Invalid endpoint parameters when using node-red-contrib-opcua

I've tried with many different servers and with different configurations but no matter what I try, I cannot get the connection to the OPCUA server to work. As a clean testing environment, I'm attempting to connect to Prosys OPC UA Simulation Server which should be pretty straightforward.

I can use UaExpert and TwinCat's sample OPCUA client to connect to the server and browse just fine, so the server is functioning correctly and im sure im using the correct url endpoint, but when I try with node-RED I always get the following even for the most simple flow:-

it says Invalid endpoint and to check the security policy eventhough the "None" policy should be working. The OPCUA Client settings:-

(Note: forum only let me post two screenshots, the security settings for the endpoint are all none)

The error messages in the console:-

Client connect error: The expression evaluated to a falsy value:

  (0, assert_1.default)(s.length <= maxLength)

11 Aug 17:04:41 - [warn] [OpcUa-Client:c8ae0db29fa98602] OpcUaClientNode: Case A: Endpoint does not contain, 1==None 2==Sign 3==Sign&Encrypt, using securityMode: [1]
11 Aug 17:04:41 - [warn] [OpcUa-Client:c8ae0db29fa98602] OpcUaClientNode:         using securityPolicy: ["http://opcfoundation.org/UA/SecurityPolicy#None"]
11 Aug 17:04:41 - [warn] [OpcUa-Client:c8ae0db29fa98602] OpcUaClientNode: Case B: UserName & password does not match to server (needed by Sign or SignAndEncrypt), check username: undefined and password: undefined
11 Aug 17:04:41 - [warn] [OpcUa-Client:c8ae0db29fa98602] OpcUaClientNode: Case C: With Sign you cannot use SecurityPolicy None!!
11 Aug 17:04:41 - [warn] [OpcUa-Client:c8ae0db29fa98602] OpcUaClientNode: Invalid endpoint parameters:
11 Aug 17:04:41 - [error] [OpcUa-Client:c8ae0db29fa98602] Client node error on:  error: ["Wrong endpoint parameters: {\"id\":\"a189548fb2fb7199\",\"type\":\"OpcUa-Endpoint\",\"_closeCallbacks\":[],\"_inputCallback\":null,\"_inputCallbacks\":null,\"wires\":[],\"_wireCount\":0,\"credentials\":{},\"endpoint\":\"opc.tcp://PC15109.MACHINENAME:53530/OPCUA/SimulationServer\",\"securityPolicy\":\"None\",\"securityMode\":\"None\",\"login\":false,\"none\":true,\"usercert\":false,\"userCertificate\":\"\",\"userPrivatekey\":\"\",\"user\":null,\"password\":null}"]
11 Aug 17:04:41 - [error] [OpcUa-Client:c8ae0db29fa98602] Invalid endpoint

Just to further dive into the issue, I also tried to bypass node-RED and go straight to node by writing my own script to use node-opcua and connect to the server. Interestingly, I get the same assertion error and some more info, looks like it might have something to do with node.opcua-crypto:-

attempting to connect...
An error has occurred :  AssertionError [ERR_ASSERTION]: The expression evaluated to a falsy value:

  (0, assert_1.default)(s.length <= maxLength)

    at parseBitString (C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-crypto\source\asn1.ts:91:15)
    at _readBitString (C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-crypto\source\asn1.ts:113:16)
    at _readSubjectPublicKeyInfo (C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-crypto\source\crypto_explore_certificate.ts:552:44)
    at readTbsCertificate (C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-crypto\source\crypto_explore_certificate.ts:665:40)
    at exploreCertificate (C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-crypto\source\crypto_explore_certificate.ts:714:29)
    at publicKeyAndPrivateKeyMatches (C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-crypto\source\public_private_match.ts:30:33)
    at C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-client\source\verify.ts:131:39
    at Generator.next (<anonymous>)
    at C:\Users\binahmad\Documents\SWE\code\1 - Projects\20230717_opcua_Interface_testing_tool\sample-node-opcua-client\node_modules\node-opcua-client\dist\verify.js:8:71 
    at new Promise (<anonymous>) {
  generatedMessage: true,
  code: 'ERR_ASSERTION',
  actual: false,
  expected: true,
  operator: '=='
}

I've tried many things over the past few days and am at my wits end, any help will be incredibly appreciated

Do you have node-red-contrib-iiot-opcua also installed?

Where are you running node-red - docker? Bare metal (windows/Linux?Ubuntu/ Mac os? Etc)

Versions of NodeJS and node red do you have?

Hi thanks for your help! I do not have node-red-contrib-iiot-opcua insalled, do I need it too? I'm running node-red on bare metal on windows.

Node version: v16.15.0
Node red version: v3.0.2
node-red-contrib-opcua version: v0.2.310

I did see this but since I'm not running it on Docker I don't think thats the issue

No. It was highlighted as an issue on the repository issues that having both installed could cause this problem.

This issue: [BUG] Invalid endpoint, check that server has security policy · Issue #587 · mikakaraila/node-red-contrib-opcua · GitHub. Makes me think there may be a bug in the latest version. You could try installing the previous version.

Okay I downgraded and tried node-red-contrib-opcua v0.2.309 and v0.2.300 for good measure, I still got the same error message for both of them unfortunately

Output for 0.2.309 was exactly the same as 0.2.310, output of v0.2.300 was slightly different but essentially the same:-

12 Aug 23:58:13 - [info]

Welcome to Node-RED
===================

12 Aug 23:58:13 - [info] Node-RED version: v3.0.2
12 Aug 23:58:13 - [info] Node.js  version: v16.15.0
12 Aug 23:58:13 - [info] Windows_NT 10.0.19045 x64 LE
12 Aug 23:58:14 - [info] Loading palette nodes
12 Aug 23:58:20 - [info] Dashboard version 3.5.0 started at /ui
12 Aug 23:58:20 - [info] Settings file  : C:\Users\binahmad\.node-red\settings.js
12 Aug 23:58:20 - [info] Context store  : 'default' [module=memory]
12 Aug 23:58:20 - [info] User directory : \Users\binahmad\.node-red
12 Aug 23:58:20 - [warn] Projects disabled : editorTheme.projects.enabled=false
12 Aug 23:58:20 - [info] Flows file     : \Users\binahmad\.node-red\flows.json
12 Aug 23:58:21 - [info] Server now running at http://127.0.0.1:1880/
12 Aug 23:58:21 - [warn]

---------------------------------------------------------------------
Your flow credentials file is encrypted using a system-generated key.

If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.

You should set your own key using the 'credentialSecret' option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.
---------------------------------------------------------------------

12 Aug 23:58:21 - [info] Starting flows
12 Aug 23:58:21 - [info] Started flows
12 Aug 23:58:21 - [warn] [OpcUa-Client:21b02df5be40a591] OpcUaClientNode: Case A: Endpoint does not contain, 1==None 2==Sign 3==Sign&Encrypt securityMode:[1] securityPolicy:["http://opcfoundation.org/UA/SecurityPolicy#None"]
12 Aug 23:58:21 - [warn] [OpcUa-Client:21b02df5be40a591] OpcUaClientNode: Case B: UserName & password does not match to server (needed by Sign): undefined check password!!
12 Aug 23:58:21 - [error] [OpcUa-Client:21b02df5be40a591] Invalid endpoint

I guess you will need to raise an issue on the repository.

Provide as much info as possible and a step-by-step. The author is quite responsive.

Sorry been busy with refactoring code to TypeScript based.
Easier to maintain and found too many silly errors...

2 Likes

Hello, was away for a few days but now I'm back. I will definitely raise an issue on the repo if it doesn't get solved but I think the problem might be my system and not the library (or, libaries). Originally I was trying all of this on my work laptop and it didn't work but I replicated the exact setup on a different laptop with a fresh windows install and it could connect to the Prosys OPC UA server no problem.

After some more investigating, I suspect it may have something to do with how node-opcua certificate manager generated the default certificate. My guess is it tried to automatically download openssl but maybe my company firewall blocked it. Is there any way I can check for this? Maybe a path on the windows machine to see if the certificates were actually generated?

Seems like it was a problem with how node-opcua manages the certificates, it was a known bug in the node-opcua library used by node-red-contrib-opcua. A fix was pushed to node-opcua as seen here, and looks like Mika has updated node-red-contrib-opcua too :slight_smile:

I still needed to do some things to clean up my system and get it properly working though:

  • Updated Node from v16.15.0 to v18.17.1
  • deleted folder C:\Users\username\AppData\Roaming\node-opcua-default-nodejs
  • deleted folder C:\Users\username\AppData\Roaming\node-red-opcua-nodejs
  • Reinstalled node-red-contrib-opcua (to get the latest version, v0.2.311) under "Manage Palette" in node-RED

Now, everything is working as expected!

Thanks @Steve-Mcl and @mikakaraila for your help! :smiley:

1 Like

Excellent result for the community.

Thanks for updating everyone.

1 Like

Actually not yet, I need to update to node-opcua v2.110.0
See: Release v2.110.0 · node-opcua/node-opcua · GitHub

Just published new version... not working with nodejs v16.20.0

I expect we have to wait node-opcua v2.111.0 that contains/uses bcrypt.
Console tells: "using @peculiar/webcrypto"
There seems to be some functionality difference between nodejs version.

Ah I see, thanks for the update! As mentioned, I updated NodeJS to v18 and updated node-red-contrib-opcua to 0.2.311 and it seemed to work for me at least. Keep up the great work though! :smile:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.