The connection may have been rejected by server, Err = (Invalid message header detected)

[raptorsj]

i'm getting this error while connecting to the device. what is the meaning of this error

[ahermosa-monom]

I'm getting the same error after everything was working before an electrical shutdown.

./node_modules/.bin/simple_client  -e "opc.tcp://192.168.150.150:4840" --securityMode SignAndEncrypt --securityPolicy Basic256Sha256 -n "ns=2;s=S7_343.50"
securityMode        =  3
securityPolicy      =  http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
timeout             =  20000
 monitoring node id =  NodeId { identifierType: 2, value: 'S7_343.50', namespace: 2 }
 connecting to  opc.tcp://192.168.150.150:4840
    strategy {
  initialDelay: 2000,
  maxDelay: 10000,
  maxRetry: 10,
  randomisationFactor: 0
}
12:24:59.678Z :client_secure_channel_layer   :522   requestData not found for requestId =  1 try with  2
 Cannot connect to opc.tcp://192.168.150.150:4840
 Error =  The connection may have been rejected by server,
Err = (Invalid message header detected)

UAExpert still works with the same config.

This is the captured packet from running simple client to browse a specific node:

[ahermosa-monom]

@erossignon can you specify which additional info is required?
I can provide the needed information

[erossignon]

Describe the bug*

Step by step instruction to reproduce

Steps to reproduce the behavior:

1. ....
2. ....
3. ....

Expected behavior

Screenshots

Gist

 Whenever possible, provide a self-contain script file that reproduces the issue. 
 You can create a gist here: https://gist.github.com/ and share the link

gist:

 Please, provide a full script or program that can help reproduce the issue.

Context

• ( ) my request is related to node-opcua acting as an OPCUA CLIENT

• ( ) my request is related to node-opcua acting as an OPCUA SERVER

• ( ) I have installed node-opcua from source ( using git clone)

• ( ) I have installed node-opcua as a package ( using npm install )

• ( ) I am using an application that uses node-opcua

  • ( ) node-red
  • ( ) other : please specify

• Device: ______

• OS version: ______

  • ( ) Windows : version : ______
  • ( ) Linux : version : ______
  • ( ) MacOs : version : ______
  • ( ) Raspbian: version : ______
  • ( ) docker/K8s environment : under OS .....
  • ( ) Other : specify : ______

• Description of the other OPCUA system I am trying to connect to:

  • Name: ______
  • Version: ______
  • Manufacturer/Software vendor: ______
  • link to the manufacturer or product site: https://

• node-opcua version: :

  provide the semver version numero of node-opcua
  

• Node:

   `node --version` =
  

[ahermosa-monom]

Just a quick update, I ran npm update for this library and the error log now shows a new line:

$ ./node_modules/.bin/simple_client  -e "opc.tcp://192.168.150.150:4840" --securityMode SignAndEncrypt --securityPolicy Basic256Sha256 -n "ns=2;s=S7_343.140"  -x ~/private_key.pem -c ~/cert.pem --debug
securityMode        =  3
securityPolicy      =  http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
timeout             =  20000
 monitoring node id =  NodeId { identifierType: 2, value: 'S7_343.140', namespace: 2 }
 connecting to  opc.tcp://192.168.150.150:4840
    strategy {
  initialDelay: 2000,
  maxDelay: 10000,
  maxRetry: 10,
  randomisationFactor: 0
}
10:39:05.988Z :client_secure_channel_layer   :522   requestData not found for requestId =  1 try with  2
10:39:06.007Z :client_base_impl              :702   Inner create secure channel has failed Invalid message header detected
 Cannot connect to opc.tcp://192.168.150.150:4840
 Error =  The connection may have been rejected by server,
Err = (Invalid message header detected)

[Vjb80]

I am also facing this problem and have done few testing using different option.

Client 1: Linux with node red version 3.0.2 and node-red-contrib-opcua version 0.2.306
Client 2: windows with node red version 3.0.2 and node-red-contrib-opcua version 0.2.313

OPC UA Server 1: Security: None
OPC UA Server 2: Security: Basic128Rsa15 (Sign, Sign & Encrypt), Basic256 (Sign, Sign & Encrypt)
OPC UA Server 3: Security: None, Basic128Rsa15 ( Sign & Encrypt), Basic256Sha256 ( Sign & Encrypt)
OPC UA Server 4: Security: None, Basic128Rsa15 (Sign, Sign & Encrypt), Basic256 (Sign, Sign & Encrypt)

I am able to establish connection with Security policy None, Basic256Sha256.

The problem seem to be only with Basic128Rsa15 and Basic256. I could see the client produces the certificate to the server, which I can see and trust it. I don't see the server certificate accepted / rejected.

client_secure_channel_layer :234 requestData not found for requestId = 1 try with 2
Client connect error: The connection may have been rejected by server,
Err = (Invalid message header detected)

[erossignon]

THis forum is for node-opcua not node-red-contrib-opcua;

if you have any doubt, you need to provide a way to reproduce the issue with node-opcua only:

 Whenever possible, provide a self-contain script file that reproduces the issue. 
  You can create a gist here: https://gist.github.com/ and share the link

I give you a hint to start with:

process.env.NODEOPCUADEBUG = ""; // "CLIENT{TRACE-SECURITY}";
// process.env.NODEOPCUADEBUG = "CLIENT{TRACE-SECURITY};TRANSPORT{CHUNK-HELACK}";

const { OPCUAClient, UserTokenType, MessageSecurityMode, SecurityPolicy } = require("node-opcua-client");
const chalk = require("chalk");

const endpointUrl = "opc.tcp://opcuademo.sterfive.com:26543";

async function test(security, endpoint) {
    console.log({ security, endpoint });
    const client = OPCUAClient.create({
        ...security,
        endpointMustExist: false
    })
    ;
    try {
        client.on("backoff", (nbRetry, delay) => console.log("backoff #", nbRetry, " retrying in ", delay / 1000.0, "seconds"));
        await client.withSessionAsync(endpoint, async (session) => {
            console.log(chalk.green("**************************************"));

            console.log(chalk.green("Connection was successful !"));
            console.log(chalk.green("**************************************"));
        });
    } catch (err) {
        if (err.message.match(/socket has been disconnected by third party/)) {
            console.log(chalk.magenta("**************************************"));
            console.log(chalk.magenta("  The connection has been rejected by the server"));
            console.log(chalk.magenta("  if you are using security please make sure that"));
            console.log(chalk.magenta("  your client certificate is trusted by the server."));
            console.log(chalk.magenta("  Refers to the server document to find out how to proceed. "));
            console.log(chalk.magenta(""));
            console.log(chalk.magenta("  By the way! Your client certificate PEM file is located here "));
            console.log(chalk.magenta("    "), chalk.cyan(client.certificateFile));
            console.log(chalk.magenta("**************************************"));
        } else {
            console.log(chalk.red("**************************************"));
            console.log(chalk.red("Houston we have a problem:", err.message));
            console.log(chalk.red("**************************************"));
        }
    }

    console.log("\n");
    console.log("-----------------------------------------------------");
}

async function main() {
    const noSecurity = {};
    const security1 = {
        securityMode: MessageSecurityMode.SignAndEncrypt,
        securityPolicy: SecurityPolicy.Basic256Sha256
    };
    const endpoint1 = {
        endpointUrl,
        userIdentity: { type: UserTokenType.Anonymous }
    };
    const endpoint2 = {
        endpointUrl,
        userIdentity: { type: UserTokenType.UserName, userName: "user1", password: "password1" }
    };
    await test(noSecurity, endpoint1);
    await test(noSecurity, endpoint2);

    await test(security1, endpoint1);
    await test(security1, endpoint2);
}
main();

Please post node-red-contrib-opcua related issue to node-red-contrib-opcua

[Vjb80]

Hi,
Thank you for your script. I posted here as I thought the problem was not necessarily library dependent. Every small cent helps.

I managed to identify the problem. The issue was caused due to the time synchronization. Client and server times drifted and after the restart causing issue. Synchronizing the time between the server and helped solved the problem.

[EirikVea]

Hmm... I'm getting this when the clocks between server (Beckhoff PLC) and client (node-opcua) are out of sync (by a couple of minutes). The more out of sync they are, the earlier the problem arises. Right now there is a time difference of roughy 2 minutes between my computer and the PLC. This allows me to establish a session with the server and it works for a while, then suddenly terminate with the "requestData not found for requestId" message.

[EirikVea]

Attached is some console output leading up to the crash.
node-opcua-crash.log

It seems to be related to renewing of security token, since it happens right after it is renewed.

A stack trace (from another instance of the same error):

C:\my-project\node_modules\node-opcua-secure-channel\source\client\client_secure_channel_layer.ts:534
                const callback = requestData.callback;
                                             ^
TypeError: Cannot read properties of undefined (reading 'callback')
    at MessageBuilder.<anonymous> (C:\my-project\node_modules\node-opcua-secure-channel\source\client\client_secure_channel_layer.ts:534:46)
    at MessageBuilder.emit (node:events:514:28)
    at MessageBuilder.emit (node:domain:488:12)
    at MessageBuilder._report_error (C:\my-project\node_modules\node-opcua-transport\source\message_builder_base.ts:228:14)
    at MessageBuilder._append (C:\my-project\node_modules\node-opcua-transport\source\message_builder_base.ts:267:25)
    at MessageBuilder._feed_messageChunk (C:\my-project\node_modules\node-opcua-transport\source\message_builder_base.ts:318:22)
    at PacketAssembler.<anonymous> (C:\my-project\node_modules\node-opcua-transport\source\message_builder_base.ts:155:66)
    at PacketAssembler.emit (node:events:514:28)
    at PacketAssembler.emit (node:domain:488:12)
    at PacketAssembler.feed (C:\my-project\node_modules\node-opcua-packet-assembler\source\packet_assembler.ts:127:18)

[erossignon]

EirikVea this isssue is closed, please open a new one if necessary a,d don't forget to fill the template with required information.