Sample Client is unable connect to UA server via OPC Proxy

[asgaralim]

Setup :

1. Windows 2019 VM install windows Docker with Linux containers
2. Create IOT HUB and create edge device
3. Deploy IOT edge service to the Docker.
4. Deploy iot-edge-opc-proxy as set module
5. Add _HUB_CS environment variable with IOT hub iothubowner key
6. Configure the COM UA wrapper to point any OPC Classic DA server/simulators , Enable all security policies on COM UA wrapper. Compile and Run the COM wrapper application on same VM
7. Download the Sample OPC UA test client application from GitHub, Update code ( “endpointURL”) to point to the COM UA Wrapper endpoint. Run the application
8. Run the test client application on same VM. The client application is unable to establish connection with UA server (COM UA Wrapper) Error: .Net Core OPC UA Console Client 1 - Create an Application Configuration. 2 - Discover endpoints of opc.tcp://vmwin2019:48400/UA/ComServerWrapper. Could not fetch endpoints from url: opc.tcp://vmwin2019:48400/UA/ComServerWrapper Reason = Error establishing a connection: BadNotConnected One or more error(s) occurred: -> Error establishing a connection: BadNotConnected Press any key to exit

Reference link : Test Client: https://github.com/Azure/iot-edge-opc-proxy-api-csharp OPC Proxy : https://github.com/Azure/iot-edge-opc-proxy COM UA wrapper (see COMIOP project) : https://github.com/OPCFoundation/UA-.NETStandard

[marcschier]

Hi @asgaralim, One reason that above does not work is that the proxy in iotedge is not able to resolve the host address "vmwin2019" since it sits on the bridge network. Even if you made it part of the host network, LCOW networking is special as the containers are hosted in the Moby VM which sits on the dockernat.

There are a couple potential ways to address this:

1. Try use the host ip instead of the name in the endpoint url,
2. If that works, add the vmwin2019 ip to extrahosts into the create options of the container.

      "HostConfig": {
           "ExtraHosts": [
               "vmwin2019:<ip-address-of-vm-host"
           ]
       }

   More information you can find in https://github.com/Azure/iot-edge-opc-publisher repo readme. If this does not help, please provide the "createoptions" you used to create the proxy deployment, and also please post the edge logs of the proxy (i.e. using iotedge logs ) so we can troubleshoot further.

[asgaralim]

Both 1 & 2 option did not fix the issue. I sent all files to Enes Uysal through email.

[marcschier]

Thank you for the additional information. The name is now resolved, but the socket handshake is er_refused which typically happens when a firewall blocks access to the port. Can you check and open up port 48400 inbound to your vm and try again? I would first look into the windows server firewall on the host then the azure network interface firewall (in the resource group).

[asgaralim]

I will open the inbound port and update you soon.

I have a query . The main purpose to use opc proxy module in our design is to avoid opening any inbound ports on onprem systems. How can we avoid opening inbound ports ?

Thanks

[marcschier]

Hi @asgaralim - in a secure network you typically close ports on the "network firewall", so that from the outside you cannot enter the network through "any" port. And yes, here the IoT Edge as well as Proxy only needs an outgoing rule for port 443 (if websocket is used).

However, in above case the firewall seems to be active on the vm OS. The VM in your simulation takes the role of "device" (i.e. PLC, etc.) and to be able to communicate with said device, the device itself must not reject connection requests to any ports it provides services on, e.g. in this case the com-wrapper listener port.

[asgaralim]

After opening all inbound ports, the proxy failed to establish the connection between OPC UA COM server wrapper and client ( proxy api csharp code). I sent all files to Enes Uysal through email. Please let me know your suggestions. The client code throws exception at : var endpointCollection = DiscoverEndpoints(config, endpointURI, 10);

[asgaralim]

I disabled the Firewall setting on the VM. Now proxy is able establish connection with OPC UA server. But the client application (iot-edge-opc-proxy-api-csharp) throws an exception at the time of endpoint discovery, session creation and session close. Exception/Error : “Remote side closed” . Could you please let us know your comments on this error.
Thank you.

[marcschier]

Hi, the exception is thrown to indicate to clients that use the async await API calls that the remote side closed the socket e.g. using closesocket() It is expected behavior in most cases. Since the browse response does not show any data, is this a permission issue? Can you use the standard opc UA reference client to connect and browse?