Troubleshooting

Where to find the IoT-Hub owner connection string

Open the IoT-Hub overview and navigate to the Shared access policies of the Settings section.
Click on the iothubowner and the connection string is shown at the right bottom. It can be copied by clicking the copy symbol.

Azure Connection String

Azure Connection String

Further description how to get this connection string through the Azure portal is found here.

Device Explorer Desktop Application

The device explorer desktop application can be used to:
* View the registered devices within the IoT-hub.
* Subscribe to data send by a device to the IoT-hub.
* Send data to a divce through the IoT-hub.

The installer of the device explorer desktop application is available here.
How to use the device explorer is explained in: https://github.com/Azure/azure-iot-sdk-csharp/tree/master/tools/DeviceExplorer

Verify the status of iot-edge-opc-proxy and iot-edge-opc-publisher

Use the command docker container ls to verify that iot-edge-opc-proxy and iot-edge-opc-publisher are running.

For more details, read https://docs.docker.com/engine/reference/commandline/container_ls/.

To access the log output of iot-edge-opc-proxy use the command docker container logs -f proxy.

To access the log output of iot-edge-opc-publisher use the command docker container logs -f iot-edge-opc-publisher.

For more details, read https://docs.docker.com/engine/reference/commandline/container_logs/.

Verify DNS settings within proxy container

To connect the OPC UA client of the connected factory to the OPC UA servers of the dataFEED suite and the publisher, the DNS settings of the proxy container must be set up correctly. To verify this, use the following commands:

docker container exec proxy cat /etc/resolv.conf
docker container exec proxy cat /etc/hosts
docker container exec proxy ping -c 2 publisher.example.com # Replace .example.com with your domain name
docker container exec proxy ping -c 2 iisk-demo.example.com # Replace iisk-demo.example.com with the FQDN of your device

The ping may fail due to firewall settings. But at least it should show, that the hostnames are resolved correctly.

Verify local OPC UA access with certificates to dataFEED OPC Suite with OPC UA client

Start the dataFEED OPC UA client and start a new session.

dataFEED UA Client New Session

dataFEED UA Client New Session

Enter the endpoint URI of the dataFEED OPC UA server and choose the SignAndEncrypt and Basic256Sha256 options and "Validate" the connection.

dataFEED UA Client Endpoint

dataFEED UA Client Endpoint

Trust the dataFEED OPC UA server certificate in the dataFEED OPC UA client.

dataFEED UA Client Accept Certificate

dataFEED UA Client Accept Certificate

The connection validation will fail if the OPC UA client certificate is untrusted in dataFEED OPC UA server.

dataFEED UA Client Validation Fail

dataFEED UA Client Validation Fail

Open the Certificate Management in dataFEED OPC UA server and locate the the dataFEED OPC UA client certificate.

dataFEED OPC UA trusted UA Client

dataFEED OPC UA trusted UA Client

Move the dataFEED OPC UA client certificate to the trusted certificate store.

dataFEED OPC UA trusted UA Client

dataFEED OPC UA trusted UA Client

In the dataFEED OPC UA client the connection validation should pass now.

dataFEED UA Client Validation OK

dataFEED UA Client Validation OK

The address space of the dataFEED OPC UA server can be browsed.

dataFEED UA Client Browse Address Space

dataFEED UA Client Browse Address Space

If this steps are successfully performed the dataFEED OPC UA server is correctly configured.

Verify local OPC UA access to iot-edge-opc-publisher via OPC UA client

Start the dataFEED OPC UA client and start a new session.

dataFEED UA Client New Session

dataFEED UA Client New Session

To add the endpoint URI of the iot-edge-opc-publisher you can modify the endpoint URI of the dataFEED OPC UA server. Remove everything after the FQDN in the endpoint URI and replace the portnumber with 62222. Choose the SignAndEncrypt and Basic256Sha256 options and "Validate the connection.

dataFEED UA Client Endpoint

dataFEED UA Client Endpoint

Trust the iot-edge-opc-publisher certificate in the dataFEED OPC UA client.

dataFEED UA Client Accept Certificate

dataFEED UA Client Accept Certificate

In the dataFEED OPC UA client the "Connection Validation" should pass now.

dataFEED UA Client Validation OK

dataFEED UA Client Validation OK

The address space of the iot-edge-opc-publisher now can be browsed.

dataFEED UA Client Browse Address Space

dataFEED UA Client Browse Address Space

If this steps are successfully performed the iot-edge-opc-publisher is running and accepts OPC UA connections.

Verify that nodes can be published by manually adding

Choose a valid NodeId from the dataFEED UA server address space that should be published. Browse the dataFEED OPC UA server address space and click on an item. Its NodeId is shown and can be copied from the Properties field.

dataFEED UA Client Properties NodeId

dataFEED UA Client Properties NodeId

Browse to the PublishNode method of the iot-edge-opc-publisher and click to open its attributes.
Fill in the Input Arguments of the PublishNode method with the endpoint URI of the dataFEED OPC UA server and a valid NodeId of the dataFEED OPC UA server.

dataFEED UA Client Call Publish Method

dataFEED UA Client Call Publish Method

If the call of the PublishNode method is succesful, a Good result is shown.

dataFEED UA Client Call Publish Method

dataFEED UA Client Call Publish Method

If this is the first time the iot-edge-opc-publisher is connecting to the dataFEED OPC UA server, the certificate is untrusted.
Open the dataFEED configuration and select "Configure" in the certificates section of the dataFEED OPC UA settings.

dataFEED OPC UA configure certificates

dataFEED OPC UA configure certificates

Find the certificate of iot-edge-opc-publisher in the rejected certificates store.

dataFEED OPC UA untrusted Publisher

dataFEED OPC UA untrusted Publisher

And move the iot-edge-opc-publisher certificate to the trusted certificates store.

dataFEED OPC UA trusted Publisher

dataFEED OPC UA trusted Publisher

Start the Device Explorer and open its "Data" tab. Select the Device ID of the iot-edge-opc-publisher and monitor for new events.

Device Explorer Data View

Device Explorer Data View

If this steps are successfully performed the connection from iot-edge-opc-publisher to the Azure IoT-Hub is working properly.

Reset docker to default

Reset all settings related to docker, the containers iot-edge-opc-proxy and iot-edge-opc-publisher. Open the Docker settings and navigate to the reset settings page and click the "Reset" button.

Docker Reset

Docker Reset

Confirm to reset.

Docker Reset

Docker Reset

In the setting "Shared Drives" enable the share for drive "C" again.

docker share drive

docker share drive

Delete all content that was created by the containers from the shared folder.

Delete Shared Folder Contents

Delete Shared Folder Contents

Now when starting the iot-edge-opc-proxy and iot-edge-opc-publisher scripts, they will behave like the first time.

Verify that Certificates are trusted in Connected factory

If the Connected factory constantly fails to Connect to an OPC UA server.

Connected Factory Connect Error

Connected Factory Connect Error

Please verify that the Connected factory trusts the certificate of the OPC UA server.

Open the App Service Overview and navigate to the "App Service Editor" of the "Development Tools" section.
Click Go" to open the App Service Editor.

App Service Editor

App Service Editor

Navigate the folder structure to the OPC Foundation -> Certificate Stores

App Service Editor Certstore Rejected

App Service Editor Certstore Rejected

Drag and drop the certificate from the RejectedCertificates -> certs folder to UA Applications -> certs folder.

App Service Editor Certstore DND

App Service Editor Certstore DND

All certificates of OPC UA servers that you want to connect shall be located in the UA Applications -> cert folder.

App Service Editor Certstore Trusted

App Service Editor Certstore Trusted

Restart the Connected factory App Service

If you cannot solve a problem, it may help to restart the Connected factory App Service.
Navigate to the App Service Overview page and hit the "Restart" button.

App Service Restart

App Service Restart


Continue reading with:
* Table of Content


Version: Documentation-v1.1.0