Ta strona wykorzystuje cookies. Dalsze korzystanie z serwisu oznacza zgodę na ich wykorzystanie Zamknij Więcej informacji

Zaloguj Się

Wsparcie Ogólne

Overview: Dongle, Windows installation, Windows security, Sterownik pod Windows 7, Sterownik pod Windows 10, Driver under Windows XP, Rockwell controllers, S7-1500, BACnet station search, Rockwell PLC station search, certyfikat wie, w jaki sposób, installation in docker, tcpdump short usage, ssl library considerations.

Answer:

Proszę sprawdzić najpierw w przeglądzie licencji z listą kluczy, czy klucz jest rozpoznawany przez PC.
że klucz musi być podłączony, jeśli oprogramowanie zostanie uruchomione. Najczęściej oprogramowanie uruchamia się podczas włączania zasilania systemu. Należy go uruchomić przed zalogowaniem się użytkownika. Możesz zrestartować usługę Windows "ConfigServer" lub demona Linuksa "ConfigServer". Możesz również zrestartować komputer.

Answer:

Older Windows versions as Windows 7 before 2014, Windows Server 2012 with updates before 2014, Windows Server 2008 with updates before 2014 will need service packs which are offered by Microsoft since October 2014.
This example handles this for Windows Server 2012:

  • Install update KB2919355 (download over Windows Update).
  • Install update KB2999226 (Windows 10 Universal C Runtime, bad formated name for this update is: Windows8.1-KB2999226-x64.msu).

Other Windows versions will need other updates. The updates are affected also from the language your Windows is using. Ask Microsoft for details.
The standard libraries Tani ships with its products are handled by Microsoft Windows Update.

Answer:

Instructions to add Tani OPC Server and PlcEngine as exceptions to the Virus detection


Viruses and threat protection
Viruses and threat protection
Settings for viruses & threat protection
Viruses & threat protection - Manage settings
Viruses and threat protection
Exclusions in the bottom - Add or remove exclusions
Add exclusionsAdd exclusions

Folders

c:\Program Files\Tani
c:\Windows\System32\Tani
Folders

After this settings it is sometimes necessary to install Tani Software again.


Firewall

shown entries of the firewall
The shown entries of the firewall are added from the installation if you have selected this option.

Instructions to start Tani OPC Server and PlcEngine services delayed

However, especially with virtual machines, it also happens that the network has not yet run up when the Tani services started. For this reason, the starup of the Tani software should be started delayed.

Tani configserver service - Automatic (delayed start)
Tani Logger Service - Manual Start
PLC Engine Service - Manual Start
marked entries of the firewall

Answer:

Zainstaluj aktualizację KB3033939.
Microsoft i wszyscy dostawcy certyfikatów zaprzestali używania niebezpiecznych SHA1. Starsze wersje systemu Windows obsługują tylko system SHA1. Tak więc starszy Windows nie rozpoznaje świadectwa i uniemożliwia uruchomienie maszynisty. Windows od wersji 7 wymaga ważnych certyfikatów dla sterowników.
Nie ma to wpływu na system Windows XP, ponieważ nie sprawdza certyfikatów dla kierowców. Nie ma aktualizacji dla XP od Microsoftu. Ale najnowsze pakiety usług XP muszą być zainstalowane.
W niektórych wersjach Windows XP - głównie z Compaq lub IBM - sterownik nie zostanie zainstalowany poprawnie. Rozwiązaniem jest zainstalowanie go ręcznie poprzez ustawienia sieciowe w panelu sterowania systemu.

Answer:

Wyłączyć bezpieczny start w swoim BIOS-ie.
W trybie bezpiecznego uruchamiania Microsoft akceptuje tylko certyfikaty dla sterowników podpisanych przez centrum testowe i centrum podpisywania systemu Windows. Jest on przeznaczony dla firm produkujących seryjnie, nie może być używany na zewnątrz.

Answer:

This may happen if the latest XP fixes are not installed.
Install the latest fixes and reinstall the diver. Alternatively install the driver per hand: Open the system control panel, open the network settings. Choose any network adapter. Choose "settings", add a protocol (install, protocol, disc, search). The driver lies in the area the Tani product was installed (Tani, H1 Driver, H1). Select the .inf file. Press "open" and multiple times "Ok".

Answer:

The whole field can be handled easily with accessing over browsing. If the array is very big (some kilobytes) it is recommended not the whole array but parts of it. Start and len will be given with the item syntax. If the variable is named "MyBigArray" and has 10k elements You can access 100 elements from element 1000 as follows: "MyBigArray[1000,100]". Arrays in structures are handled in the same manner. A single element of the array is handled with "MyBigArray[1000]".

Answer:

The OPC Server checks each ten seconds for changes in the controller. If a change is detected it reorganizes internally all necessary things. But it is preferred not to write into the controller if the controller data elements are changed frequently. Reading data is secure always.

Answer:

Two variants exists:

  • The modern version with support of the "Optimized Data Blocks". During the configuration of the connection in the TSAP windows choose the entry with function "S7 1200/1500". If you do not have a controller at configuration time use the TSAP
    Own TSAP 0601 (binary)
    Destination TSAP SIMATIC-ROOT-ES (ASCII).
  • The old S7 protocol. The optimized data blocks can not be accessed with this. Select a TSAP pair from the list.

With the new protocoll all variables as inputs, outputs, data block variables and flags will be browsed online. The old protocol and a S7 300/400 please use the item syntax or import the symbols from the Step7 or TIA project.

Answer:

In your firewall enable the UDP broadcast receiving for port 47808. A Linux firewall will show the rule as follows:

iptables -I 1 INPUT -p udp -m pkttype --pkt-type broadcast -m udp --dport 47808 -j ACCEPT

All standard firewall frontends are supporting this. It mostly will be found under "Broadcast" "External Zone".
The BACnet station search reauest will be answered via broadcast. So the station search only will work in a subnet.
For searching in other networks please use BBMD.
Without the station serarch the device id need to be entered manually.

Answer:

In your firewall enable the UDP receiving after sending a broadcast for port 44818. A Linux firewall will show the rule as follows:

ipset -exist create udprec hash:ip,port timeout 3
iptables -A INPUT -p udp -m set --match-set udprec dst,dst -j ACCEPT
iptables -A OUTPUT -d 255.255.255.255/32 -p udp -m udp --dport 44818 -j SET --add-set udprec src,src --exist

This rule set defines a rule named udprec. After a broadcast search request for three seconds all UDP answers on the given port are not filtered out. These are the answers from the Rockwell controllers.
All standard firewall frontends are supporting this. It mostly will be found under "Broadcast" "External Zone".
The station search naturally will work in one subnet only. Routers do not deliver broadcasr requests.

Answer:

stnieje wiele nazw plików i formatów plików dla plików certyfikatów. Produkty Tani używają formatu .pem.
Więcej informacji do formatów, a informacje do konwersji jednego formatu do innego formatu znajdują się w sekcji (w języku angielskim) szczegóły certyfikatu.

Answer:

All the Tani products are working fine in Docker, Kubernetes and other lightwight virtualization environments. This exampe is made for installing PLC Engine in a Docker container with Ubuntu running inside. It is tested on hosts running Suse Leap 15.2 and the Linux subsystem on Windows 10.
The configuration files are shared into the container. Additionally the needed ports are shared also.
Download the example: Dockerfile

Answer:

tcpdump is a Linux command line tool for recordings on a network. In general doing a network recording is an administrative task. It requires root rights. sometimes the tool need to be installed before, all distributions are offering tcpdump.
First the correct network adapter need to be choosen. The command
tcpdump --list-interfaces or tcpdump -D
lists the adapters.
then the recording can be started.
tcpdump --interface eth0 or tcpdump -i eth0
starts the recording on eth0. Use one of the adapters of the adapters list. You can record on all adapters with
tcpdump --interface any but it is not recommended doing so.
Recording filters reduce the load and increases the security. host filters for an IP address are
tcpdump -i eth0 host 192.168.2.2 or tcpdump -i eth0 port 102
Multiple adapters and hosts and ports can be given.
Saving the recording to a file
tcpdump -i eth0 -w recording.pcapng
Ideally adapters, host and port addresses and a file name are given, combine wtof or and colons. Example
tcpdump -i eth0 (host 192.168.2.2 or host 192.168.2.3) (port 102 or port 4840) -w recording.pcapng
More options are available in the Linux manpages.
The files can be shown easily with Wireshark, so copy it to another machine with a graphical screen and handle it there.

Answer:

The SSL libraries are used for all encryption things. Multiple software is basing on them as OPC UA, the Siemens S7 1500 protocols, MQTT, HTTPS and the connection between the graphical configuration software and the core software.
Because of its security functionality sometimes the things are changing. This can break compatibility. Protocols which has been found of insecure will be dropped, and automatic selections of weaker encryption methods are stopped. Mostly this is driven by insurances and governments.
From July 2023 the Tani software did switch to SSL 3.1. The previous SSL version was 1.1.1. There may be some inconveniences, but security goes over compatibility. SSL 1.x is no longer supported by the SSL maintainer, all users need change to 3.x as the minimum.
Beware that some more modern security software like firewalls may stop running older software using SSL 1.x. This is not in the hand of Tani. The only solution is using actual software.