Open kbischop opened 7 years ago
Can you check with wireshark and try to find differences in Token sending?
I hope I got the necessary data. What do I have to look for ?
`` No. Time Source Destination Protocol Length Info 31 10.265088 192.168.100.234 192.168.100.141 TCP 66 50169 → 4880 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 31: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: WistronI_98:e2:37 (3c:97:0e:98:e2:37), Dst: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55) Internet Protocol Version 4, Src: 192.168.100.234, Dst: 192.168.100.141 Transmission Control Protocol, Src Port: 50169, Dst Port: 4880, Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info 32 10.265825 192.168.100.141 192.168.100.234 TCP 66 4880 → 50169 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=2 SACK_PERM=1
Frame 32: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55), Dst: WistronI_98:e2:37 (3c:97:0e:98:e2:37) Internet Protocol Version 4, Src: 192.168.100.141, Dst: 192.168.100.234 Transmission Control Protocol, Src Port: 4880, Dst Port: 50169, Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info 33 10.266349 192.168.100.234 192.168.100.141 TCP 54 50169 → 4880 [ACK] Seq=1 Ack=1 Win=65536 Len=0
Frame 33: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: WistronI_98:e2:37 (3c:97:0e:98:e2:37), Dst: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55) Internet Protocol Version 4, Src: 192.168.100.234, Dst: 192.168.100.141 Transmission Control Protocol, Src Port: 50169, Dst Port: 4880, Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info 34 10.269335 192.168.100.234 192.168.100.141 OpcUa 116 Hello message
Frame 34: 116 bytes on wire (928 bits), 116 bytes captured (928 bits) on interface 0 Ethernet II, Src: WistronI_98:e2:37 (3c:97:0e:98:e2:37), Dst: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55) Internet Protocol Version 4, Src: 192.168.100.234, Dst: 192.168.100.141 Transmission Control Protocol, Src Port: 50169, Dst Port: 4880, Seq: 1, Ack: 1, Len: 62 OpcUa Binary Protocol Message Type: HEL Chunk Type: F Message Size: 62 Version: 0 ReceiveBufferSize: 65536 SendBufferSize: 65536 MaxMessageSize: 0 MaxChunkCount: 0 EndPointUrl: opc.tcp://192.168.100.141:4880
No. Time Source Destination Protocol Length Info 35 10.269808 192.168.100.141 192.168.100.234 OpcUa 82 Acknowledge message
Frame 35: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) on interface 0 Ethernet II, Src: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55), Dst: WistronI_98:e2:37 (3c:97:0e:98:e2:37) Internet Protocol Version 4, Src: 192.168.100.141, Dst: 192.168.100.234 Transmission Control Protocol, Src Port: 4880, Dst Port: 50169, Seq: 1, Ack: 63, Len: 28 OpcUa Binary Protocol Message Type: ACK Chunk Type: F Message Size: 28 Version: 0 ReceiveBufferSize: 65536 SendBufferSize: 65536 MaxMessageSize: 16777216 MaxChunkCount: 0
No. Time Source Destination Protocol Length Info 36 10.275734 192.168.100.234 192.168.100.141 OpcUa 186 OpenSecureChannel message: OpenSecureChannelRequest
Frame 36: 186 bytes on wire (1488 bits), 186 bytes captured (1488 bits) on interface 0
Ethernet II, Src: WistronI_98:e2:37 (3c:97:0e:98:e2:37), Dst: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55)
Internet Protocol Version 4, Src: 192.168.100.234, Dst: 192.168.100.141
Transmission Control Protocol, Src Port: 50169, Dst Port: 4880, Seq: 63, Ack: 29, Len: 132
OpcUa Binary Protocol
Message Type: OPN
Chunk Type: F
Message Size: 132
SecureChannelId: 0
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None
SenderCertificate:
No. Time Source Destination Protocol Length Info 37 10.276240 192.168.100.141 192.168.100.234 OpcUa 189 OpenSecureChannel message: OpenSecureChannelResponse
Frame 37: 189 bytes on wire (1512 bits), 189 bytes captured (1512 bits) on interface 0
Ethernet II, Src: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55), Dst: WistronI_98:e2:37 (3c:97:0e:98:e2:37)
Internet Protocol Version 4, Src: 192.168.100.141, Dst: 192.168.100.234
Transmission Control Protocol, Src Port: 4880, Dst Port: 50169, Seq: 29, Ack: 195, Len: 135
OpcUa Binary Protocol
Message Type: OPN
Chunk Type: F
Message Size: 135
SecureChannelId: 22
SecurityPolicyUri: http://opcfoundation.org/UA/SecurityPolicy#None
SenderCertificate:
No. Time Source Destination Protocol Length Info 38 10.282965 192.168.100.234 192.168.100.141 OpcUa 329 UA Secure Conversation Message: CreateSessionRequest
Frame 38: 329 bytes on wire (2632 bits), 329 bytes captured (2632 bits) on interface 0 Ethernet II, Src: WistronI_98:e2:37 (3c:97:0e:98:e2:37), Dst: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55) Internet Protocol Version 4, Src: 192.168.100.234, Dst: 192.168.100.141 Transmission Control Protocol, Src Port: 50169, Dst Port: 4880, Seq: 195, Ack: 164, Len: 275 OpcUa Binary Protocol Message Type: MSG Chunk Type: F Message Size: 275 SecureChannelId: 22 Security Token Id: 1 Security Sequence Number: 2 Security RequestId: 2 OpcUa Service : Encodeable Object TypeId : ExpandedNodeId NodeId EncodingMask: Four byte encoded Numeric (0x01) NodeId Namespace Index: 0 NodeId Identifier Numeric: CreateSessionRequest (461) CreateSessionRequest
No. Time Source Destination Protocol Length Info 39 10.283734 192.168.100.141 192.168.100.234 OpcUa 614 UA Secure Conversation Message: CreateSessionResponse
Frame 39: 614 bytes on wire (4912 bits), 614 bytes captured (4912 bits) on interface 0 Ethernet II, Src: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55), Dst: WistronI_98:e2:37 (3c:97:0e:98:e2:37) Internet Protocol Version 4, Src: 192.168.100.141, Dst: 192.168.100.234 Transmission Control Protocol, Src Port: 4880, Dst Port: 50169, Seq: 164, Ack: 470, Len: 560 OpcUa Binary Protocol Message Type: MSG Chunk Type: F Message Size: 560 SecureChannelId: 22 Security Token Id: 1 Security Sequence Number: 2 Security RequestId: 2 OpcUa Service : Encodeable Object TypeId : ExpandedNodeId NodeId EncodingMask: Four byte encoded Numeric (0x01) NodeId Namespace Index: 0 NodeId Identifier Numeric: CreateSessionResponse (464) CreateSessionResponse
No. Time Source Destination Protocol Length Info 40 10.297886 192.168.100.234 192.168.100.141 OpcUa 312 UA Secure Conversation Message: ActivateSessionRequest
Frame 40: 312 bytes on wire (2496 bits), 312 bytes captured (2496 bits) on interface 0
Ethernet II, Src: WistronI_98:e2:37 (3c:97:0e:98:e2:37), Dst: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55)
Internet Protocol Version 4, Src: 192.168.100.234, Dst: 192.168.100.141
Transmission Control Protocol, Src Port: 50169, Dst Port: 4880, Seq: 470, Ack: 724, Len: 258
OpcUa Binary Protocol
Message Type: MSG
Chunk Type: F
Message Size: 258
SecureChannelId: 22
Security Token Id: 1
Security Sequence Number: 3
Security RequestId: 3
OpcUa Service : Encodeable Object
TypeId : ExpandedNodeId
NodeId EncodingMask: Four byte encoded Numeric (0x01)
NodeId Namespace Index: 0
NodeId Identifier Numeric: ActivateSessionRequest (467)
ActivateSessionRequest
RequestHeader: RequestHeader
AuthenticationToken: NodeId
Timestamp: Jun 1, 2017 14:05:13.639300000 Mitteleuropäische Sommerzeit
RequestHandle: 3
Return Diagnostics: 0x00000000
AuditEntryId: [OpcUa Null String]
TimeoutHint: 1000
AdditionalHeader: ExtensionObject
TypeId: ExpandedNodeId
EncodingMask: 0x00
ClientSignature: SignatureData
Algorithm: http://www.w3.org/2000/09/xmldsig#rsa-sha1
Signature:
No. Time Source Destination Protocol Length Info 41 10.298409 192.168.100.141 192.168.100.234 OpcUa 106 UA Secure Conversation Message: ServiceFault
Frame 41: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) on interface 0 Ethernet II, Src: Siemens_a3:6d:55 (00:1b:1b:a3:6d:55), Dst: WistronI_98:e2:37 (3c:97:0e:98:e2:37) Internet Protocol Version 4, Src: 192.168.100.141, Dst: 192.168.100.234 Transmission Control Protocol, Src Port: 4880, Dst Port: 50169, Seq: 724, Ack: 728, Len: 52 OpcUa Binary Protocol Message Type: MSG Chunk Type: F Message Size: 52 SecureChannelId: 22 Security Token Id: 1 Security Sequence Number: 3 Security RequestId: 3 OpcUa Service : Encodeable Object TypeId : ExpandedNodeId NodeId EncodingMask: Four byte encoded Numeric (0x01) NodeId Namespace Index: 0 NodeId Identifier Numeric: ServiceFault (397) ServiceFault ResponseHeader: ResponseHeader Timestamp: Jun 1, 2017 15:26:47.923389100 Mitteleuropäische Sommerzeit RequestHandle: 3 ServiceResult: 0x80200000 [BadIdentityTokenInvalid] ServiceDiagnostics: DiagnosticInfo EncodingMask: 0x00 StringTable: Array of String ArraySize: -1 AdditionalHeader: ExtensionObject TypeId: ExpandedNodeId EncodingMask: 0x00
No. Time Source Destination Protocol Length Info 42 10.504316 192.168.100.234 192.168.100.141 TCP 54 50169 → 4880 [ACK] Seq=728 Ack=776 Win=64768 `Len=0 ``
The last person that had this issue said that the cause was a corporate laptop with some security stuff blocking opc ua.
Well this was my first thought that some security stuff is blocking ops ua, but as wrote I also checked with node.js and the node-opcua package, the Ua Expert opc ua client Softings opc ua client and a c application which uses the open62541 library. All these clients can connect using username and password. Only my python app with freeopcua cannot connect. I even tested with opcua-client-gui which also uses freeopcua and it can not connect. I tested with the client installed on one computer and the server on the other computer and also both client and server on the same computer, but this makes no difference.
Any further ideas what I can check ?
Hi, with wireshark take a falling log session with python-opcua and a working one with uaexpert then compare them. If you do not manage to spot the difference in authentication yourself, upload them to this bug report
On Thu, Jun 1, 2017, 17:06 kbischop notifications@github.com wrote:
Well this was my first thought that some security stuff is blocking ops ua, but as wrote I also checked with node.js and the node-opcua package, the Ua Expert opc ua client Softings opc ua client and a c application which uses the open62541 library. All these clients can connect using username and password. Only my python app with freeopcua cannot connect. I even tested with opcua-client-gui which also uses freeopcua and it can not connect. I tested with the client installed on one computer and the server on the other computer and also both client and server on the same computer, but this makes no difference.
Any further ideas what I can check ?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/FreeOpcUa/python-opcua/issues/455#issuecomment-305522635, or mute the thread https://github.com/notifications/unsubscribe-auth/ACcfzktPbklpcOAiAxdVP5jsV0-fRZQ1ks5r_tOMgaJpZM4NswF_ .
The difference should be somewhere in the last packet we send before the error
On Thu, Jun 1, 2017, 17:29 Olivier Roulet-Dubonnet olivier.roulet@gmail.com wrote:
Hi, with wireshark take a falling log session with python-opcua and a working one with uaexpert then compare them. If you do not manage to spot the difference in authentication yourself, upload them to this bug report
On Thu, Jun 1, 2017, 17:06 kbischop notifications@github.com wrote:
Well this was my first thought that some security stuff is blocking ops ua, but as wrote I also checked with node.js and the node-opcua package, the Ua Expert opc ua client Softings opc ua client and a c application which uses the open62541 library. All these clients can connect using username and password. Only my python app with freeopcua cannot connect. I even tested with opcua-client-gui which also uses freeopcua and it can not connect. I tested with the client installed on one computer and the server on the other computer and also both client and server on the same computer, but this makes no difference.
Any further ideas what I can check ?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/FreeOpcUa/python-opcua/issues/455#issuecomment-305522635, or mute the thread https://github.com/notifications/unsubscribe-auth/ACcfzktPbklpcOAiAxdVP5jsV0-fRZQ1ks5r_tOMgaJpZM4NswF_ .
An old one, but I'm facing the same issue. Did anyone manage to find a solution?
Thanks
I´m using the Softing OPC UA server SDK in my application (Softing SDK) and try to connect with freeopcua /python-opcua 0.90.3 to this Softing OPC OPC UA server. I´m using windows 7 64 bit and python 3.5.2
I can only connect with anonymous to the OPC UA server. Whenever I try to use a username , password combination I get the error BadIdentityTokenInvalid.
I checked with other OPC UA clients -> node.js with node-opcua package, UaExpert and Softings own OPC UA client. All these clients work without problems with the anonymous account but also with the user account with username and password.
Are there known problems with the Softing OPC UA Server ?
Here is the log: