Category Archives: WinCC Unified

Enable OPC UA Server in WinCC Unified

In the TIA Portal you have to enable “Operate as OPC Server” in the Runtime Settings of your project. Download and restart the runtime, and then the OPC UA Server is listening on opc.tcp://localhost:4890.

You need to have a user which has a role with the OPC-UA read and write access permission.

When you try to connect with a client the client will send the certificate to the server and typically the certificate is rejected by the server. To trust the certificate you have to move the certificate from the “Rejected” folder to the “Trusted” folder.

C:\Program Files\Siemens\Automation\WinCCUnified\bin\PKI\Rejected\certs

C:\Program Files\Siemens\Automation\WinCCUnified\bin\PKI\Trusted\certs

How to disable security in WinCC Unified OPC UA Server…

Caution! Don’t do this in a productive environment!

Add a security police “None” to the OPC UA configuration file.

On Windows you can find the file here: “C:\Program Files\Siemens\Automation\WinCCUnified\bin\OpcUaServerRTIL.xml”

<SecurityProfileUris>
<SecurityProfile>
<ProfileUri>http://opcfoundation.org/UA/SecurityPolicy#None</ProfileUri>
<Enabled>true</Enabled>
</SecurityProfile>
...
</SecurityProfileUris>

How to view remote traces with RTILtraceViewer from a SIMATIC HMI Unified Comfort Panel…

First you have to enable the Trace forwareder on the panel

Then you have to start a tool on the host where you have installed TIA with Unified (change IP to your Panel IP):

"c:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceTool.exe" -mode receiver -host 192.168.210.128 -tcp

Then you can start the trace viewer on the PC:

"C:\Program Files\Siemens\Automation\WinCCUnified\bin\RTILtraceViewer.exe"

IIS Reverse Proxy Configuration

If you need to add a reverse proxy to your Internet Information Server (IIS) you can just add a rule to your site configuration file. In the following example we add a reverse proxy (url rewrite) for a GraphQL Server to our WinCC Unified WebRH. Afterwards restart the site with the IIS services manager.

IIS Configuration File: 
"C:\Program Files\Siemens\Automation\WinCCUnified\SimaticUA\web.config"

<configuration>
  <system.webServer>
    <rewrite>
      <outboundRules>
        <rule name="Remove Server header">
          <match serverVariable="RESPONSE_Server" pattern=".+" />
          <action type="Rewrite" value="" />
        </rule>
      </outboundRules>
            <rules>
                <rule name="Reverse Proxy to GraphQL" stopProcessing="true">
                  <match url="^graphql" />
                  <action type="Rewrite" url="http://localhost:4000/graphql" />
                </rule>      
               
                <rule name="UMC SSO Static">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{URL}" pattern="(.*)\/umc-sso(.*)" />
                    </conditions>
                    <serverVariables>
                        <set name="HTTP_COOKIE" value="{HTTP_COOKIE};ReverseProxyHost={HTTP_HOST};ReverseProxyPort={SERVER_PORT}" />
                    </serverVariables>
                    <action type="Rewrite" url="http://localhost:8443/umc-sso{C:2}" />
                </rule>  
            </rules>
    </rewrite>
...

More examples for rewrite rules

<rewrite>
    <rules>
        <rule name="Reverse Proxy to webmail" stopProcessing="true">
            <match url="^webmail/(.*)" />
            <action type="Rewrite" url="http://localhost:8081/{R:1}" />
        </rule>
        <rule name="Reverse Proxy to payroll" stopProcessing="true">
            <match url="^payroll/(.*)" />
            <action type="Rewrite" url="http://localhost:8082/{R:1}" />
        </rule>
    </rules>
</rewrite>

Restart site with “Internet Information Services (IIS) Manager”