OPCUA node rights you can set/check in opcua configuration file. It is *.uad file and you can find it in configuration view - connectivitity - OPCUA… open file and browse to nodeID you have problem with. You can set which rights you need for visiblity, browsing, reading, writting etc. Hope it helps
Thank you for your advice. I have set the time in the PLC, generated the CF, UAExpert still reports the expired certificate.
However, in the Client I swapped the write and read, i.e. I read first and then try to write. Reading is OK, writing still reports 0x801F0000 for the items.
OpcUaMap.uad root node = in the Client I added Everyone, but can’t set Write. Or rather, I can, but then the window stops responding and when I reopen the editor, Write is FALSE again.
I guess I’m one step away from success, but which way it should be I have no idea
ok. UAExpert will show to you certificate itself and highlight with red color what is wrong. This you can use for checking if this is time and date problem or something else. But I understand that this is not your primary problem
Error means User does not have permission to perform the requested operation. So you are close, it is weird that your OPCUA editor crash, but you can also open the file manually in text editor (it is a xml file), change parameter manually, save, reload the project, compile and download.
I edited externally OpcUaMap.uad, in AS the Write access is now set, after transfer to PLC the error remains the same.
For today I postpone further testing, tomorrow I have a meeting in my office with a representative of B&R Prague, so I will try to ask.
If I find something, I will add it to this discussion, maybe ask you for some further instructions.
Jaroslav, thanks for the great support today.
Today I contacted support and after checking the settings it was found that the new PLC UA-Client has a newer AR than the OPC-Server and allows more settings that the Server did not have.
After upgrading the AR in the Server, the “OPC-UA System” section of the CPU configuration made Anonymous authentication accessible. After enabling it, the Server no longer rejects write requests from the new PLC.
I see that in your first reply you asked if the AR versions are the same. I had no idea that the AR version could have such a significant impact.
Could you please try it with UAExpert client? From my point of view node access is limited and user you are using (probably everyone) has no rights for this action.
