I am trying to connect OPC UA client to an OPC UA server over the ethernet cable. I receive the following error
LabVIEW: (Hex 0xFFFA8EF7) The OPC UA client cannot connect to the OPC UA server because the security policy, username, or password is invalid.
client can connect anonymously so I dont need to add user/pass but when I add this the error changes to
LabVIEW: (Hex 0xFFFA8ED3) The status of the OPC UA server is uncertain
so I am not sure where is the problem?? any help will be useful
With LabVIEW DSC versions 2011 and previous you would see the Hex 0xFFFA8ED3 error returned from the server whenever it did not trust the client connection. This error output was changed in later versions. If you're using 2011 or previous I would confirm that you are correctly pointing to the trusted server certificate on the client side. As stated in the help,
The trusted server certificates control of the Connect VI specifies
the file paths of the certificates that the OPC UA client trusts. You
must manually copy the trusted server certificates from the OPC UA
server machine to the OPC UA client machine, and then enter the path
to the trusted server certificates control of the OPC UA client.
Refer to the Creating an OPC UA Server Application and an OPC UA Client Application in the DSC Module help for more information and a general tutorial.
Related
I have installed Lince Bi on Windows machine but on connecting SQL server it is showing SSL error.
"com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "No trusted certificate found". ClientConnectionId:92c4c4cd-5088-45d0-97c6-363303c25af1
"
I already added trust certificate
If the driver keeps failing with the encryption error, make sure to provide the "Encrypt=false" parameter to the data source.
You need to provide the apropriate Microsoft JDBC driver in order to LinceBI work correctly as well.
You can download it from Microsoft: Download Microsoft JDBC Driver for SQL Server
I use mssql-jdbc-10.2.1.jre8.jar because I'm using Java JDK 8.
The driver must be put inside the lincebi_web\tomcat\lib directory.
Best Regards!
Within two environments, where database servers with SQL Server 2008 R2 and SQL server 2012 are operated, the Extended Protection and SSL Encryption settings have been enabled. Since then, the applications (SharePoint 2010, SharePoint 2013 und ADFS) are having problems connecting to the databases. Following error message is logged in the SQL Server error logs: “SSPI handshake failed with error code 0x80090346, state 46 while establishing a connection with integrated security; the connection has been closed. Reason: The Channel Bindings from this client are missing or do not match the established Transport Layer Security (TLS) Channel. The service might be under attack, or the data provider or client operating system might need to be upgraded to support Extended Protection. Closing the connection.”.
On the client-side, following error message is logged: “Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.”
Basically, when both settings are enabled, the remote connection, even through SQL Server Management Studio, does not work anymore. This issue can be resolved by disabling one of the two settings.
If "disabling one of the two settings" still results in the connection between the two servers being encrypted, then your objective might have been achieved sufficiently by using only the other.
Summary: I'm trying to connect iFix OPC server remotely, but the OPC client get 80004005 (Unspecified Error).
The whole testing environment is like this:
The iFix 5.0 software is installed on a laptop (A), with Windows XP SP3, to run as a OPC server.
On the client machine (B), it is Windows Server 2008 R2.
Firewalls and Antivirus are totally turned off on both side.
iFix software is installed successfully. Because Matrikon OPC explorer together with other two 3rd party OPC testing tools can connect to iFix OPC server (Intellution.OPCiFIX.1) locally, on laptop (A); and can add tags and retrieve data with no issue.
DCOM can be regarded as duly configured on both side, because:
- On machine B, using three different OPC explorers, I can get OPC server list on laptop A (means OPCEnum is working fine on laptop A).
- Matrikon OPC server and another in-house OPC server on laptop A can be connected by OPC explorers on machine B.
The DCOM configurations for OPCiFIX on laptop A is like this :
- Genral Tab: Authentication level set to "None"
- Location Tab: Tick "Run application on this computer"
- Security Tab: Users are already created on laptop A and granted proper permission. Because under the same configuration, Matrikon and another in-house OPC server is already working fine.
- Identity Tab: Set to "This user", and specified the correct username and password. The input can be guaranteed valid, because I used the same setting applied to Matrikon OPC server, and it communicates well with machine B through network.
The result:
It seems I configured everything correct, I still get the error 80004005.
Other ways that I have tried
I googled for this issue, and then found this document:DCOM Configuration when you want to use iFIX is OPC Server, and configured as per it's instructions, but still not work out.
According to the doc, on laptop A, OPCiFIX DCOM configuration -> Security Tab, when I grant "Deny Launch" to the specific user, I get 80070005 (Access Denied) instead of 80004005 (Unspecified Error).
Another try: On laptop A, OPCiFIX DCOM configuration -> Identity Tab, when I choose "The interactive user" or "The launching user", the OPC explorers on machine B then get this error message: "The server process could not be started because the configured identity is incorrect. Check the username and password."
Seeking help
So any body could tell where did I go wrong? Really appreciate for your help!
Can I use the Integrated Security (a.k.a. Trusted Connection) option in a connection string if I'm connecting to a remote machine that's not on a domain?
I have a development server with Windows Server 2012 with WebSocket support, but I want to develop against the existing database on our main public server located in a remote virtual hosting environment. I've set up and established an encrypted VPN connection from the dev server to the main server, so I'm able to manager the database remotely via SSMS and connect to it via .NET's System.Data.SqlClient classes, but I'm currently doing so using an SQL Server account with a username and password.
Neither of the computers are on a domain, although the VPN simulates the connection occuring over a LAN. So I was wondering if there was a way to add the dev-server's windows user account to SQL Server on the main system, so that I could connect with integrated security from the dev server. Or does integrated security only work when connecting to the local database and a computer on the same domain?
Integrated security will only work when the machines are on the same domain (or a different domain with a trust) this is because SQL server has to contact a domain controller to authenticate a windows logon, which it can only do if it is a member of a domain.
Just being connected to the LAN is not enough as although the machine may be able to physically connect to the domain controller, it will not be able to authenticate users against it.
This is not necessarily true, here's how you can do it.
First add the Server name and IP address to your local hosts file.
Now go into Credential Manager in Control Panel and add the Server name of the SQL Server that you added to your hosts file with :1433 at the end.
So for example
local hosts entry
192.168.1.1 SQLServer
Control Panel Credential Manager
internet of network address: SQLServer:1433
Username: DOMAINNAME\UserName
This also works for Visual Studio if you want to use Integrated Security.
Hope this helps!
I suddenly started getting this error when trying to connect to any of my sql servers (25+) from SSMS on Windows XP. When I left work yesterday everything was working fine, came in this morning, and I started getting this. Tried rebooting my pc but that obviously didn't fix it. My co-workers can all connect just fine. Searched for a solution but everything I found was regarding encryption in regards to .NET applications. Not sure how to apply that to SSMS.
alt text http://picasaweb.google.com/lh/photo/-l9VrFuYXk-A80NzZ1kzng?feat=directlink
For some reason the image won't work so the error is this:
A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) (Microsoft SQL Server)
The question seems to have been answered, but I wanted to chime in. For some providers, such as SQL Server, there is a parameter in connection string which lets you connect to server encrypted even if certificate is unknown: "TrustServerCertificate=True", so if you include that in a connection string, you will connect and work encrypted, and will not have to run connection non-encrypted.
Try this...
Its gotta be a client issue if you lost connection to all your remote servers and your coworkers are fine. You probably got "clicky" and changed some settings inadvertantly.
Open your client network utility (mine is here: C:\WINDOWS\system32\cliconfg.exe).
Under the General Tab, check out the disabled protocols. They should all have "force protocol encryption" unchecked. If this is checked for any of those values, your local SSMS is probably trying to force an encrypted connection and failing.
Report back if this doesn't work, and I'll poke around a bit more.
When connecting using MS SQL Server Management Studio in the connect window go to Options->Connection Properties and check checkbox Trust server certificate
You connect to your SQL Servers requesting encrypted connections and you don't trust the certificate(s) used by those servers. Why that happens depends on a myriad or reasons.
Do your servers use self-signed certificates or PKI issued certificates?
Who is the PKI authorithy that issued your certificates? Is it a corporate certificate service?
Does your computer trust the PKI root authority?
If you don't know the answers to this, you must contact your network and security administrators. Simply disabling protocl enforcing requirement from your client may be against corporate policy, or the servers may enforce SSL anyway disregarding your local setting.
These are all questions you should ask your own environment admins, not public forums. You should try to solve the issue, not hack your way arround it and end up with a non-compliant machine.
From this link:
Disable client-side Force Encryption
on the server. On the machine that
runs the SQL Server instance, open up
the SQL Server Configuration Manager,
right-click SQL Native Client
Configuration, and set Force Protocol
Encryption to No. Then try connecting
locally.
http://blogs.msdn.com/sql_protocols/archive/2005/12/22/506607.aspx
I got this error, I tried to connect a remote server SQL (SaaS) in MS Cloud
I added a new firewall rule in Azure portal with my client IP that solved my issue
Open Command Prompt: press Windows Key+ R then type cmd and run
Enter this:
runas /user:[YourDomainName]\[YourActiveDirectoryUserName] /netonly cmd
Enter your active directory password and press enter
In New Command Window enter your SSMS.exe Path with double cotation like:
"C:\Program Files (x86)\Microsoft SQL Server\130\Tools\Binn\ManagementStudio\Ssms.exe"
Then login with windows athentication