Aspen Cim-IO for OPC UA

User’s Guide
Version: V12.2
Copyright (c) 2021 by Aspen Technology, Inc. All rights reserved.

Aspen InfoPlus.21, Aspen Process Explorer, Cim-IO, Aspen Apollo, Aspen DMCplus, Aspen IQ, Aspen RTO Watch,
Aspen Watch, Aspen Process Controllers, the aspen leaf logo, Plantelligence and Enterprise Optimization are
trademarks or registered trademarks of Aspen Technology, Inc., Bedford, MA.

All other brand and product names are trademarks or registered trademarks of their respective companies.

This document is intended as a guide to using AspenTech's software. This documentation contains AspenTech
proprietary and confidential information and may not be disclosed, used, or copied without the prior consent of
AspenTech or as set forth in the applicable license agreement. Users are solely responsible for the proper use of
the software and the application of the results obtained.

Although AspenTech has tested the software and reviewed the documentation, the sole warranty for the software
may be found in the applicable license agreement between AspenTech and the user. ASPENTECH MAKES NO
WARRANTY OR REPRESENTATION, EITHER EXPRESSED OR IMPLIED, WITH RESPECT TO THIS DOCUMENTATION,
ITS QUALITY, PERFORMANCE, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.

Aspen Technology, Inc.

20 Crosby Drive
Bedford, MA 01730
USA
Phone: +(781) 221-6400
Toll Free: (1) (888) 996-7100
http://www.aspentech.com
Contents
1 Introduction .........................................................................................................1
Content and Audience ....................................................................................... 1
Related Documentation ..................................................................................... 1
Technical Support ............................................................................................ 1

2 General Overview .................................................................................................3

3 Architecture .........................................................................................................5
OPC UA Server Endpoint Addressing ................................................................... 8
OPC UA Certificates .......................................................................................... 8
Application Instance Certificates ............................................................... 8
UA Configuration Tool ............................................................................. 9
Deployment Scenarios ...................................................................................... 9
Deployment Scenario 1 ......................................................................... 10
Deployment Scenario 2 ......................................................................... 10
Deployment Scenario 3 ......................................................................... 11
Deployment Scenario 4 ......................................................................... 11

4 Adding a Cim-IO for OPC UA Interface Instance .................................................13

5 Testing Interface Instance Connectivity .............................................................21

Using Aspen OPC UA Explorer .......................................................................... 22
Server Authentication Fields .................................................................. 24
Navigating Through Server Objects ........................................................ 24
Using Cim-IO Test API .................................................................................... 24
Trusting Server Certificate ..................................................................... 27
Testing Connectivity with Secure Endpoints ....................................................... 31
Using Aspen OPC UA Explorer .......................................................................... 32
Trusting Client Certificates .................................................................... 33
Using Cim-IO Test API .................................................................................... 37

6 Configuring the Cim-IO Client for InfoPlus.21 ....................................................43

Adding an IP.21 Connection ............................................................................. 43
OPC UA Server Tag Name Addressing ............................................................... 43
Creating and Using Get, Put, and Unsol Records with Cim-IO for OPC UA .............. 44
Using the IP.21 Administrator to Create Client Records ............................. 44
Cim-IO Client Record Details ................................................................. 45

7 The Aspen Process Simulation Server ................................................................47

Description .................................................................................................... 47

Contents iii
8 Troubleshooting .................................................................................................49
The Cim-IO Logical Devices File ............................................................. 50
The cimio_errors.def File ....................................................................... 50
The Cim-IO Message Log and Diagnostics Files ........................................ 50
Connectivity Issues ........................................................................................ 50
Failure to Discover Endpoints ........................................................................... 51
Isolating a Fault to the Device Level ................................................................. 51
Isolating a Fault to the OPC UA Server Level...................................................... 51
Isolating a Fault to the Cim-IO Components ...................................................... 51
Isolating a Fault to the Client Level................................................................... 52
.NET Log4Net Service ..................................................................................... 53
Enabling CIMIO for OPC UA Diagnostic Log ........................................................ 53
Log4Net Configuration XML Files ............................................................ 54
Enabling OPC UA SDK Diagnostic Log...................................................... 55
Viewing Diagnostic Trace Log Messages with log4net ................................ 55
Cim-IO for OPC UA Error Codes........................................................................ 56
Location of certificates from the OPC UA Server side is unknown .......................... 57

9 Glossary .............................................................................................................61
Client.................................................................................................. 61
DIOP .................................................................................................. 61
DLGP .................................................................................................. 61
Logical Device ...................................................................................... 61
Logical Device Name............................................................................. 61
OPC UA ............................................................................................... 61
OPC UA Cache ..................................................................................... 61
Service ............................................................................................... 62
Service Name ...................................................................................... 62

iv Contents
1 Introduction

Content and Audience

This document describes the installation, configuration, and use of the Aspen
Cim-IO™ for OPC UA Interface. Any aspect of this interface is subject to
refinement and reorganization by AspenTech as is deemed necessary. A basic
knowledge of Cim-IO is assumed (we recommend you read the Aspen Cim-IO
User’s Guide prior to reading this manual).
The manual is divided into several parts:
General Overview – provides a general overview of the interface.
Software Installation – describes the interface software installation.
Software Configuration and Startup – describes how to configure the
interface and how to start and stop it.
Error Codes – describes the various errors that occur.

Related Documentation
The following publications contain additional information that may be needed
to fully understand the Cim-IO for OPC UA Interface:
 Aspen Cim-IO User’s Guide, AspenTech
 OPC UA Data Access Specification versions 1.00, 1.01, and 1.02,
OPC Foundation

Technical Support
AspenTech customers with a valid license and software maintenance
agreement can register to access the online AspenTech Support Center at:
https://support.aspentech.com
This Web support site allows you to:
 Access current product documentation
 Search for tech tips, solutions and frequently asked questions (FAQs)
 Search for and download application examples

1 Introduction 1
  Search for and download service packs and product updates
 Submit and track technical issues
 Send suggestions
 Report product defects
 Review lists of known deficiencies and defects
Registered users can also subscribe to our Technical Support e-Bulletins.
These e-Bulletins are used to alert users to important technical support
information such as:
 Technical advisories
 Product updates and releases
Customer support is also available by phone, fax, and email. The most up-to-
date contact information is available at the AspenTech Support Center at
https://support.aspentech.com.

2 1 Introduction
2 General Overview

“Cim-IO” is AspenTech’s interface to process data acquisition device software.

It stands for “Computer Integrated Manufacturing Input/Output.”
Aspen Cim-IO for OPC UA Server software serves InfoPlus.21 (IP.21) or other
real-time acquisition systems that use the Cim-IO API library with process
data obtained by calling methods in an OPC UA server.
OPC Unified Architecture (OPC UA) is the new standard for data
communication in process automation. OPC UA may eventually replace the
Microsoft-DCOM-based specifications of the OPC Foundation (DA, HDA, and
A&E) over the next few years as OPC UA unifies all the functions provided by
those specifications.
One special advantage OPC UA has over classic, COM-based OPC-DA is that it
does not depend upon DCOM (Distributed COM), even when the OPC UA client
and OPC UA server reside on different computers. This avoids many of the
configuration, timeout, and firewall-related issues that affect applications that
depend upon DCOM.
Cim-IO for OPC UA supports standard Cim-IO functionality:
 Reads (“gets”)
This Cim-IO functionality uses Read service of an OPC UA server to read
process values of nodes from the OPC UA server address space. The Cim-
IO client is continuously polling process values from OPC UA server at a
frequency. The read is synchronous operation on the OPC UA server.
 Writes (“puts”)
This Cim-IO functionality uses Write service of an OPC UA server to write
process values into nodes from the address space of the OPC UA server.
The write is synchronous operation on the OPC UA server.
 Unsolicited Reads
This Cim-IO functionality uses Subscription service of the OPC UA server
to read process values of nodes. The Cim-IO client maintains a
subscription which is used by the OPC UA server to monitor process values
of nodes. The OPC UA server notifies any process values changes to the
Cim-IO client.
 Store-and-forward
The fetching of process data from an OPC UA server is referred to as a
“get” transaction. Many OPC UA servers also support “put” transactions in

2 General Overview 3
 which the OPC UA server updates the DCS or PLC with data sent from the
Cim–IO client software.

4 2 General Overview
3 Architecture

Note: For the purpose of illustrating the architecture and functionality

provided by the Aspen Cim-IO for OPC UA Server software, this guide
assumes that the InfoPlus.21 database is the client application receiving
process data. Other examples of real-time acquisition systems that use Cim-
IO are APC Performance Monitor software (Aspen Watch, Aspen RTO Watch)
and APC Online applications (DMCplus Controllers, Nonlinear Controllers
[Apollo], Inferential Qualities [IQ] applications, Aspen Process Controllers).
The Cim-IO for OPC UA software can either be installed on the same
computer as the InfoPlus.21 Server or on a different computer. Typically it is
installed on a different computer.
Cim-IO client processes on the InfoPlus.21 computer communicate with Cim-
IO server processes on the Cim-IO for OPC UA computer.
Cim-IO for OPC UA consists of multiple executable programs that are typically
running continually in the background.
Component Name Purpose

Cim-IO Manager Runs as a Windows service named Aspen Cim-

IO Manager. It communicates with a
corresponding process on the Cim-IO client
computer in support of administrative functions
such as starting and stopping the Cim-IO
server.
Cim-IO for OPC UA DLGP Cim-IO for OPC server DLGP (device logical
gateway process).
Receiving requests from the Cim-IO Client and
routing to the appropriate DIOP.
Receiving replies from the DIOPs and
forwarding them to the Cim-IO client.
Receiving unsolicited data from the unsolicited
DIOP and forwarding it to the Cim-IO Client.
Cim-IO for OPC UA Read Receiving GET requests from the DLGP, reading
DIOP the data from the process equipment and
sending replies to the DLGP. It uses Read
service of an OPC UA server to read process
values of nodes from the OPC UA server
address space. The read is synchronous
operation on the OPC UA server.

3 Architecture 5
 Component Name Purpose

Cim-IO for OPC UA Write Receiving PUT requests from the DLGP, writing
DIOP the Put data to the process equipment and
sending replies to the DLGP. It uses Write
service of an OPC UA server to write process
values into nodes from the address space of the
OPC UA server. The write is synchronous
operation on the OPC UA server.
Cim-IO for OPC UA Receiving UNSOLICITED requests from the
Unsolicited DIOP DLGP, receiving exception data from the
process equipment and sending replies to the
DLGP. It uses Subscription service of the OPC
UA server to read process values of nodes. The
OPC UA server notifies any process values
changes to the Cim-IO client.
Scanner Process Runs if Store & Forward has been configured
for the Cim-IO server. Periodically sends
requests to the DLGP at a frequency specified
by Cim-IO main client task.
Store Process Runs if Store & Forward has been configured
for the Cim-IO server. Receive data messages
from the DLGP and sends them to the Cim-IO
asynchronous task on the remote Cim-IO client
computer if the local store file is empty and the
connection between the Cim-IO client and
server is up; otherwise, the store process
places the data in a local store file.
Forward Process Runs if Store & Forward has been configured
for the Cim-IO server. When the connection
between the Cim-IO client and server is re-
established, the forward process removes data
from the store file and sends to the
asynchronous task until the store file is empty

The following table lists the primary executable programs that comprise the
Cim-IO client subsystem of Aspen InfoPlus.21.

Component Name Purpose

CimioManager.exe Runs as a Windows service named Aspen Cim-

IO Manager. It communicates with a
corresponding process on the Cim-IO server
computer in support of administrative functions
such as starting and stopping the Cim-IO
server.
cimio_t_api.exe Console application that can be used to test
basic functionality of a Cim-IO server
cimio_c_async.exe Runs as the Cim-IO client asynchronous task
assigned to a Cim-IO device record. It
processes messages sent from a Cim-IO server
in the forwarding process. It also processes
asynchronous responses to asynchronous client
requests. Configured in the IP.21 defined task
list so it starts with IP.21.

6 3 Architecture
 Component Name Purpose

cimio_c_client.exe Runs as the Cim-IO client main client task

assigned to a Cim-IO device record. It responds
to activations of Cim-IO transfer records
belonging to the device record. Configured in
the IP.21 defined task list so it starts with
IP.21.
cimio_c_unsol.exe Runs as the Cim-IO client unsolicited task
assigned to a Cim-IO device record. It responds
to unsolicited messages sent by the Cim-IO
server when the difference between a new
process value and the previous value exceeds a
deadband. Configured in the IP.21 defined task
list so it starts with IP.21.

The following illustration demonstrates the communication and data flow

paths between the various processes involved in a complete Cim-IO for OPC
UA to InfoPlus.21 Cim-IO client installation.

3 Architecture 7
 OPC UA Server Endpoint
Addressing
The OPC UA endpoint URL uniquely identifies an OPC UA server on the
network. This URL string will be used when configuring a Cim-IO for OPC UA
interface to identify the OPC UA server to connect to. The maximum length of
the URL string is 256 characters and the specific form is determined by the
OPC UA server.
The I/O Wizard endpoint selection dialog for the Cim-IO for OPC UA interface
include a UA discovery service browser that will browse a Windows host
machine and enumerate all the OPC UA server endpoints available.
The string consists of the following fields:
 Transport (opc.tcp: or http:)
 Name of the computer hosting the OPC UA server
 The port number on which the OPC UA server listens
 The OPC UA server name
In addition the I/O wizard endpoint selection dialog appends the UA security
mode and policy to the basic URL string for convenience.
For example, the following basic URL refers to the OPC Foundation’s sample
server on node opcuasrv0001 port 51210 using the opc.tcp protocol:
opc.tcp://opcuasrv0001:51210/UA/SampleServer.
The basic endpoint URL for the InfoPlus.21 database OPC UA server is:
opc.tcp://<hostname>:63500/InfoPlus21/OpcUa/Server.

OPC UA Certificates
Application Instance Certificates
The OPC UA specification requires any application, client or server, to
authenticate all other OPC UA applications with which it communicates via
secured channels. Application authentication is accomplished using digital
certificates. Digital certificates, called application instance certificates, are
created when the Cim-IO OPC UA server processes are started and are
registered as trusted on the local node. During the process of establishing a
communication session, the client and server exchange certificates. If a
certificate is rejected by either the client or server, a communication session
is not established. Certificates may be rejected by either party if the
certificate is not found in a trusted store, is expired, is from another
computer, or for other reasons.
In order to accept a certificate, each OPC UA application, client or server,
must be configured to trust the desired OPC UA applications using the OPC
Foundation’s UA Configuration Tool. The OPC Foundation’s UA Configuration
Tool is distributed as part of both the InfoPlus.21 server and Cim-IO interface

8 3 Architecture
 installations. The UA Configuration Tool can be launched by choosing the
menu item OPC UA Configuration Tool under OPC Foundation on the
Windows Start menu.
There are multiple ways of determining whether it is necessary to configure
the application instance certificates, however we will show a methodology in
which the configuration is made first at the Cim-IO OPC UA interface level,
where simple read/write operations will reveal the installer the need for
trusting client/server certificates.
The following sections will discuss and illustrate the steps and the diagnostics
available to the installer in understanding what needs attention and how to
configure successfully each application.
The methodology consists in performing basic read/write tests, outside the
context of Cim-IO first, until successful results are achieved with a Cim-IO
independent tool, to then use Cim-IO tools to diagnose and properly configure
the Cim-IO OPC UA interface processes to achieve the same successful
results.
When a read/write request is made by an OPC UA client, like the Cim-IO for
OPC UA Interface, communicate with the target OPC UA server an attempt is
made to establish a session connection. The attempt will fail if the
applications do not trust each other. If the connection fails, then the
application instance certificates for one or both OPC UA Client and OPC UA
server need to be added to the “Trusted Certificate” stores on the hosts
where they run. Often in this case the necessary certificates will exist in
Rejected Certificates stores on the OPC UA Client server host or the OPC
UA server node.

UA Configuration Tool
Use the OPC Foundation’s UA Configuration tool to manage various settings
for a UA client or server application. This tool is redistributed as part of the
InfoPlus.21 installation, and can be launched by choosing OPC UA
Configuration Tool listed under OPC Foundation on the Windows Start
menu.
The tool helps to configure security settings and to manage certificates. It
also helps set firewall access and application access permissions. It does this
by changing settings in the OPC UA Configuration file that is associated with
the UA client or server application.
The following sections explain how to use the OPC Foundation’s UA
Configuration Tool to trust certificates in Cim-IO server host or the OPC UA
server node.

Deployment Scenarios
Cim-IO for OPC UA is part of the “Interfaces” product bundle in the Aspen
MES Family.

3 Architecture 9
 Selecting either “Interfaces” during a Typical installation, or “Aspen Cim-IO
Interfaces” during a Custom installation, will result in the installation of
various Cim-IO interfaces including Cim-IO for OPC UA.
The Cim-IO for OPC UA software can either be installed on the same
computer as the InfoPlus.21 Server or on a different computer. Typically it is
installed on a different computer.

Deployment Scenario 1
The following diagram illustrates a typical hardware deployment in which the
Cim-IO for OPC UA server and the vendor-specific OPC UA server reside on
the same computer while the IP.21 server resides on a different computer.

The IP.21 Server computer hosts an InfoPlus.21 (IP.21) system. Cim-IO client
software on the InfoPlus.21 system updates the local IP.21 database with
process data received from the Cim-IO for OPC UA server.
The Cim-IO client software communicates with the Cim-IO for OPC UA server
via TCP/IP sockets that are established at startup.
The Cim-IO for OPC UA software services requests made by the Cim-IO client
software running on the InfoPlus.21 Server. Cim-IO for OPC UA responds by
calling methods in the OPC UA server.
The OPC UA Server computer hosts an OPC UA server provided by the vendor
of a data acquisition device such as a distributed control system (DCS) or
programmable logical controller (PLC). The vendor’s OPC UA server knows
how to communicate with the vendor’s data acquisition device.

Deployment Scenario 2
The following diagram illustrates a typical hardware deployment in which
there are multiple Cim-IO for OPC UA servers. Each Cim-IO for OPC UA server
communicates with a different data acquisition device through a vendor-
specific OPC UA server associated with that device.

10 3 Architecture
 Deployment Scenario 3
The following diagram illustrates a deployment in which the IP.21 Server
computer and Cim-IO for OPC UA server computer reside on different subnets
that are separated by a firewall.

The firewall will need to be configured to allow communication between the

two computers. This generally means opening the TCP/IP ports assigned to
the Cim-IO client and server programs.
Inserting such a firewall should be avoided if possible because the impact, if
any, on performance and/or reliability is likely to be negative.

Deployment Scenario 4
Some OPC UA server vendors may refuse to support the OPC UA server if any
third-party software is running on the same computer. In such cases, the OPC
UA server may be installed on its own dedicated computer.

3 Architecture 11
12 3 Architecture
4 Adding a Cim-IO for OPC
UA Interface Instance

The Cim-IO Interface Manager (or abbreviated as CIM) program provides a

wizard to add the many interface instances or servers supported, of which the
Cim-IO for OPC UA product is one of them. As explained in the previous
section, the Cim-IO for OPC UA software can be installed in the same
computer where the actual OPC UA software resides, or remotely. Regardless
of the case, CIM is installed along with all the interfaces from the aspenONE
DVD. The installation provides an icon in the Start menu that would start the
program.
1 Start CIM by right-clicking the Administrator selection in the Start menu
and select Run as administrator.

2 Click the link Create a new one or the action Add Cim-IO Interface in
the right pane. The Add Cim-IO Interface Wizard form opens.

4 Adding a Cim-IO for OPC UA Interface Instance 13

 3 Expand the list Select the Cim-IO interface to be configured, select
Cim-IO for OPC UA from the list of interfaces supported, and click Next.

4 Enter the name you want to call the Cim-IO for OPC UA server, its
description, the credentials used to start up the Cim-IO for OPC UA
interface’s processes, if required. In our example, we will be discovering

14 4 Adding a Cim-IO for OPC UA Interface Instance

 the Aspen Process Simulator OPC UA server that runs in a remote server
as a service, which should have been previously installed, and should be
up and running. This Cim-IO server, which communicates with such OPC
UA Simulator server, does not require that its processes run with a
specific set of credentials, if the selected Security Mode was None. Enter
the Start at boot option and the Check health of server processes
option. Then click Next.

5 In OPC UA server computer, enter the computer’s name where

endpoints all OPC UA servers will be enumerated, and click Discover.
Once the list of available endpoints is presented, select the endpoint’s
URL and the Security mode that matches the desired mode. In our
example, we selected opc:tcp as the transport in the URL specification
and None as Security Mode. Then, click Next to continue. This will bring
the wizard’s Summary form, which enumerates the steps to complete the
definition showing some of the input entered by you.

4 Adding a Cim-IO for OPC UA Interface Instance 15

 6 Review the steps, and if they are acceptable, click Next to continue.

7 In the Progress form, review the results of each of the definition steps
and click Next if everything is OK.

16 4 Adding a Cim-IO for OPC UA Interface Instance

 8 The main CIM form is then brought up with the middle pane showing the
interface processes indicating whether all of them were successfully
started up.
Note: A status green indicates whether a process has been started, it is
not an indication of whether a successful connection or session could be
established with the target OPC UA server.
9 Scroll down the middle pane to see the instance specific variables that can
be adjusted:

4 Adding a Cim-IO for OPC UA Interface Instance 17

 Enter the Timeout (secs) if needed. The Timeout indicates the duration
to wait for activity within the session, such as a read or write request,
whereas the Keep alive interval is a shorter duration for checking the
health of the connection.
Enter the Keep alive interval (secs) if needed. The Keep alive interval
affects computer and network performance, as it constantly checks for a
healthy connection to the UA server.
Enter the number of Samples per interval if needed. The samples per
interval affects unsolicited operations and specifies for the OPC UA
middleware the last numbers of samples received from the server that will
be reported to the CIMIO for OPC UA interface
Enter the History Recovery(mins) if needed. This is the time period for
which history process values are obtained from the OPC UA server when a
Cim-IO interface is started or reconnected after a temporary disconnect.
Enter the Domain\User and Password required by the target OPC UA
server. These credentials affect the creation of a client session with the
target OPC UA server. Specify the credentials if the Security Mode
selected and the OPC UA server require user name authentication to
connect a client session. This is the only method of support for OPC UA
user authentication currently implemented in the Cim-IO for OPC UA
interface. Passwords entered on this dialog will be encrypted when
embedded in the Cim-IO configuration files.
Note: In this context, the Cim-IO for OPC UA server is a client of the OPC
UA server.
10 Still on the middle pane, in the section common to all interfaces, select or
reset the Enable Store & Forward check box if desired. You may also
change the default Store file path if desired. When done, click Finish. The
device creation is now complete. You can also modify some of the
variables entered during the definition phases of the wizard, such as
credentials, Start at boot, Health check, and even the target URL and
Security Mode to access the target OPC UA server.

18 4 Adding a Cim-IO for OPC UA Interface Instance

 7 You may need to scroll the middle pane to the right to make visible the
Save Configuration button. If the interface is up and running, you will
be prompted to OK whether the interface should be stopped first.

Note: You must click Save Configuration to persist all the configuration
changes. Otherwise the changes will be lost. You need to start the interface
manually after the changes are saved.

4 Adding a Cim-IO for OPC UA Interface Instance 19

20 4 Adding a Cim-IO for OPC UA Interface Instance
5 Testing Interface Instance
Connectivity

Once an instance of Cim-IO for OPC UA has been created and the processes
associated are all up and running, as shown in the figure below, the next step
consists in doing a basic test that would allow us to confirm the connectivity
between the interface and the target OPC UA server. Also, it is recommended
to perform read/write tests as the basis to confirm all operations work
correctly. Only then, you should continue with the Cim-IO client configuration.
If InfoPlus.21 happens to be the Cim-IO client that will request information
from the DCS, then you would proceed to configure the IP.21 Connection as
explained in the next chapter.

To perform the necessary basic tests, we use two tools; the Aspen OPC UA
Explorer program and the Cim-IO Test API program.

5 Testing Interface Instance Connectivity 21

 Using Aspen OPC UA Explorer
The Aspen OPC UA Explorer program helps you quickly identify whether there
is an issue with the validation of security certificates in either end, the client
or the server side, so it can be resolved. This tool also allows you to navigate
through the namespaces for DCS tags available, showing the syntax of the
OPC UA browse paths used in the Cim-IO client to read/write of real-time
values. The program also can test continuous reading of one or more process
values from the OPC UA server.

Note: Aspen OPC UA Explorer does not use Cim-IO

If we are unable to obtain even a single value, we need to investigate the
reason. Once the OPC UA explorer is started, you must specify the name of
the Discovery Server where the target OPC UA server resides. In our
example, we would use W12R2V1005 and click the Discover button, which
will show in the left-bottom pane the name of the OPC UA servers discovered.

When this name is expanded using the list handle to the left of server name,
the list of endpoints available for that server is displayed. You must select the
same endpoint you chose when defining the interface with the Cim-IO
Interface Manager. Back to our configuration example, our Cim-IO for OPC
UA instance was configured to communicate with the Aspen Process Simulator
using None as Security mode, so we need to choose the same endpoint
from the lists of endpoints shown when using the OPC UA explorer. Then,
click Connect to test whether there is a connectivity issue.

22 5 Testing Interface Instance Connectivity

 If the left pane, just quietly changes to show the Variable details section, it
means that the explorer was able to establish a session with the target OPC
UA server. Otherwise a dialog window would have shown a problem
establishing a session, more than likely due to security certificates not
trusted. That would have been the case, for example, if we had chosen any of
the other endpoints that specify a Security mode other than None.

For example, if we had chosen then endpoint with a Security mode of

SignAndEncrypt, the exception dialog shown above would have been
displayed. If you need to choose the secure endpoint, then you must make
certificates in both ends trusted before a session can be established. See
Managing Certificates, later in this guide.

5 Testing Interface Instance Connectivity 23

 Server Authentication Fields
Some OPC UA servers require a specific set of credentials that will be
authenticated before data can be exchanged. For this purpose, you use the
fields in the Server authentication section. By default, the authentication
selector is set to None. To enable the Username and Password fields, you
must change the selector to Username.

Navigating Through Server Objects

The lower left pane with the tree view object Objects can be expanded to
navigate the hierarchies of objects browsable and available from the chosen
OPC UA server. In our case, the Aspen Process Simulator OPC UA server
offers two group of objects, Server and Tags. We will focus on the Tags
object, which lists the names of the supported and browsable (5) tags. If you
click the MeanderingSine tag, the Variable details section fields will be
filled with the information pertinent to this tag. Of the fields shown, OPC
browse path is of relevance, as it shows the actual tag syntax to be used by
any Cim-IO client to read/write the item values.
if you select the tag’s check box, and the tab selected on the right pane is
Process Values, the tag will be immediately scanned periodically and
continuously, with the values returned from every scan displayed on this
pane.
You could select the check box of more tags, which causes the tags to be
added to the list of tags being scanned.

Note: Currently, Aspen OPC UA Process Explorer does not support write
operations.
If everything seems OK to this point, then you can use the next tool, the Cim-
IO Test API program

Using Cim-IO Test API

The next step is to confirm that the read operations achieved with the Aspen
OPC UA Explorer are also possible using Cim-IO. For a basic test of some of
the operations, we use Cim-IO Test API, which will also test write operations

Note: The Aspen OPC UA Explorer does not use the Cim-IO core or API to
perform reads.

24 5 Testing Interface Instance Connectivity

 The Cim-IO Test API is an interactive program, which runs as a Cim-IO client
and thus allows you to confirm that if basic read/write operations on a given
Cim-IO interface. It is likely to be the case that these can be performed
successfully by more complex Cim-IO clients, like the external Cim-IO tasks
in IP.21. When started, it shows a menu of all the functions available to
exercise certain areas of Cim-IO. Of those, we are interested in options 9 and
a, which tests Cim-IO Get/Put operations. So, our first objective is to
successfully read the same tag we read using the Aspen OPC UA Explorer.

Before we can access Cim-IO, we need to define a Logical Device, if none

has been defined in advance. A Logical Device is the entity known to Cim-IO
clients to access a specific Cim-IO server instance on the network. To define
the logical device, we use the main menu option 2, Test Adding a Logical
Device. For example, we will define the logical device named OPCUATEST,
which will be accessing one of the many possible Cim-IO Interface instances
defined in the local node, W12R2V1004 in our case, which will be identified
with the Interface Name given when defining it with CIM. In our case it is
I_OPCUA_1. The figure above shows the prompts and inputs that achieve
the definition of the logical device OPCUATEST.

5 Testing Interface Instance Connectivity 25

 Next, proceed to exercise the menu option 9, Test Cim-IO Get, to test
whether the tag MeanderingSine can be read using Cim-IO. But surprisingly
it cannot be read as shown in the figure below.

As shown below, the Cim-IO message file includes a message related to this
failure.
09-MAY-2017 13:26:42.534, Logged by I_OPCUA_1READ on node W12R2V1004:
Session failure, can't connect, err=:[1] to Opc UA
server:[opc.tcp://w12r2v1005:62552/Aspen/ProcessSimulator] Timeout:[90]
Interval:[5] Sec Mode: [None] User:[] Pw: []

This is an indication that the OPC UA server certificate is not trusted by the
Cim-IO for OPC UA instance and therefore the trust needs to solved. The
reason why the Aspen OPC UA Explorer did not complain about is because it
works around not trusting the Aspen Process Simulator’s certificate, trusting
it. Currently, Cim-IO for OPC UA does not provide a mechanism to
automatically trust remote OPC UA server certificates when the endpoint’s
security mode is None. The one side trust rejection occurs precisely because
the security mode chosen is None. The server would not reject a client’s
certificates, precisely because the security mode of the connection is None.

26 5 Testing Interface Instance Connectivity

 Trusting Server Certificate
To trust the remote server certificate, use the UA Configuration Tool
distributed with Cim-IO, which was developed by the OPC Foundation. As
soon as the tool is started, the initial form UA Configuration Tool is shown.

Click the Find button and browse to the location as shown below.

Select the cimio_opcua_read.exe file and click Open.

Once the select file dialog box closes, you must select the configuration file.
Click Browse next to Configuration File. From the same location as the
executable file, select the corresponding configuration file,

5 Testing Interface Instance Connectivity 27

 cimio_opcua_read.Config, and then Open. Your result should match the
example below.

Click OK. If presented with a message asking whether to overwrite the file,
click Yes.
Click View Trusted Certificates to see the certificates that are trusted by
cimio_opcua_read. The form Manage Certificates in Certificate Store
displays. A quick look reveals that there is no reference to the Aspen
Process Simulator certificate in node W12R2V1005, more than likely
because it has been rejected. Close the current form and click Select
Certificate to Trust from the initial form, which displays the Manage
Certificates in Certificate Store form.

28 5 Testing Interface Instance Connectivity

 Select from the Store Path list Rejected Certificates. You will see that the
only certificate rejected happens to be the one from the Aspen Process
Simulator on Domain W12R2V1005. Select that entry in the list and then
click OK, which will cause the certificate to be trusted, as a pop-up window
will confirm.

5 Testing Interface Instance Connectivity 29

 If we try again reading a tag using test API, this time it should read ok, if
nothing else gets in the way.

30 5 Testing Interface Instance Connectivity

 Testing Connectivity with
Secure Endpoints
We should next test whether the connectivity between Cim-IO and a remote
OPC UA server using a secure endpoint is also confirmed to work as expected
and that read/write operations will be possible for Cim-IO clients.
To change the configuration of the interface instance, in our example to use a
secure endpoint, requires discovering again all the endpoints provided by the
OPC UA server, selecting the one that matches site’s requirements. The figure
below shows the selection of the Security Mode named SignEncrypt.

5 Testing Interface Instance Connectivity 31

 To save the changes, click Save Configuration, which prompts you for
permission to stop the interface before saving the new configuration. You
must start the interface after it has been stopped.

Using Aspen OPC UA Explorer

Launch the OPC UA Explorer and click Disconnect if available. Verify that
Discovery Server still points to the server where the OPC UA server resides.
If it does not contain the expected server, enter it and click Discover.
Expand the OPC UA server desired, on the lower left panel and see all the
endpoints offered. Select the one with the security mode SyngAndEncrypt,
then click Connect.

32 5 Testing Interface Instance Connectivity

 This time, however, Aspen OPC UA Explorer displays a pop-up dialog
indicating that the connection request has failed. Because it is a secured
endpoint, you are asked to make sure the client certificates in the OPC UA
server computer, W12R2V1005, are trusted.

Trusting Client Certificates

We use the UA Configuration Tool on the OPC UA server computer. Just as
we did for the previous section, we verify on the initial form. Click View
Trusted Certificates, which displays the form Manage Certificates in
Certificate Store.

A review of the certificates trusted reveals that there is no entry for Aspen
OPC UA Explorer on node W12R2V1004, more than likely the certificate
should be in the list of rejected certificates. Close the form and from the initial

5 Testing Interface Instance Connectivity 33

 form, click Select Certificate To Trust. The form Manage Certificates in
Certficate Store is displayed.

Select in Store Path the list RejectedCertificates. Note that the entry we
are looking for appears in that list. Select it and click OK, which will bring up
the pop-up dialog confirming that the certificate is now trusted

34 5 Testing Interface Instance Connectivity

 Click View Certificates Trusted where the form Manage Certificates in
Certificate Store now shows the Aspen OPC UA Explorer certificate on
node W12R2V1004 as trusted.

5 Testing Interface Instance Connectivity 35

 We should be able now to connect to the OPC UA server from the Aspen OPC
UA Explorer in node W12R2V1004, as it can be seen in the next figure. We
also can see that reading a tag values works as expected. At this point, we
should be able to see what needs to be done in Cim-IO to meet the same
functionality.

36 5 Testing Interface Instance Connectivity

 Using Cim-IO Test API
To test the Cim-IO functionality when using a secured endpoint, we repeat
again the read/write tests to see that we should as well need to trust Client
certificates. A read test from node W12R2V1004 reveals the following when
attempting to read the same tag read by the Aspen OPC UA Explorer:

The Cim-IO message log file shows the error immediately output as a result
of the failure:
23-MAY-2017 10:11:51.830, Logged by I_OPCUA_1READ on node W12R2V1004:
Session failure, can't connect, err=:[1] to Opc UA
server:[opc.tcp://w12r2v1005:62552/Aspen/ProcessSimulator] Timeout:[90]
Interval:[5] Sec Mode: [SignAndEncrypt] User:[] Pw: []
23-MAY-2017 10:11:51.830, Logged by I_OPCUA_1READ on node W12R2V1004:
CIMIO_OPCUA_DEVICE_ERROR, Device failure

5 Testing Interface Instance Connectivity 37

 The UA Configuration Tool shows that the OPC UA server certificate for
node W12R2V1005 has NOT been trusted:

The list of Rejected Certificates shows that the Aspen Process Simulator
on the Domain W12R2V1005. To trust its certificate, select the line and click
OK

38 5 Testing Interface Instance Connectivity

 The dialog below is shown as soon as the certificate is trusted:

The View Trusted Certificates will now show the certificate for Aspen
Process Simulator from W12R2V1005 in this list.

5 Testing Interface Instance Connectivity 39

 If we try the read again with Cim-IO Test API, it will still show that session
had a failure but this time it is probably because the remote OPC server host
is not trusting the cimio_opcua_read.exe certificate from node
W12R2V1004.
The list of trusted ceritificates in node W12R2V1005 shows the
cimio_opcua_read.exe certificate from node W12R2V1004.

40 5 Testing Interface Instance Connectivity

 If we click the option Select Certificate to Trust and then select the Store
Path for the list of RejectedCertificates, we will see in this list the
certificate we are looking for.

If we select the line for cimio_opcua_read.exe from the list and click OK,
the following dialog confirms that the certificate is now trusted.

5 Testing Interface Instance Connectivity 41

 If we try again the read with Cim-IO Test API, we will get a successful
status:

We should now attempt a write operation so we can trust in node

W12R2V1005 the certificate of cimio_opcua_write from node
W12R2V1004. To trust the cimio_opcua_unsol certificate, we need to
configure a transfer record that would cause the failure to open the session.
Then we repeat the same process that we use to trust the certificates of the
read and write processes from node in OPC UA server node W12R2V1005.
After the three CIM-IO for OPC UA processes have been proven to work as
expected, you can proceed with configurating the Cim-IO for OPC UA client
for IP.21 as indicated in the next chapter.

42 5 Testing Interface Instance Connectivity

6 Configuring the Cim-IO
Client for InfoPlus.21

Adding an IP.21 Connection

If an IP.21 system is used to obtain data from a CIM-IO for OPC UA interface,
the next step is to configure a connection between the InfoPlus.21 Server and
the Cim-IO for OPC UA server. This task can easily be performed using the
Cim-IO Connection Manager (or CCM) program.

Note: On Windows 2008 R2 and Windows 7 systems, when performing Cim-

IO configuration activities, you should be logged in as the local Administrator
account. At a minimum, you must be logged in as a user that is a member of
the local administrators group and the configuration application being run
must be started by using the Run as administrator context menu choice.
In order to create a Cim-IO for OPC UA logical device with CCM you will need
to know at least the following information:
 The name you wish to call the logical device
 The name of the computer where the Cim-IO for OPC UA instance is to run
 The name of the Cim-IO for OPC UA instance to be assigned

For InfoPlus.21 users, additional information can be found by running the

Aspen InfoPlus.21 Quick Start application available on an InfoPlus.21 server
installation from the Windows Start menu under InfoPlus.21.

OPC UA Server Tag Name

Addressing
The Cim-IO client for IP.21 must be configured with tag names from the OPC
UA Server that the Cim-IO logical device is connecting to.
There are 2 ways to specify a tag name in Cim-IO client:
1. Node Id – A node Id uniquely identifies a node in the address space of an
OPC UA Server. A Node Id is defined by an OPC UA server in accordance

6 Configuring the Cim-IO Client for InfoPlus.21 43

 with OPC Foundation standards. The Aspen OPC UA Explorer or any 3rd
party OPC UA client tool can be used to read Node Ids from OPC UA
Servers.
Example1: Node Id to get value of an InfoPlus.21 tag ATCAI through the
IP.21 OPC UA server is ns=2;b=AAAAAAEAAAAzIgAAAABZdAQfAAA=
Example 2: Node Id to get value of a simulated tag Square in the Aspen
process simulation OPC UA server (supplied beginning with Cim-IO V8.0)
is ns=1;i=3
2. Browse Path – Nodes from OPC UA server have a BrowseName attribute
that is used as a non-localized human-readable name when browsing the
address space to create paths out of BrowseNames. A Browse path of a
node begins from the ‘Objects’ node, followed by browse names of all
nodes involved in the path, separated by ‘/’ character.
A browse path can be used to specify a tag name in Cim-IO client if the
OPC UA server supports TranslateBrowsePathsToNodeIds service. It is the
service provided by the OPC UA server to allow OPC UA clients to convert
browse path into node id.
Example 1: The browse path to get value of an InfoPlus.21 tag ATCAI
through the IP.21 OPC UA server is
/Objects/2:DA/2:IP_AnalogDef/2:ATCAI/2:Measurement.
Example 2: Browse path to get value of a simulated tag Square in the
Aspen process simulation OPC UA server (supplied beginning with Cim-IO
V8.0) is /Objects/1:Tags/1:Square.

Creating and Using Get, Put,

and Unsol Records with Cim-IO
for OPC UA
Note: If you are not using InfoPlus.21, skip this chapter.

Using the IP.21 Administrator to Create

Client Records
In order to have the InfoPlus.21 database communicate with an OPC UA
Server the following steps need to be taken:
 Create the necessary Cim-IO external task records
 Create the logical device record
 Create IP.21 tag records suitable to hold the data to be transferred
 Create Cim-IO transfer records to control the data transfer and populate
these records with the lists of device and IP.21 tags.

Note: Unsolicited transfer records can't have duplicate IO_TAGNAMES for the
same transfer record.

44 6 Configuring the Cim-IO Client for InfoPlus.21

 The recommended procedure is to use the I/O Wizard in the IP.21
Administrator in conjunction with the IP.21 Configuration add-in for Excel.
The IP.21 Configuration Excel add-in, available beginning with version V7.3 of
aspenONE and installed as part of the Administration tools bundle, makes it
easy to create and configure many tag records corresponding to process
variables in a DCS or in PLC’s, create the necessary transfer records and add
the IP.21 tags to the transfer records in one extended operation.
For instructions on using the I/O wizard in the InfoPlus.21 Administrator
please see the “I/O in InfoPlus.21 Administrator” chapter in the Aspen Cim-IO
Users Guide.
Information on the general steps needed to configure a Cim-IO logical device
and the associated InfoPlus.21 records is also available in the Aspen
InfoPlus.21 Quick Start application available on the Windows Start menu
under InfoPlus.21. Review the topics “Adding a Cim-IO Device” and “Adding a
Cim-IO for OPC UA Simulation Device” for insight into creating the Cim-IO for
OPC UA logical device. Review the topics “Creating Multiple Tag Records” and
“Configuring the IP.21 OPC UA Simulation Tag Records” for insight into
populating the IP.21 database with tag records and transfer records.

Cim-IO Client Record Details

Architectural, configuration and functional details of the InfoPlus.21 Cim-IO
client records can be found in the “Cim-IO Client for InfoPlus.21” and the
“Cim-IO Records in InfoPlus.21” chapters of the Aspen Cim-IO User’s Guide.

6 Configuring the Cim-IO Client for InfoPlus.21 45

46 6 Configuring the Cim-IO Client for InfoPlus.21
7 The Aspen Process
Simulation Server

Description
Beginning with aspenONE V8.0, an OPC UA simulation server is installed as
part of the Cim-IO Interfaces bundle. This simulation server runs as a
Windows service named Aspen Process Simulator. The service is configured as
an “Automatic (Delayed Start)” service.
The Aspen Process Simulator serves 5 simulated tags which are described in
the table below.
Name Signal Type Low Limit High Limit Data Types

Meanderingsine Sine 1 5.5 Double

RampWithNoise Ramp 0 200 Double
Square Square 0 100 Double
NoisySawtooth Sawtooth -10 10 Double
FlatWithSpike Flat 0 12 Double

The Aspen Process Simulator does not require user name authentication in
order to connect a session and may be connected using any security mode
and policy. The endpoint URLs for this server are:
 opc.tcp://<hostname>:62552/AspenProcessSimulator
 http://<hostname>:62551/AspenProcessSimulator
A valid UA tag name for the tag “Square” in this server is:
 /Objects/1:Tags/1:Square
Tutorials for creating a Cim-IO logical device and the Cim-IO client records
needed to access this server can be found in the Aspen InfoPlus.21 Quick
Start application available on an InfoPlus.21 server installation from the
Windows Start menu under InfoPlus.21. Review the Quick Start tutorial topics
“Adding a Cim-IO for OPC UA Simulation Device” and “Configuring the IP.21
OPC UA Simulation Tag Records.”

7 The Aspen Process Simulation Server 47

48 7 The Aspen Process Simulation Server
8 Troubleshooting

This chapter then describes troubleshooting for specific problems and defines
the error messages that the interface processes.
Troubleshooting helps to isolate a problem with either the interface or its
client. When a problem occurs, such as a database point having an invalid
status or having an incorrect value, the investigation starts at the device level
and moves upward to the application. This section describes the general steps
used to determine which part of the interface is causing a problem.

Cim-IO Configuration Files

In some cases, users may need to verify the contents of the Windows
services file, Cim-IO Logical Devices file, Cim-IO error definition file or
interface management file. This section explains what relevant values are
contained in each file.
Note: The files discussed in the sections below reside in locations that are
protected by Windows 2008 R2 and Windows 7 UAC rules. In order to modify
these files, you must be logged in as the local Administrator or logged in as a
user who is a member of the local administrators group and start Notepad or
other editing tool using the Run as administrator context menu choice.

The TCP Services File

When a Cim-IO for OPC UA server is created using the I/O wizard, the
Windows services file on the Cim-IO server node is updated with the service
name specified for the DLGP process, as well as entries for the read, write
and unsolicited DIOPs using the base service name specified plus the strings
READ, WRITE, or UNSOL.
Example services file entries for a Cim-IO for OPC UA logical device with
CIOOPCUA specified as service name:
o CIOOPCUA 47625/tcp
o CIOOPCUAREAD 47626/tcp
o CIOOPCUAWRITE 47627/tcp
o CIOOPCUAUNSOL 47628/tcp
If the Cim-IO client resides on different host computer the same service
names and port numbers as defined on the server node must be added to the

8 Troubleshooting 49
 Cim-IO client computer’s services file. For more information about Cim-IO
service names, refer to the Aspen Cim-IO User’s Guide.
Note: The service name length must be less or equal to 15 characters. TCP
port numbers listed will vary depending on the preexisting contents of the
services file

The Cim-IO Logical Devices File

The cimio_logical_devices.def file contains a list of logical devices that
Cim-IO Client application can use to connect to a Cim-IO Server. This file is
on the Cim-IO server host and is updated by the I/O wizard when creating a
Cim-IO for OPC UA logical device.
An example of a line in the logical devices def file is:
o CIOUA3 Windows2008-03 UA3
Indicating a logical device named CIOUA3 running on node Windows2008-
03 and accessed using the Windows service name UA3.
If the Cim-IO client resides on a different host than the Cim-IO server you
may need to manually update the cimio_logical_devices.def file on the
client machine as explained in the “Modifying the Logical Device File” chapter
of the Aspen Cim-IO User’s Guide.
Note: The logical device name must less or equal to 15 characters.

The cimio_errors.def File

The cimio_errors.def file contains a list of error file names. Each of those
files contains error codes and descriptions specific to different Cim-IO
interfaces. The error file cimio_opc_uai.def which is specific to the OPC UA
interface should be listed in cimio_errors.def located in the etc directory
under the Cim-IO root directory.

The Cim-IO Message Log and Diagnostics

Files
The Cim-IO message log file, CIMIO_MSG.log, and the default Cim-IO
Diagnostics file, cimio_diag.log, may be viewed by opening them with an
ASCII text editor. These two files are located by default in folder C:\Program
Files (x86)\AspenTech\Cim-IO\Log. These files may contain error
messaging helpful in isolating problems. Consult the Cim-IO User’s Guide.

Connectivity Issues
If Cim-IO for OPC UA cannot connect to the OPC UA server, you may be
having issues with Windows or network firewall permissions or with OPC UA
trust definitions. Call AspenTech Support for assistance.

50 8 Troubleshooting
 Failure to Discover Endpoints
Check whether Windows NT service UA Local Discovery Server is up and
running on the computer where the OPC UA server is installed.

Isolating a Fault to the Device

Level
Use any device utilities that are available to determine if a point exists on the
device, and is available to be accessed. If a device utility shows the value of a
point to be incorrect or the status of the point to be bad, the problem resides
on the device level. This is not an interface problem.

Isolating a Fault to the OPC UA

Server Level
Use a third party OPC UA client tool, such as an OPC Foundation data access
client program, to view OPC UA variables similar to what you are creating
using Cim-IO for OPC UA, and observer the OPC UA server’s behavior. If the
server is not returning the data correctly or is not behaving properly, the
problem resides with the OPC UA server.

Isolating a Fault to the Cim-IO

Components
If the point exists on the device, and your OPC UA client tool shows the point
working correctly, observe the behavior of Cim-IO for OPC UA and the Cim-IO
client. Using Cim-IO Kernel Diagnostics, create a log file logging the
appropriate requests and replies (Get, Put, Unsol). Also check your
CIMIO_MSG.LOG file to see if the messages are getting through, or if there
are network connectivity problems.
Alternatively, you can use the Cim-IO test utility (cimio_t_api) to determine if
the point is being correctly obtained from the device.
Following is an example of using the cimio_t_api test program for using
option 9 to read a point from the device:
1 At the Logical device name for the Cim-IO for OPC UA interface
prompt, enter the default logical device name.
2 Now you are presented with several more prompts. Respond to these as
indicated in the following table.

8 Troubleshooting 51
 Test Utility Information to Enter
Prompt

Unit number Default number, because this

parameter is not used by the
interface.
Number of tags Number of tags to read.
Priority "1" for the highest priority.
Timeout At least "10", for 10 seconds.
Access type CIMIO_AT_SYNC for synchronous.
Frequency "0" for demand read.
List ID "-1".
Tag names Tag names, either manually or
through a file.
Data type Data type with which the point is
returned. Set this field if manual
entry is used.
Device data type Device data type for point, if
manual entry is used.

3 Now the request is processed. Note the following returned information:

value Value of the return code.

timestamp Timestamp of the return code.
status One of the valid Cim-IO status codes,
discussed in "Error Messages."
facility number 78.
driver status Raw status returned by the interface,
described in "Error Messages."

If the error is with Cim-IO for OPC UA, contact AspenTech support. Please
retain any logs produced to assist AspenTech support in quickly locating your
problem.

Isolating a Fault to the Client

Level
If the Cim-IO test utility (cimio_t_api) shows a point to be correct and the
application shows the point information to be incorrect, then the problem
resides in the application. If using InfoPlus.21,the Get or Put transfer records
need to be checked for status information about the particular point. If these
are correctly configured, there may be a problem with the Cim-IO client.
Contact AspenTech for assistance.

52 8 Troubleshooting
 .NET Log4Net Service
Log4net (from Logs for .NET) is a user-configurable .NET logging service
capable of writing to a variety of logs and format messages within those logs.
These logs contain the greatest amount of detail about operational problems
encountered by the Cim-IO for OPC UA programs and even for lower layers.
The information in the log is most useful to experienced users and Aspen
Technology support personnel.
The log verbosity is controlled by the following levels:

Log Description
Level
FATAL Only logs serious unrecoverable errors.
ERROR Logs errors and the levels above.
WARN Logs warnings and the levels above.
INFO Logs informational messages and the levels above.
DEBUG Logs debug messages and the levels above. This will produce significant
amount of log entries and can affect performance of the application.
TRACE Logs trace messages (very detailed) and the levels above. This will produce
the highest amount of log entries and can affect performance of the
application.

Enabling CIMIO for OPC UA

Diagnostic Log
Each CIMIO for OPC UA program has a pair of XML configuration files that
contain diagnostic log entries that can be adjusted to provide low level
information about what goes inside those levels. The XML files are all
contained in the cio_opc_uai folder, they are shown in the following table.

Program Configuration Files

Cimio_opcua_read.exe cimio_opcua_read.Config.xml
cimio_opcua_read.log4net.Config.xml
cimio_opcua_write.exe cimio_opcua_write.Config.xml
cimio_opcua_write.log4net.Config.xml
cimio_opcua_unsol.exe cimio_opcua_unsol.Config.xml
cimio_opcua_unsol.log4net.Config.xml

Inside each of these files per program there are XML tags exclusively
dedicated to the configuration of diagnostic logs.

8 Troubleshooting 53
 Log4Net Configuration XML Files
The cimio_opcua_xxxx.lognet.xml configuration file is used to configure a
program’s diagnostic logs at the highest level, e.g. information in the
associated program up to and just before making calls to lower dlls methods.
By default, the Cim-IO for OPC UA programs have their logs sent to the
“RollingFileAppender” file, named in the excerpt towards the bottom of the
configuration file inside the <root> section. However, by default the file is
disabled. To enable logging for the program in question, open the file for
editing, then “uncomment” the line with a left most “<!-- “ and the right
most “-->” that surrounds the tag <appender-ref> for
“RollingFileAppender”.

<root>
<level value="INFO" />
<appender-ref ref="ConsoleOutAppender" />
<appender-ref ref="ConsoleErrAppender" />
<appender-ref ref="TraceAppender" />
<!-- <appender-ref ref="RollingFileAppender" /> -->
<appender-ref ref="EventLogAppender" />
</root>

Note: By default, log4net will log informational messages and higher

To control the verbosity of the messages, change the default log level in the
<root> section. For example, change the line:
<level value="INFO" />
To
<level value="WARN" />
The “RollingFileAppender” log file is defined by the XML tag <file> inside
its <appender> section with the default path
"..\..\log\CIMIO_OPCUA_READ.log". However, the table below
normalizes the location path to a generic location called CIMIOROOT, which
depends on the path chosen by the installer during the aspenONE installation.
The following Windows registry path contains the actual definition of
CIMIOROOT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AspenTech\Setup\Products\
CIM_IO\Destinations\CIMIOROOT

Log Type Location Levels Logged

Rolling File Log "CIMIOROOT\log\CIMIO_OPCUA_READ.log" INFO to FATAL

Note: You must launch the editor with elevated (as Administrator) security to
save changes made to the XML file.

54 8 Troubleshooting
 Enabling OPC UA SDK Diagnostic Log
The OPC Foundation’s OPC UA SDK provides additional logging capability. This
log typically contains low-level communication entries. The OPC UA SDK log
detail and log file location is specified in each of the DIOP program’s XML
configuration files, with the generic name cimio_opcua_xxxx.Config.xml.
The log file can be found at path:
%CommonApplicationData%\AspenTech\DiagnosticLogs\
InfoPlus.21\OpcUaServer\IP21OpcUAServerHost.log.

The logging capability can be changed by editing the TraceConfiguration

section of the OPC UA Application Configuration File. The table below gives
the possible TraceMasks values.

Value Meaning
0 Do not output any messages
1 Output error messages
2 Output informational messages
4 Output stack traces
8 Output basic messages for service calls
16 Output detailed messages for service calls
32 Output basic messages for each operation
64 Output detailed messages for each operation
128 Output messages related to application initialization or shutdown
256 Output messages related to a call to an external system
512 Output messages related to security.

A combination of the above TraceMasks values may be selected by adding

the desired values together.

Viewing Diagnostic Trace Log Messages

with log4net
The Cim-IO for OPC UA diagnostic logging system can be used as a testing
tool to help verify behavior and to better understand the processing flow of
the application. Trace logging is a Microsoft Windows feature built-in with the
OS.
You can watch interactively the log events using a free tool, such DebugView,
which can be downloaded from this link (http://technet.microsoft.com/en-
us/sysinternals/bb896647). After launching it, enable the flag for “Capture
Global Win32” under the Capture menu. On Windows 2008, you need to run
elevated (as Administrator).
To enable logging such that you can view detailed log messages as one or
more Cim-IO for OPC UA processes operates, you must configure the logging
settings (log4net settings) for the desired process .log4net.config.xml file
listed in a table above. You can either add your own TraceAppender or use

8 Troubleshooting 55
 the one distributed for your convenience with our configuration files as shown
below:
<appender name="TraceAppender"
type="log4net.Appender.TraceAppender">
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%-5level [%10thread] %-
23logger.%message%newline" />
</layout>
</appender>

Note: If you want your own TraceAppender or expand the scope of the one
distributed, please refer to the log4net online documentation.
Once the TraceAppender has been added, enable trace-level logging by
changing, inside the <root> section towards the bottom of the file, the line
<level value="WARN" /> to <level value="TRACE" />. Note that the
TraceAppender cannot be assigned a location to a log file. An external tool
like DebugView can be used to see the trace messages originated by the
software configured for it.
Note: TRACE level logging is very verbose, so consider setting the level to
DEBUG to see fewer messages. Be sure to set the logging level back to
“WARN” when finished.

Cim-IO for OPC UA Error Codes

The following table lists the error codes and text that the Cim-IO for OPC UA
interface may log in the Cim-IO log file:
Code Description

0 Operation Succeeded
1001 Create session failure
1002 Get data failure
1003 Data convert failure
1004 Data status good
1005 Data status bad
1006 Bad tagname
1007 Not supported type
1008 Add point succeed
1009 Add point failed
1010 Remove point succeed
1011 Point not exist
1012 Remove point failed
1013 Create scribe failed
1014 Create scribe succeed
1015 Put data failed
1016 Put data succeed
78001 Device failure

56 8 Troubleshooting
 Code Description

78002 Bad status

78004 Unsupported data type
78005 Unknown data type
78008 Invalid tag/browse path
78009 Could not continue
78010 Failed to allocate memory
78011 Unknown deadband
78016 Unsupported output type
78017 Data was not output
78019 Data size error

Location of certificates from

OPC UA Server is unknown
A connection between IP.21 and OPC UA server involves trusting each other’s
certificates (read, write and unsol). The vendor usually provides the location
of their certificates. If the vendor doesn’t know where are these certificates
located, follow these steps.
1 On the IP.21 server, run Notepad as administrator and open
cimio_opcua_read.log4net.Config.xml, located in C:\Program Files
(x86)\AspenTech\CIM-IO\io\cio_opc_uai.
2 Enable “Debugging logs.”

8 Troubleshooting 57
 3 Open the Cim-IO Interface Manager and start the interface that is pointing to the
target OPC UA Server.
4 Create a logical device using Aspen Cim-IO Connection Manager. See “Adding a
Cim-IO Connection” in the help for instructions.
5 Once the Logical device has been created, run Test API option 9. This will reject
the certificates and put them in the “RejectedFolder” so it can be trusted. The
following error is shown after running the Test API:
CIMIO_USR_GET_REPLY, Error came from GET reply packet
CIMIO_OPCUA_DEVICE_ERROR, Device failure.
6 On the local disk C:\Program Data, three log files have been created:

This means that Cim-IO has rejected the software certificates as expected
and placed them in C:\ProgramData\OPC Foundation\RejectedCertificates.
7 Open the OPC UA Configuration tool. On the Manage Security tab, select
cimio_opcua_read as the Application to Manage.

58 8 Troubleshooting
 8 Click Select Certificate to Trust. For Store Path point to c:\ProgramData\OPC
Foundation\RejectedCertificates.
9 Click the certificate of the target OPC UA server, then click OK.
10 Repeat step 8 for cimio_opcua_unsol and cimio_opcua_write.
11 Restart the interface. The read, write, and unsol will turn green.
12 Run TEST_API and select option 9.

8 Troubleshooting 59
8 Troubleshooting 60
9 Glossary

Client
A program capable of initiating communications with a service program. Cim-
IO clients talk to Cim-IO servers.

DIOP
Device Input/Output Process. A DIOP is a Cim-IO interface task that performs
low-level communications with external hardware devices or other databases.

DLGP
Device Logical Gateway Process. A DLGP is a Cim-IO interface task that
communicates with client tasks, forwards messages to DIOPs in the interface,
and returns messages to the client tasks that initiated the requests.

Logical Device
Representation of the interface supported by the Cim-IO interface platform.
Cim-IO can support several different interfaces at the same time.

Logical Device Name

Name representing a Cim-IO logical device. Each interface must be identified
by a unique logical device name.

OPC UA
Microsoft Object Linking and Embedding for Process Control Unified
Architecture. OPC UA is a standard in the process control industry. Standards
are set by the OPC Foundation.

OPC UA Cache
OPC Specification requires that an OPC server obtain data regularly if
requested, and store this in an internal cache. Reads requesting the cache as

9 Glossary 61
 the data source, and all unsolicited callbacks, come from data stored in this
cache.

Service
A program that provides services to other programs. A service has a defined,
constant, TCP port number that it listens on for incoming connections. The
service’s name and port number must be defined in the operating systems’
Services file.

Service Name
A name for a particular service.

62 9 Glossary