I have two windows services, one service (service1) connects to two OPC-UA servers, this works fine. The other windows service (service2) connects to the same two OPC-UA servers with identical connection code from OPC-UA foundation's .NET reference stack.
Service1 can connect to both OPC-UA servers and it polls data successfully. During deployment of Service2, Service2 could also connect and read values from both OPC-UA servers. Everything was fine at this point.
However, now after a while, without doing any changes to any code. Service2 can no longer connect to one of the OPC-UA servers, when doing Session.Create it simply replies with ServiceResultException BadSecureChannelClosed(2156265472).
Starting troubleshooting: On our customer site, we also have a test server which runs an identical setup of the setup on the production environment, meaning that Service1 and Service2 also runs on the test server and communicates in identical manner to those two OPC-UA servers.
I have noticed that when I turn off the services on the test server, the BadSecureChannelClosed error of Service2 disappear (however Service2 could still communicate with the other one of two OPC-UA servers). Making everything work as expected on the production server.
This leads me to wonder what limitations of sessions and connections are there on an OPC-UA server. The OPC-UA servers are of type SINUMERIK 840d. I have asked Siemens if its possible to activate the ServerDiagnostics object to troubleshoot amount of Sessions etc, but they replied that this isn't possible. I thought this object was mandatory to be able to enable?
Could anyone give me hints of what could cause this, and what limitations and things I should think about while making the connection, e.g. what needs to be unique? ApplicationName? SessionName? etc. What could cause this - seemingly - "random" BadSecureChannelClosed error. Note that I am using updateBeforeConnect=true in the Create Session call. And I use UserIdentity with hardcoded usernames and password.
Another wierd symptom is that for this OPC-UA server that replies with BadSecureChannelClosed, it gives Discovery error when connecting to it with UaExpert (errors that were not present few weeks ago):
16:58:41.806 | Automatic Update | Error retrieving current version information: Host updates.unified-automation.com not found
16:58:35.404 | DiscoveryWidget | Discovery GetEndpoints on opc.tcp://192.168.0.200:4840 failed (BadCommunicationError)
16:58:35.401 | DiscoveryWidget | Discovery FindServers on opc.tcp://192.168.0.200:4840 failed (BadCommunicationError)
The current Sinumerik OPC UA server is buggy and does not provide properly encoded ExtensionObjects. You will need to request an update to the server from Siemens, once it will be available.
Note that you can access it without problems with UaExpert, which can decode the badly encoded ExtesionObjects. This has just enabled them to release such a buggy version in the first place.
EDIT: Note about ExtensionObjects: The ServerStatus is transferred as an ExtensionObject, if you try to read it as a complete structure. Also the PublishResponse (used for providing subscription data) includes data changes encoded as ExtensionObjects. So, if you monitor the status via ServerState only, it probably works. But the subscriptions will not work, anyway.