FactoryTalk Client cannot reach Server
My customer is using the Cosy 131. They are able to use ecatcher and reach the lan side of the ewon. On the LAN side of the cosy is an HMI scada server, Factory Talk Server. Remotely from a laptop he can ping the server and download files from it.
The problem is when he runs the FactoryTalk Viewer client, it cannot connect to the Factory Talk Server.
Is this a probelm with the Ewon? Is there a security setting that is preventing the Client app from reaching the server through the ewon connecto? Is this even possible through the ewon connection?
The firewall setting is at Standard so it doesn't block anything.
-
We would need to know what protocol you are using. Is this viewer client web based or a Windows application you installed? Do you know how it works? (we'd need to check documentation or take a packet capture if you don't know)
Try enabling "BroadcastForwarder' in the comcfg.txt file, (Setup > System > Storage > Edit COM cfg) "1' is enabled and "0' is disabled, because it may be using multicast messaging.
0 -
Application based and it uses TCP to communicate but he still gets an error after turning on BroadcastForwarder and PLC discovery is enabled.
Regards,
0 -
Kyle,
Here is some info from the customer. Logs and wireshark files.
Comments below:
I got a step closer. I got the FactoryTalk Client to see the server and start to download the client connection. Whoever it gets hung up loading the files. I have sent along the capture files to see if the tech support guys see why this might be happening.
Regards,
0 -
Hi @Sut_Am,
Thank you for the data. Please change your VPN connection to TCP only. I think it will work better.
For Flexy you can change this in Setup > System > Communication > Networking > VPN Connection > Global
For Cosy go to Setup > System > Storage > Edit COM cfg and change:
VPNProto --> 1 VPNPortOut --> 443
If this does not fix the issue, please make a backup of the Cosy using eBuddy, make sure to check "Include Support Files", and send that to me.
Thank you,
Kyle
0 -
From the customer.
Here are some additional files. I had the IT guy open up all the ports, I can connect to my server, my application will start, but it gets hung-up. I am thinking it is because a port is still blocked at the VPN or there might be some sort of traffic issue.
Regards,
0 -
Were you able to try this?
For Cosy go to Setup > System > Storage > Edit COM cfg and change:
VPNProto --> 1 VPNPortOut --> 443
0 -
The customer did try it and still did not work. Here is the backup file attached.
Regards,
MOVED TO STAFF NOTE (166 KB)
0 -
There are no errors in the eWON logs to indicate any type of issue there.
I went over the PCAPs. The first one was very large and it showed traffic between 172.16.10.30 (FactoryTalk Server?) and 10.213.19.232 (Talk2M VPN Server), the second looks like more of the same but is very short, and the 3rd seems to be from another network because it shows a device (I assume it's the laptop running Wireshark and eCatcher) connected to various device on the internet including a Talk2m VPN server. I'm not seeing any problems in them, but I'm not familiar with the FactoryTalk information and whether or not it's correct. For example, this stream:
HMISERVICE.txt (66.2 KB)
I don't see any errors, but I'm not sure what I'm looking for. I think this is something you will have to bring to Rockwell Support. It's using DCOM so it's can be hard to tell what is going on. Here are other streams that seem to be running concurrently:
FT_pcap_stream.txt (469.8 KB)
FT_pcap_stream-2.txt (17.5 KB)
That last one had some "spurious re-transmissions" which means packets that were already sent and ack'd were sent again fro some reason from the FT Server (or 172.16.10.30), but that shouldn't be corrupting the configuration.
I think it's possible that the configuration is getting corrupted during transport, but I'd have to see the errors from the FactoryTalk server or software to confirm. I'm not sure if there are settings in that software that may help. I would recommend contacting Rockwell support as well.
0 -
The customer has spoke to Rockwell Support. See below. Again Let me know when you can get on a call and talk some of these issues out.
Rockwell support says it is not an issue with their system because I connect without issue if I move the system to the local LAN (172.16.10.x). The issue is the way the Ewon is handling the packets.
Regards,
0 -
Here are some more logs from the customer and comments.
"It seems to take 40 mins for the system to connect to the FactoryTalk server once I login and connect with the Talk2Me software. Once it connects to the FactoryTalk Server (after 40 mis +/-) the FactoryTalk client connects right away every time. I have attached the event log files to see if that sheds any light."
0 -
You can reach us between 0800 and 1700 M-F EST at 312-893-5636, but regarding this:
This is not an acceptable answer from Rockwell. I could likewise say that you can ping and download files through the eWON so it's not an issue with the eWON, it's an issue with the FactoryTalk software. I spent time going over those packet captures and logs and there are no errors. The only error is from the FactoryTalk Server. If they won't give me any more information regarding the error, there is nothing more I can do than tell you it is not supported.
0 -
I totally understand and agree with you. I have already mentioned the ewon is working as it should but only when the FactoryTalk Server/client is used, problems arise.
I will go ahead and move forward with eWON support has done their part and no error is found wit the ewon itself.
Regards,
0 -
Thank you. I will go over these and let you know what I find out.
0 -
I can look into this further and escalate the issue, but I would need a lot more information about the FactoryTalk software being used on the client and server, like versions, settings, configurations, etc. That will also help looking for any known issues with the software.
I can see there is communication between them, but it seems like it's timing out or incomplete. If there are any settings for increasing the timeout or decreasing any security or encryption options, I would try changing those if he hasn't already.
Thanks,
Kyle
0
Please sign in to leave a comment.
Comments
14 comments