inventcom

SINUMERIK 840D 828D OPC UA (SW 4.7)

CNCnetPDM OPC UA for Siemens Sinumerik Operate enables you to monitor machine-, process-
and quality-data from Sinumerik 840D SL & 828D controllers from a remote PC. It also allows to
write and change a wide range of parameters on these devices.

This document describes setup and configuration of OPC UA components on controllers with
software Operate 4.7 SP2 and communication with a remote PC. Instructions on OPC UA setup
and test with free SINUTRAIN versions are also included.

Note: For software Operate version 4.5 see Sinumerik 840D 828D OPC UA (SW 4.5).

CONTROLLER SETUP (REAL DEVICE)

Make sure that you have option "Access MyMachine /OPC UA 6FC5800-0AP67-0YB0" activated
(Startup->Licenses).

FIG 1: Activate License

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 1 of 11
 inventcom

Start the OPC UA configuration in area [Startup]->[Network]->[OPC UA]

FIG 2: Configure OPC UA

IP Address is automatically set according to the HMI configuration, -X130 for NCU and PPU ‘Local
Area Connection 2’ for PCU 50.

Enter 4840 in field Port (2)

Enter a username for the Administrator (2) of the OPC UA server on the controller, for testing it is
recommended to use ‘OpcUaClient’.

Enter and confirm the password for this user (3). For testing it is also recommended to use
‘OpcUaClient’.

Check ‘Activate OPC UA’, click [OK].

Important note: Please ensure that the date and time on your HMI is correct, otherwise certificate
based OPC UA authentication does not work!

Shut down the controller and start it in service mode without HMI: When the SINUMERIK screen
is displayed during startup and the PCU base version at the bottom right, press key '3' and log in
as user auduser.

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 2 of 11
 inventcom

With Windows Explorer navigate to folder .. \siemens\sinumerik\hmi\miniweb\System\ and verify

that it contains file UserDataBase.xml.

Make sure that the following files are in folder .. \user\sinumerik\hmi\miniweb\cfg\:

AddressModeller.xml, OPC_UAApplication.xml, SinumerikOemConfiguration.xml and

TraceConfig.xml.

If files are missing, copy them to this directory from ..

\siemens\sinumerik\hmi\template\cfg\miniweb\

Restart the controller.

CONTROLLER SETUP (SINUTRAIN)

OPC UA setup on the free version of SinuTrain for SINUMERIK Operate V4.7 Ed.2 differs a bit
from the procedure on a real controller but exactly works in the same way. You have to register a
free account to be able to download the program.

Download and install SinuTrain for SINUMERIK Operate V4.7 Ed.2 - Basic. If you accept all default
settings you are able to use the paths mentioned below.

Start SinuTrain and create one new machine f.i. ‘Lathe with driven tool…’, it is recommended NOT
to use the ‘DEMO-Lathe’ device.

Click [MENU SELECT] - [Setup] - ‘>’ [Licenses] - [All Options] - [Search], enter OPC, activate the
license and click [OK].

Shut down the machine.

Copy ALL files from folder C:\Siemens\SinuTrain\SINUMERIK CNC-SW 840D sl 4.7 SP3
HF1\hmi\siemens\sinumerik\hmi\template\cfg\miniweb\ to folder
C:\Siemens\SinuTrain\SINUMERIK CNC-SW 840D sl 4.7 SP3
HF1\hmi\user\sinumerik\hmi\miniweb\cfg\

Open UAApplication.xml with a text editor and replace all ‘localhost’ entries in this file with the
IPv4 address of your PC.

Add file UserDataBase.xml (from the .zip archive) to directory C:\Siemens\SinuTrain\SINUMERIK

CNC-SW 840D sl 4.7 SP3 HF1\hmi\siemens\sinumerik\hmi\miniweb\System\UserDataBase\

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 3 of 11
 inventcom

File UserDataBase.xml contains entries for OPC UA user ‘OpcUaClient’ with Password
‘OpcUaClient’. This user is administrator of the OPC UA server and has the right to read and write
all items at the controller.

Start SinuTrain, minimize it.

Open file C:\Siemens\SinuTrain\SINUMERIK CNC-SW 840D sl 4.7 SP3

HF1\hmi\user\sinumerik\hmi\cfg\systemconfiguration.ini with a text editor.

At the end add:

[processes]
PROC100= image:="C:\Siemens\SinuTrain\SINUMERIK CNC-SW 840D sl 4.7 SP3
HF1\hmi\siemens\sinumerik\hmi\miniweb\release\miniweb.exe", process:=MiniWebServer,
cmdline:="..\System ..\WWWRoot", startupTime:=afterServices,
workingdir:="C:\Siemens\SinuTrain\SINUMERIK CNC-SW 840D sl 4.7 SP3
HF1\hmi\siemens\sinumerik\hmi\miniweb\release"

Restart the machine from the SinuTrain Workbench and make sure that systemconfiguration.ini
still contains the additional process.

If configured correctly on startup of the machine now an additional command line window opens
that shows details about the activities of miniweb.exe. Do NOT close this window!

CONFIGURE USERS
When you run the free version of SinuTrain for SINUMERIK Operate V4.7 you do NOT have
access to the OPC UA configuration soft key at the controller. At a real controller it’s not possible
to directly add or change users To do so proceed as follows.

Shut down the controller.

Make a backup copy of UserDataBase.xml.

User information is defined between tags <USER and </USER>. An existing user belongs to
groups. All GROUP NAME Tags have an additional A1= entry with an encrypted value which are
automatically created by the miniweb OPC UA server.

To add user ‘OpcUaClient’ with Password ‘OpcUaClient’ add the following section to the end of
the file before </UserDataBase>.

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 4 of 11
 inventcom

<USER NAME="OpcUaClient" PASSWORD="OpcUaClient" DESCRIPTION="Initial Opc User"

REAL_NAME="OpcUaClient">
<GROUP NAME="HMIBased"/>
<GROUP NAME="miniweb"/>
<GROUP NAME="UserManager"/>
<GROUP NAME="SinuReadAll"/>
<GROUP NAME="SinuWriteAll"/>
<GROUP NAME="User"/>
</USER>

Note that the PASSWORD entry is automatically removed by miniweb.exe after startup.
Membership to groups define the rights for the user. SinuReadAll and SinuWriteAll enable the
user to read and write all items. You can also define:

Group Access Right

StateRead Status data - NC, channel, axis, read

StateWrite Status data - NC, channel, axis, write

FrameRead Zero offsets, read

FrameWrite Zero offsets, write

SeaRead Setting data, read

SeaWrite Setting data, write

TeaRead Machine data, write

TeaWrite Machine data, write

ToolRead Tool and magazine data, read

ToolWrite Tool and magazine data, write

DriveRead Drive data, read

DriveWrite Drive data, write

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 5 of 11
 inventcom

GudRead User data, read

GudWrite User data, write

PlcRead PLC, read

PlcWrite PLC, write

RandomRead Random (and ReadVar method), read

RandomWrite Random (and WriteVar method), write

Save file UserDataBase.xml and start the controller.

SOFTWARE SETUP & USAGE (PC)

Download Sinumerik_840D_828D_OPC_UA.zip and extract all files to a folder on your PC.

Make sure that TCP Port 4840 is opened in your Firewall. You can use our tool Device Port
Scanner to check if your controller is reachable via this port.

Note: Both programs require .NET Framework 4 components and run on newer Microsoft
Windows x86 and x64 OSes (>= Windows 7).

For OPC UA it is required that your PC trusts the Siemens certificate issued by your controller.
Therefore it is necessary that it is installed in the certificate store of your PC. As this is a self-
signed certificate it is NOT automatically installed. To install the certificate right click
CNCnetPDM.OpcUA.Client.exe or CNCnetPDM.OpcUA.SimpleClient.exe, select ‘Run as
Administrator’ and connect to your controller. This only has to be done once!

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 6 of 11
 inventcom

CNCnetPDM OPC UA CLIENT

The CNCnetPDM OPC UA Client enables you to connect to your controller via OPC UA, browse
items, see details of items and add or remove them from a subscription.

Start CNCnetPDM.OpcUA.Client.exe and enter the IP Address of your controller into textbox Node
(1).

FIG 3: Connect CNCnetPDM.OpcUA.Client

Activate checkbox SW 4.7 (2) fields User name and Password show up with default entry
‘OpcUaClient’ for user name and password.

Click on the arrow in textbox Endpoints, you should see 3 entries, select
Sinumerik OPC UA OEM [None, None] [opc.tcp://IP-Address:4840] (3).

Click button Connect.

You are now connected to your controller via OPC UA.

In the upper left pane expand Objects->Sinumerik->/Bag->/Bag/State (1).

Click on /Bag/State/opMode (=Current operation mode of your controller).

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 7 of 11
 inventcom

FIG 4: CNCnetPDM.OpcUA.Client

Now you can see details of the selected object in the upper right pane (2).

By dragging the item from the upper left pane to the empty area at the bottom of the dialog you
can add it to a subscription (3). If you now change the operation mode of your controller to AUTO,
MANUAL or MDI you can immediately see the results under ‘Value’. If you right click the item you
can change the sampling interval or remove it from the subscription.

You can add additional items to your subscription.

If you’re done, disconnect from your controller.

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 8 of 11
 inventcom

CNCnetPDM OPC UA SIMPLE CLIENT

This program enables you to connect to your controller via OPC UA, select a specific namespace
of the OPC server, monitor, read and write items.

Start CNCnetPDM.OpcUA.SimpleClient.exe, enter the IP Address of your controller into the

textbox right to [Connect] (1). Change the default value 4840 for port (2) only if you use a different
port at the controller!

Activate checkbox SW 4.7 (3) fields User name and Password show up with default entry
‘OpcUaClient’ for user name and password.

FIG 5: Connect CNCnetPDM.OpcUA.SimpleClient

Click [Connect] you now should be connected to the OPC UA server on your controller.

FIG 6: Adjust CNCnetPDM.OpcUA.SimpleClient

Initially one item is activated. You can adjust that by changing the value in field ‘Active Items’ (1) to
a different value, up to 15 items are possible.

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 9 of 11
 inventcom

The predefined values under ItemID (2) are known to work well on Sinumerik 828 and 840D
controllers, of course you can change them according to your needs.

The last two items are 2 R Parameters (user variables) that are visible at the controller: [MENU
SELECT] - [Parameter] - [User Variable]. As these 2 items are writable you can change them
remotely.

When you click on [Read] (3) the values of all activated items are read from you controller and
displayed in the dialog.

By entering numeric values for the last two items and clicking on [Write] (4) you can change the
user variables at the controller.

Clicking on [Monitor] (5) adds all activated items to a subscription and shows their current value.

If you’re done, click on [Disconnect].

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 10 of 11
 inventcom

TROUBLESHOOTING
In case there are errors the program writes a log file which can be found in the folder where
CNCnetPDM OPC UA Client is installed. This log file contains detailed information about any
issues.

On connect CNCnetPDM OPC UA Client shows no connections in textbox Endpoints or

CNCnetPDM OPC UA Simple Client opens popup ‘Connect failed: Could not open UA TCP request
channel’:

Make sure that the controller is reachable via the network and port 4840 is opened at the
controller and your firewall. Use our tool Device Port Scanner to check if communication works.

Verify that process miniweb.exe is started at the controller. On a SinuTrain setup check that an
additional command line window exists and one of the last lines contains ‘OPC UA Server started
successfully on IP-Address:4840’.

If no additional command line window opens at all, check that the required entries in section
[processes] of systemconfiguration.ini exist. If not, add them and restart the controller.

If the window is opened but there’s no line with ‘OPC UA Server started successfully on IP-
Address:4840’ check file OPC_UAApplication.xml.

If you see multiple lines in this window with text ‘BAILED OUT’ and error messages related to
files not found check that the additional entry for miniweb.exe in systemconfiguration.ini points to
the directory that contains miniweb.exe (search for it). You can also use the full path to
miniweb.exe instead of the relative path. If this does not help, navigate to the folder that contains
miniweb.exe, open subfolder \System and open file WebCfg.xml with a text editor. Verify that
uncommented lines with long path entries point to directories that contain the specific .xml files.

If you see error message ‘Connect failed Error: cannot add self-signed certificate to certificate
store’ on startup run the program one time as Administrator.

If the fields under Read Value in CNCnetPDM OPC UA Simple Client show up in red you are
connected as anonymous user that doesn’t have the right to read values. Check that you have
checkbox SW 4.7 enabled.

If you see error ‘Connect failed BadIdentityTokenRejected’ on SW 4.7 make sure that you use the
correct user name and password.

SINUMERIK 840D 828D OPC UA (4.7)

Inventcom · www.inventcom.net · info@inventcom.net
Version: December 2017 V2.0
Page 11 of 11