If the OPC UA server is not registered to a local discovery service (LDS), you can resolve the issue by downloading and installing an LDS and registering your OPC UA server to it. For information, see Install an OPC UA Simulation Server for OPC UA Examples.

If the OPC UA server application instance is rejected by the LDS server, you can trust the certificate by moving the server certificate to the LDS trust store. Ensure that the moved file is not retained in the reject store.

The error can occur when the certificates used are not trusted by the server. To resolve this issue, export the MATLAB^® application instance certificate using the exportClientCertificate function, and then transfer the certificate to the trust store of your OPC UA server.

This table lists the certificate store paths for common OPC UA servers.

The error can occur when X.509 certificates used for authentication are expired or revoked, or there is a mismatch between the client and server certificates. To fix this error, ensure that the certificates used are valid, trusted, and properly configured on the client as well as the server.

The error can occur when the client and server have different security policies configured, and they are unable to negotiate a compatible security policy during the handshake process. To resolve this issue, confirm that the configured security policies in the client and server are compatible. You can also adjust the security policies if necessary.

The error can occur when the security settings of either the client or the server are incorrectly configured. To fix the configuration, check that the security settings on both the client and server match. Avoid using incorrect encryption algorithms, invalid security modes, incorrect certificate configuration, or unsupported security features. For more information on certificate configuration, see https://reference.opcfoundation.org/Core/Part6/v105/docs/6.2.

Some settings recommended during certificate configuration are:

If the error occurs due to network connectivity, ensure that there are no network issues or firewalls blocking communication between the client and server.

The validation issue can occur due to an incorrect username or password, expired or revoked user credentials, insufficient privileges, or incompatible security settings between the client and server. To resolve this issue:

To perform these troubleshooting steps while using the Prosys Simulation Server, select the Users tab in the server UI and follow the relevant steps.

Recreate the client by setting UseDiscoveryHostname to true to replace the endpoint URL hostname with the discovery URL hostname.

Register the hostname of the server locally with the network path used to connect to the server. If the DHCP query is for a static IP address, add the IP address and hostname to the Windows\System32\Drivers\etc\hosts file on the local client machine.

For a long-term solution, ensure that the server provides endpoints that are accessible by all available paths to the server. When the server is in a DHCP environment, it must have a static IP on the DHCP network, and the hostname must resolve to that IP address when it uses that route to the server. Your IT administrators can assist with this process.

The error can occur when the operation exceeds the timeout duration due to network congestion, packet loss, or a slow network connection. To avoid it, check network connectivity and ensure that the network connection between the client and server is stable and free of any issues causing delays or packet loss.

The error can occur when the server is heavily loaded or experiences high demand. To circumvent the server overload, monitor the OPC UA server resource usage and optimize the performance or allocate additional resources to handle the load.

The error can occur when the OPC UA server or LDS is not running or experiencing connectivity issues. To verify server availability, check for an LDS on the local machine and make sure that it is running. If the LDS is missing, install and set up the LDS server and register your OPC UA server with the LDS. For information, see Install an OPC UA Simulation Server for OPC UA Examples.

If the error occurs during node browsing, check for operation limits on your server and reduce the number of nodes per browse. In the Prosys Simulation Server, you can view the operation limit in the MaxNodesPerRead parameter.

The error can occur when the URI specified in the application description does not match the application or product URI configured in the certificate. To fix the issue, verify the configuration and correct any mismatched data. The mismatched data can be a typo, an additional space, or an incorrectly configured application instance certificate.

For example, the URI specified during client creation can be VDI-HOST3-192.mydomain.com:OPCUA:SimulationServer. This code returns an error because the specified application description does not match the application URI configured in the certificate.

uaClient = opcua("opc.tcp://VDI-HOST3-192.mydomain.com:53530/OPCUA/SimulationServer");
connect(uaClient);

The application URI configured in the certificate is VDI-HOST0-172.mydomain.com:OPCUA:SimulationServer.

The error can occur when the URI in the certificate does not match the URI expected by the client. To fix the issue, generate a new certificate with the updated URI and replace the old certificate with the new one. The mismatch can be due to an outdated certificate or because the server URI changed but was not updated in the certificate.

The error can occur when the OPC UA communication is passing through a network proxy or firewall. To fix the issue, check the network settings and review the network configuration to ensure that the URI in the certificate is not modified or rewritten. You can also adjust the settings if necessary to allow the correct URI to pass through the network.