Overview
This guide covers the most common OPC UA gateway failures: bad endpoint targets, incomplete node exports, certificate trust issues, and read-versus-write expectation mismatches. Use it with the OPC UA guide when connecting a gateway client to an industrial OPC UA server.
Diagnostic Flow
- Confirm the endpoint URL and routable IP address.
- Confirm the required security mode and certificate trust relationship.
- Confirm that the node list is complete and stable.
- Validate one known-good read with an independent OPC UA client.
- Confirm whether the job expects reads only or bidirectional control.
Project Startup Questions
Before an OPC UA job is treated like routine gateway work, answer these questions:
- Is the requirement read-only or does the customer expect writes?
- Is the endpoint routable from the actual gateway, not just from an engineering laptop?
- Is there a stable NodeID export with namespaces?
- What security policy, auth mode, and certificate workflow are required?
Symptoms & Solutions
| Symptom | Likely Cause | Action | Related KB |
|---|---|---|---|
| Gateway cannot connect to the server | Wrong endpoint or unreachable host | Verify routable IP address and endpoint URL | OPC UA |
| Security handshake fails | Certificate trust or policy mismatch | Recheck certificate validity, trust store, and security policy | OPC UA |
| Some nodes read, others do not | Incomplete or changing NodeID list | Re-export the namespace and validate NodeIDs | OPC UA |
| Customer expects writes but control does not work | Client capability mismatch | Confirm whether the gateway supports the required write behavior | QuickServer |
Endpoint set to localhost or 127.0.0.1 | Non-routable server reference | Replace with the actual network address of the OPC UA server | OPC UA |
Configuration Issues
Validate with a Known OPC UA Client
Before blaming the gateway, browse and read the target nodes with UaExpert or another independent OPC UA client. If that fails, the issue is often endpoint, security, or server-side access rather than the gateway mapping.
Treat Node Export Quality as a Hard Dependency
If the node export is incomplete, inconsistent, or based on temporary browsed labels instead of stable NodeIDs, the integration will be fragile even if it works once.
Confirm Read Versus Write Expectations
If the project scope assumes command writes, verify that explicitly before commissioning. Many OPC UA gateway projects are read-only and look broken only because the wrong capability was assumed.
Treat Server Reachability As A Hard Gate
If the endpoint only works from a desktop tool or references localhost, the project is not ready for a gateway build. Prove routable access from the same network position the gateway will use.
Tools
| Tool | Type | Description |
|---|---|---|
| UaExpert | Client | Endpoint browsing, value validation, and certificate testing |
| Prosys OPC UA Browser | Client | Lightweight OPC UA read and browse validation |
| Prosys OPC UA Simulation Server | Simulator | Test server for lab validation and workflow isolation |
Need Help?
Before escalating, capture the endpoint URL, security mode, certificate set, and a short list of failing NodeIDs. That usually makes it clear whether the issue is network path, security policy, or node modeling.