IED onboarding to IEM Virtual

0
Hello,   We have a couple of industrial edge devices (SIMATIC IPC227E) that were onboarded to IEM OS, to which we no longer have access. Therefore, we performed a hard reset via the IED GUI. Now, we are trying to onboard them (using a configuration file on a USB stick or via the IED "/device/edge/activation" page) to IEM Virtual, but the process always finishes with a "Cannot connect to IEM" error. We monitored the traffic between the edge device and IT infrastructure and discovered that the IED only asks DNS to obtain the IP address of IEM and receives it but does not attempt to connect to IEM further.   The firmware of IPC227E is "ied-os-1.12.0-10-amd64" and IEM Virtual 2.4.2 (based on IEM Pro v1.10.10). Could this be causing the issue? If so is there a way to update the IED firmware directly and not through the IEM GUI?   We have downloaded a log file from the "unactivated" IED but haven't found anything that could cause the failure.     Best regards,   Petr
asked
4 answers
0

Hi Petr,

Thank you for sharing your inquiry with us. The 1.12 firmware shouldn't be the issue here; the onboarding should work. However, you can also update your IED using the Service Stick as described here.

https://support.industry.siemens.com/cs/ww/de/view/109815667

 

I believe the issue is either with the network settings of the IED or with the network configuration in the onboarding file. Please review the following and make sure it is correct:

  1. Ensure that the network configuration on the IED is correct and that the DNS server is configured if needed. Also, please make sure that you have a gateway configured on your IED. It doesn't need to be an active gateway; it is enough to use 0.0.0.0 as a gateway. The important thing is not to leave it empty.

  2. Review the content of the onboarding file as well and make sure that the network configuration is correct. Please don't forget that the onboarding file is valid for only 1 hour.

  3. Please make sure that the network setup between your IED and IEM is allowing the traffic and that there is no proxy between the two. If there is, please configure the proxy on your IED and in your config file.

answered
0

Screenshots of network configuration:

one-m.png

 

two-m.png

 

three-m.png

 

Onboarding file:

{
   "Device":{
      "Network":{
         "Interfaces":[
            {
               "GatewayInterface":true,
               "MacAddress":"-removed-",
               "DHCP":"disabled",
               "Static":{
                  "IPv4":"-removed-",
                  "NetMask":"255.255.255.0",
                  "Gateway":"-removed-"
               },
               "DNSConfig":{
                  "PrimaryDNS":"-removed-",
                  "SecondaryDNS":""
               }
            }
         ]
      },
      "ntpServer":[
         "-removed- iburst prefer"
      ]
   },
   "onboarding":{
      "localUserName":"",
      "localPassword":"",
      "deviceName":"-removed-",
      "deviceId":"e4448524048e422f916f2da25b549664",
      "platformActualName":"x86-64",
      "softwarePlatformName":"dockercompose",
      "potalUrl":"-removed-",
      "nodeId":"b7f6705bd4254191b441e0f47cf9b3f0",
      "userId":"09a42ef22c7543e5b90773a4f4901dff",
      "deviceType":"DockerCompose",
      "swPlatformId":"0f06ae8c87bf4fe39fbfa2914d726a65",
      "platformId":"21940f7e0c3649e6a75c7e6e7963001b",
      "isActivationConfirmed":false,
      "deviceRole":"NODE"
   },
   "agents":[
      {
         "name":"portal",
         "proxy":[
            
         ],
         "agentId":"b5a3fdcc99094eeab5d28d43dd34d3da",
         "security":{
            "baseUrl":"-removed-",
            "clientCredentialProfile":[
               "-removed-"
            ],
            "ca_chain":"-removed-"
         }
      },
      {
         "name":"registry",
         "proxy":[
            
         ],
         "agentId":"cb15143397ae4ff69a5fa34f85648e0b",
         "security":{
            "baseUrl":"-removed-",
            "clientCredentialProfile":[
               "-removed-"
            ],
            "ca_chain":"-removed-"
         }
      }
   ]
}

 

answered
0

Hi Peter, If you are trying to onboard the device using the USB stick if the process fails, you should have a log file on the USB stick this should give some hints. How is the network setup between the IED and the IEM? Are they in the same network ? How does the physical connection between the IED and the IEM look like?

answered
0

 

Logs from USB stick onboarding process:

 

SERVICES log:

-- Logs begin at Tue 2025-04-08 11:47:38 UTC, end at Tue 2025-04-08 12:09:25 UTC. --
Apr 08 12:08:46 localhost.localdomain ledservice[1207]: 2025/04/08 12:08:46 ApplyLedAction() enter: ledType:MAINTENANCE  value:BLINK
Apr 08 12:08:46 localhost.localdomain ledservice[1207]: 2025/04/08 12:08:46 ApplyLedAction() leave
Apr 08 12:08:46 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:46 Checking activation status of  device  ...
Apr 08 12:08:46 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:46 HTTP Response : 531
Apr 08 12:08:46 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:46 ApplyConfiguration enter.
Apr 08 12:08:46 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:46 Lock is starting...
Apr 08 12:08:46 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:46 Locked
Apr 08 12:08:46 localhost.localdomain ledservice[1207]: 2025/04/08 12:08:46 ApplyLedAction() enter: ledType:MAINTENANCE  value:BLINK
Apr 08 12:08:46 localhost.localdomain ledservice[1207]: 2025/04/08 12:08:46 ApplyLedAction() leave
Apr 08 12:08:46 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:46 Applying  Network settings ...
Apr 08 12:08:46 localhost.localdomain networkservice[1208]: [INFO] networkservice.go:138 ApplySettings() called
Apr 08 12:08:46 localhost.localdomain networkservice[1208]: [INFO] network.go:97 new settings request --  Interfaces:{GatewayInterface:true MacAddress:"-REMOVED-" DHCP:"disabled" Static:{IPv4:"-removed-" NetMask:"255.255.255.0" Gateway:"-removed-"} DNSConfig:{PrimaryDNS:"-removed-"}}
Apr 08 12:08:46 localhost.localdomain networkservice[1208]: [INFO] network.go:240 tryApply: network setting is being done with mac address.
Apr 08 12:08:46 localhost.localdomain networkservice[1208]: [INFO] network.go:295 created backup for existing connection
Apr 08 12:08:46 localhost.localdomain networkservice[1208]: [INFO] network.go:257 Mac:  -REMOVED-
Apr 08 12:08:46 localhost.localdomain networkservice[1208]: [INFO] utils.go:441 GateWayInterface set for:  enp2s0
Apr 08 12:08:47 localhost.localdomain networkservice[1208]: [INFO] network.go:329 new connection is added for device -REMOVED- successfully
Apr 08 12:08:47 localhost.localdomain networkservice[1208]: [INFO] network.go:134 all interface(s) configured successfully
Apr 08 12:08:47 localhost.localdomain networkservice[1208]: [INFO] networkservice.go:156 ApplySettings() done
Apr 08 12:08:47 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:47 Applied Network settings
Apr 08 12:08:47 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:260 IsNtpServiceRunning--> true
Apr 08 12:08:47 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:286 Number of peers-->  4
Apr 08 12:08:47 localhost.localdomain ntpservice[1223]: [ERROR] ntpservice.go:162 could not update last sync time
Apr 08 12:08:52 localhost.localdomain onboardservice[1231]: 2025/04/08 12:08:52 Applying  Ntp settings ...
Apr 08 12:08:52 localhost.localdomain ntpservice[1223]: [INFO] ntpservice.go:181 SetNtpServer() enter
Apr 08 12:08:52 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:260 IsNtpServiceRunning--> true
Apr 08 12:08:52 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:286 Number of peers-->  4
Apr 08 12:08:52 localhost.localdomain ntpservice[1223]: [ERROR] ntpservice.go:185 could not update last sync time before update ntp server list
Apr 08 12:08:52 localhost.localdomain ntpservice[1223]: [INFO] ntpservice.go:190 Values passed by the client to the SetNtpServer() method:  ntpServer:"-REMOVED- iburst prefer"
Apr 08 12:08:52 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:260 IsNtpServiceRunning--> true
Apr 08 12:09:02 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:101 Command():  timeout 10 ntpdate -u -REMOVED- -> out:  8 Apr 12:09:02 ntpdate[2614]: step time server -removed- offset 4.095988 sec
Apr 08 12:09:02 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:134 WriteConfiguration: OS date/time is synched successfully
Apr 08 12:09:02 localhost.localdomain ntpservice[1223]: [INFO] ntpconfigurator.go:451 Ntp Last Setting Time: 2025.04.08 12:09:02
Apr 08 12:09:02 localhost.localdomain ntpservice[1223]: [INFO] ntpservice.go:205 SetNtpServer() leave
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 Applied Ntp settings
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 helper::getSwupdateEbgWeVersion: swupdate-ebg-we version:  9999+indedge~100
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 helper::decideProxyURLBasedOnVersion: command:  dpkg --compare-versions 9999+indedge~100 le 9999+indedge~99
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 helper::decideProxyURLBasedOnVersion: returning new backend proxy url:  http://127.0.0.1/iems/api/wfx/v1
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 SWUpdate config file created.
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 SWUpdate service started
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 ApplyConfiguration leave.
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 Unlock is starting...
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 Unlocked
Apr 08 12:09:02 localhost.localdomain onboardservice[1231]: 2025/04/08 12:09:02 Activating device  ...
Apr 08 12:09:02 localhost.localdomain ntpservice[1223]: [INFO] ntpservice.go:210 GetNtpServer() enter
Apr 08 12:09:02 localhost.localdomain ntpservice[1223]: [INFO] ntpservice.go:218 Server list sent to client: ntpServer:"-REMOVED-"
Apr 08 12:09:02 localhost.localdomain ntpservice[1223]: [INFO] ntpservice.go:219 GetNtpServer() leave
Apr 08 12:09:02 localhost.localdomain networkservice[1208]: [INFO] networkservice.go:105 GetAllInterfaces() called
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] network.go:80 Interface found. Name: enp2s0 MAC: -REMOVED-
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:411 ipv4 route metric:  1
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:118 Interface name : enp2s0
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [WARNING] docker.go:70 docker network ls :  <nil>
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:164 map[]
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] network.go:80 Interface found. Name: enp3s0 MAC: -REMOVED-
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:118 Interface name : enp3s0
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [WARNING] docker.go:70 docker network ls :  <nil>
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:164 map[]
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] networkservice.go:112 GetAllInterfaces() done
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] networkservice.go:105 GetAllInterfaces() called
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] network.go:80 Interface found. Name: enp2s0 MAC: -REMOVED-
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:411 ipv4 route metric:  1
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:118 Interface name : enp2s0
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [WARNING] docker.go:70 docker network ls :  <nil>
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:164 map[]
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] network.go:80 Interface found. Name: enp3s0 MAC: -REMOVED-
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:118 Interface name : enp3s0
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [WARNING] docker.go:70 docker network ls :  <nil>
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] utils.go:164 map[]
Apr 08 12:09:03 localhost.localdomain networkservice[1208]: [INFO] networkservice.go:112 GetAllInterfaces() done
Apr 08 12:09:08 localhost.localdomain systemservice[1225]: 2025/04/08 12:09:08 GetFirmwareInfo() enter:
Apr 08 12:09:08 localhost.localdomain systemservice[1225]: 2025/04/08 12:09:08 systeminfo:getMatchingField(), key value:"VARIANT="
Apr 08 12:09:08 localhost.localdomain systemservice[1225]: 2025/04/08 12:09:08 systeminfo:getMatchingField(), value: ied-os-1.12.0-10-amd64
Apr 08 12:09:08 localhost.localdomain systemservice[1225]: 2025/04/08 12:09:08 GetFirmwareInfo() leave

 

CONF-USB log:

2025-04-08 12:08:46,461 CONF-USB-LOG: [INFO   ] Onboard Configuration File Found: /tmp/dev/sdb1/device-e4448524048e422f916f2da25b549664
2025-04-08 12:09:25,750 CONF-USB-LOG: [ERROR  ] FAILED, Reason: 'OnboardWithUSB call is failed with 'StatusCode.INTERNAL' : 'Activation failed: {"errors":[{"code":"edge.checkInternetSettings","message":"Cannot connect to IEM. Please check internet settings, network configuration and retry."}]}

 

answered