Scribd Logo
Upload

Welcome to Scribd!

  • 71 views

    © 2022 AVEVA Group PLC and Its Subsidiaries - All Rights Reserved

    Uploaded by

    melin2000
    This document provides a resolution for an issue where a Citect or Plant SCADA OPC UA client cannot connect to an OPC UA server when running as a service. The issue is caused by the user running the service not having the proper permissions on the OPC UA client certificate private key. The resolution involves adding the service user to the Citect.Driver.Users local group and ensuring that group has permissions on the private key in the certificate store.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    © 2022 AVEVA Group PLC and Its Subsidiaries - All Rights Reserved

    Uploaded by

    melin2000
    71 views1 page
    This document provides a resolution for an issue where a Citect or Plant SCADA OPC UA client cannot connect to an OPC UA server when running as a service. The issue is caused by the user running the service not having the proper permissions on the OPC UA client certificate private key. The resolution involves adding the service user to the Citect.Driver.Users local group and ensuring that group has permissions on the private key in the certificate store.

    Original Description:

    Aveva

    Original Title

    000034386

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides a resolution for an issue where a Citect or Plant SCADA OPC UA client cannot connect to an OPC UA server when running as a service. The issue is caused by the user running the service not having the proper permissions on the OPC UA client certificate private key. The resolution involves adding the service user to the Citect.Driver.Users local group and ensuring that group has permissions on the private key in the certificate store.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    71 views1 page

    © 2022 AVEVA Group PLC and Its Subsidiaries - All Rights Reserved

    Uploaded by

    melin2000
    This document provides a resolution for an issue where a Citect or Plant SCADA OPC UA client cannot connect to an OPC UA server when running as a service. The issue is caused by the user running the service not having the proper permissions on the OPC UA client certificate private key. The resolution involves adding the service user to the Citect.Driver.Users local group and ensuring that group has permissions on the private key in the certificate store.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 1

    Content Type Support Article

    Article # 000034386

    Title Citect / Plant SCADA OPC UA client cannot connect to an OPC UA server when running as a service.

    Legacy DocId

    Confidence Expert Reviewed

    Published On 12/10/2022

    ISSUE
    You configure Citect / Plant SCADA to run as a service. One or more of your IO devices are using the OPC UA client driver to connect to equivalent OPC UA servers. After configuring the OPC UA client driver to run as a service as well, you are not able to establish a connection with the OPC UA server.

    Connection to the OPC UA server is successful when running in application mode.

    In the syslog file of the IO server there is no entry pointing to a specific issue, just the error message below:
    [ERROR] [CORE ] [0x0b68] [IOServer ] [(GLOBAL) ] [ErrorLog() ] [errlog.cpp ] [266 ] Error: Unit offline UINIT 000c PORT1_BOARD1 IODevUA Error_in_CMD-3 16 Generic 000012 Driver 00000023 (0x00000017)

    ENVIRONMENT

    Applies to:

    Citect SCADA 2016 onwards (v8.xx)


    Plant SCADA 2020 R2 (v8.30)

    RESOLUTION

    To correct this issue, follow the steps below:

    1. Check that the user running Citect /Plant SCADA as a service is a member of the Citect.Driver.Users Windows Local Group. This user will be the NT SERVICE\Citect Runtime Manager for Plant SCADA 2020 R2 or any Windows user for Citect SCADA (Figure 1 below).

    Figure 1: Members of the Citect.Driver.Users Windows Local Group.

    2. Open the Windows Local computer Certificate store by typing certlm.msc on the Windows search bar.
    3. Go to the Personal Store and select the OPC UA Client Certificate, which is by default the Citect / Plant SCADA OPC UA Client Driver certificate.
    4. Right Click on the certificate and select All Tasks > Manage Private Keys... (Figure 2 below).

    Figure 2: Manage private Keys.

    5. Make sure that the group Citect.Driver.Users is listed in the Groups/Users assigned with permissions for the private key of the certificate (Figure 3 below).

    Figure 3: Permisssions for Citect / Plant SCADA OPC UA Client Driver private key.

    CAUSE

    The issue can be due to the rights a user has on the Citect / Plant SCADA OPC UA Client Certificate which is used by default to authenticate the OPC UA client with the OPC UA server. check the persmissions

    You can encounter the problem in the following cases:

    1. When you are running as a service a Citect SCADA version and you are using another user rather than the default user running the processes, which is the Local System Account (SYSTEM user).
    2. When you are running as a service Plant SCADA 2020 R2 and using the virtual user NT SERVICE\Citect Runtime Manager, which is the default setting and needs to be kept like that in order to use encryption.

    By default, when you are running the Configurator to set up the OPC UA Client Driver, when the Plant SCADA I/O process is configured to run as a service, you need to select the option The driver process will run as a service. In that case the Configurator will add the Runtime Manager service account to the Citect.Driver.Users group.

    If the user running Citect / Plant SCADA as a service is not a member of the Citect.Driver.Users or the Citect.Driver.Users is missing from the Security Configuration for the permissions on the Citect / Plant SCADA OPC UA Client Certificate private key, then you can encounter the aforementioned problem.

    Terms of Use| Privacy Policy


    © 2022 AVEVA Group plc and its subsidiaries.All rights reserved.

    You might also like