I'm trying to read data from the new SAPHIR counters installed by ENEDIS on different production and consumption sites in France
.
Does anyone have experience working with this kind of technology? I'm trying to manually create the Manufacturer and OBIS Code configuration to access them, but there are some things that I'm not sure how to configure, specially authentication using the "clé client".
I've managed to configure the meter in GXDLMSDirector.
Now I'm having a problem with authentication, but I don't understand where the problem is. The algorithm should be SHA-256, but the message "Connection is premanently rejected. Authentication mechanism name not recognised"
I think I found the correct settings for authentication. The meter seems to respond OK to the request, but a .net error appears at some point "The destination table was not long enough. Check the destindex and the length and the lower limits of the table"
And sometimes, without doing anything in particular (just retrying), I obtain this, followed by an error "Meter returns Service unknown exception. Operation not possible"
I have checked the data that meter returns. It seems that the meter can't handle client challenge.
The first step is working like should be. The second step will fail.
Can you ask what high authentication level meter supports?
I believe that challenge is ciphered using the wrong encryption and for this reason, meter can't establish the connection.
The authentication mechanism used is a HLS (4-phase authentication) mechanism according to document [4], with a SHA-256 encryption algorithm instead of the standard algorithms (MD5 and SHA-1) provided in this document [4]. The client authentication key ("client key" provided by Enedis) is OCTET STRING type 16 bytes. The challenge size used for this authentication phase is between 8 and 64 bytes. The authentication mechanism, as defined by the "authentication_mechanism_name" attribute of the association object, is: OCTET STRING (SIZE (7)) = {0x60, 0x85, 0x74, 0x05, 0x08, 0x02, 0x02} ;
But when I use SHA256 I get "Connection is permanently rejected. Authentication mechanism name not recognised."
In your trace file authentication is High (2), not SHA-256. Change your authentication to HighSha256. If you don't see it, change the manufacturer to Gurux and update other values.
I've managed to configure the
I've managed to configure the meter in GXDLMSDirector.
Now I'm having a problem with authentication, but I don't understand where the problem is. The algorithm should be SHA-256, but the message "Connection is premanently rejected. Authentication mechanism name not recognised"
18:22:06
<HDLC len="22" >
<TargetAddress Value="4010" />
<SourceAddress Value="3" />
<!--SNRM frame.-->
<FrameType Value="93" />
<PDU>
<Snrm>
<MaxInfoTX Value="256" />
<MaxInfoRX Value="256" />
<WindowSizeTX Value="1" />
<WindowSizeRX Value="1" />
</Snrm>
</PDU>
</HDLC>
18:22:06
<HDLC len="22" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<!--UA frame.-->
<FrameType Value="73" />
<PDU>
<Ua>
<MaxInfoTX Value="256" />
<MaxInfoRX Value="256" />
<WindowSizeTX Value="1" />
<WindowSizeRX Value="1" />
</Ua>
</PDU>
</HDLC>
Duration: 301
18:22:06
<HDLC len="4E" >
<TargetAddress Value="4010" />
<SourceAddress Value="3" />
<!--AARQ frame.-->
<FrameType Value="10" />
<PDU>
<AssociationRequest>
<ApplicationContextName Value="LN" />
<SenderACSERequirements Value="1" />
<MechanismName Value="HighSHA256" />
<CallingAuthentication Value="4C5D585F6924523C214C1377673B400E" />
<InitiateRequest>
<ProposedDlmsVersionNumber Value="06" />
<ProposedConformance>
<ConformanceBit Name="Action" />
<ConformanceBit Name="SelectiveAccess" />
<ConformanceBit Name="Set" />
<ConformanceBit Name="Get" />
<ConformanceBit Name="BlockTransferWithSetOrWrite" />
<ConformanceBit Name="BlockTransferWithGetOrRead" />
<ConformanceBit Name="Attribute0SupportedWithGet" />
</ProposedConformance>
<ProposedMaxPduSize Value="0400" />
</InitiateRequest>
</AssociationRequest>
</PDU>
</HDLC>
18:22:06
<HDLC len="51" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<!--AARE frame.-->
<FrameType Value="30" />
<PDU>
<AssociationResponse>
<ApplicationContextName Value="LN" />
<!--PermanentRejected-->
<AssociationResult Value="01" />
<ResultSourceDiagnostic>
<!--AuthenticationMechanismNameNotRecognised-->
<ACSEServiceUser Value="0B" />
</ResultSourceDiagnostic>
<ResponderACSERequirement Value="1" />
<RespondingAuthentication Value="80AA12801080AA12801080AA12801080" />
<InitiateResponse>
<NegotiatedDlmsVersionNumber Value="06" />
<NegotiatedConformance>
<ConformanceBit Name="Action" />
<ConformanceBit Name="SelectiveAccess" />
<ConformanceBit Name="Set" />
<ConformanceBit Name="Get" />
<ConformanceBit Name="BlockTransferWithSetOrWrite" />
<ConformanceBit Name="BlockTransferWithGetOrRead" />
<ConformanceBit Name="Attribute0SupportedWithGet" />
</NegotiatedConformance>
<NegotiatedMaxPduSize Value="0400" />
<VaaName Value="0007" />
</InitiateResponse>
</AssociationResponse>
</PDU>
</HDLC>
Duration: 435
18:22:07
<HDLC len="C" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<!--UA frame.-->
<FrameType Value="73" />
<Ua>
</Ua>
</HDLC>
Duration: 199
I think I found the correct
I think I found the correct settings for authentication. The meter seems to respond OK to the request, but a .net error appears at some point "The destination table was not long enough. Check the destindex and the length and the lower limits of the table"
Here is the log:
14:15:03
<HDLC len="22" >
<TargetAddress Value="4010" />
<SourceAddress Value="3" />
<!--SNRM frame.-->
<FrameType Value="93" />
<PDU>
<Snrm>
<MaxInfoTX Value="256" />
<MaxInfoRX Value="256" />
<WindowSizeTX Value="1" />
<WindowSizeRX Value="1" />
</Snrm>
</PDU>
</HDLC>
14:15:03
<HDLC len="22" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<!--UA frame.-->
<FrameType Value="73" />
<PDU>
<Ua>
<MaxInfoTX Value="256" />
<MaxInfoRX Value="256" />
<WindowSizeTX Value="1" />
<WindowSizeRX Value="1" />
</Ua>
</PDU>
</HDLC>
Duration: 295
14:15:03
<HDLC len="4E" >
<TargetAddress Value="4010" />
<SourceAddress Value="3" />
<!--AARQ frame.-->
<FrameType Value="10" />
<PDU>
<AssociationRequest>
<ApplicationContextName Value="LN" />
<SenderACSERequirements Value="1" />
<MechanismName Value="High" />
<CallingAuthentication Value="4963581E274E0C3079170024142C671C" />
<InitiateRequest>
<ProposedDlmsVersionNumber Value="06" />
<ProposedConformance>
<ConformanceBit Name="Action" />
<ConformanceBit Name="SelectiveAccess" />
<ConformanceBit Name="Set" />
<ConformanceBit Name="Get" />
<ConformanceBit Name="BlockTransferWithSetOrWrite" />
<ConformanceBit Name="BlockTransferWithGetOrRead" />
<ConformanceBit Name="Attribute0SupportedWithGet" />
</ProposedConformance>
<ProposedMaxPduSize Value="0400" />
</InitiateRequest>
</AssociationRequest>
</PDU>
</HDLC>
14:15:04
<HDLC len="74" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<!--AARE frame.-->
<FrameType Value="30" />
<PDU>
<AssociationResponse>
<ApplicationContextName Value="LN" />
<AssociationResult Value="00" />
<ResultSourceDiagnostic>
<!--AuthenticationRequired-->
<ACSEServiceUser Value="0E" />
</ResultSourceDiagnostic>
<ResponderACSERequirement Value="1" />
<MechanismName Value="High" />
<RespondingAuthentication Value="FD5722C605E0135087EA258FA0775EBBD9C9EF7CA1A0CE16D0EFE4FAFA67B0F9BDC9B8C2AACA1333AE2F" />
<InitiateResponse>
<NegotiatedDlmsVersionNumber Value="06" />
<NegotiatedConformance>
<ConformanceBit Name="Action" />
<ConformanceBit Name="SelectiveAccess" />
<ConformanceBit Name="Set" />
<ConformanceBit Name="Get" />
<ConformanceBit Name="BlockTransferWithSetOrWrite" />
<ConformanceBit Name="BlockTransferWithGetOrRead" />
<ConformanceBit Name="Attribute0SupportedWithGet" />
</NegotiatedConformance>
<NegotiatedMaxPduSize Value="0400" />
<VaaName Value="0007" />
</InitiateResponse>
</AssociationResponse>
</PDU>
</HDLC>
Duration: 570
And sometimes, without doing
And sometimes, without doing anything in particular (just retrying), I obtain this, followed by an error "Meter returns Service unknown exception. Operation not possible"
14:37:26
<HDLC len="22" >
<TargetAddress Value="4010" />
<SourceAddress Value="3" />
<!--SNRM frame.-->
<FrameType Value="93" />
<PDU>
<Snrm>
<MaxInfoTX Value="256" />
<MaxInfoRX Value="256" />
<WindowSizeTX Value="1" />
<WindowSizeRX Value="1" />
</Snrm>
</PDU>
</HDLC>
14:37:27
<HDLC len="22" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<!--UA frame.-->
<FrameType Value="73" />
<PDU>
<Ua>
<MaxInfoTX Value="256" />
<MaxInfoRX Value="256" />
<WindowSizeTX Value="1" />
<WindowSizeRX Value="1" />
</Ua>
</PDU>
</HDLC>
Duration: 309
14:37:27
<HDLC len="4E" >
<TargetAddress Value="4010" />
<SourceAddress Value="3" />
<!--AARQ frame.-->
<FrameType Value="10" />
<PDU>
<AssociationRequest>
<ApplicationContextName Value="LN" />
<SenderACSERequirements Value="1" />
<MechanismName Value="High" />
<CallingAuthentication Value="4B33006C04202018025E230239401129" />
<InitiateRequest>
<ProposedDlmsVersionNumber Value="06" />
<ProposedConformance>
<ConformanceBit Name="Action" />
<ConformanceBit Name="SelectiveAccess" />
<ConformanceBit Name="Set" />
<ConformanceBit Name="Get" />
<ConformanceBit Name="BlockTransferWithSetOrWrite" />
<ConformanceBit Name="BlockTransferWithGetOrRead" />
<ConformanceBit Name="Attribute0SupportedWithGet" />
</ProposedConformance>
<ProposedMaxPduSize Value="0400" />
</InitiateRequest>
</AssociationRequest>
</PDU>
</HDLC>
14:37:27
<HDLC len="57" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<!--AARE frame.-->
<FrameType Value="30" />
<PDU>
<AssociationResponse>
<ApplicationContextName Value="LN" />
<AssociationResult Value="00" />
<ResultSourceDiagnostic>
<!--AuthenticationRequired-->
<ACSEServiceUser Value="0E" />
</ResultSourceDiagnostic>
<ResponderACSERequirement Value="1" />
<MechanismName Value="High" />
<RespondingAuthentication Value="61F1E550779F7C7D6E4BF999A7" />
<InitiateResponse>
<NegotiatedDlmsVersionNumber Value="06" />
<NegotiatedConformance>
<ConformanceBit Name="Action" />
<ConformanceBit Name="SelectiveAccess" />
<ConformanceBit Name="Set" />
<ConformanceBit Name="Get" />
<ConformanceBit Name="BlockTransferWithSetOrWrite" />
<ConformanceBit Name="BlockTransferWithGetOrRead" />
<ConformanceBit Name="Attribute0SupportedWithGet" />
</NegotiatedConformance>
<NegotiatedMaxPduSize Value="0400" />
<VaaName Value="0007" />
</InitiateResponse>
</AssociationResponse>
</PDU>
</HDLC>
Duration: 468
14:37:27
<HDLC len="2D" >
<TargetAddress Value="4010" />
<SourceAddress Value="3" />
<FrameType Value="32" />
<PDU>
<ActionRequest>
<ActionRequestNormal>
<InvokeIdAndPriority Value="C1" />
<MethodDescriptor>
<!--AssociationLogicalName-->
<ClassId Value="000F" />
<!--0.0.40.0.0.255-->
<InstanceId Value="0000280000FF" />
<MethodId Value="01" />
</MethodDescriptor>
<MethodInvocationParameters>
<OctetString Value="733E7552ABF67EA9F111893705A1F0F7" />
</MethodInvocationParameters>
</ActionRequestNormal>
</ActionRequest>
</PDU>
</HDLC>
14:37:28
<HDLC len="11" >
<TargetAddress Value="3" />
<SourceAddress Value="4010" />
<FrameType Value="52" />
<PDU>
<Data="0201" />
</PDU>
</HDLC>
Duration: 291
Hi,
Hi,
Can you generate those errors and send the log file to me by email?
I'll check what meter is returning by bytes and is there anything that we can improve or is meter data simply invalid.
You can get my email address here:
https://www.gurux.fi/AboutUs
BR,
Mikko
Hello, which is the log file
Hello, which is the log file you need?
Hi,
Hi,
Read your meter. Then in GXDLMSDirector select "View" | "Log" | "View Log". Can you send this file to me by email?
BR,
Mikko
Hi,
Hi,
I have checked the data that meter returns. It seems that the meter can't handle client challenge.
The first step is working like should be. The second step will fail.
Can you ask what high authentication level meter supports?
I believe that challenge is ciphered using the wrong encryption and for this reason, meter can't establish the connection.
BR,
Mikko
The meter specification
The meter specification indicates the following:
The authentication mechanism used is a HLS (4-phase authentication) mechanism according to document [4], with a SHA-256 encryption algorithm instead of the standard algorithms (MD5 and SHA-1) provided in this document [4]. The client authentication key ("client key" provided by Enedis) is OCTET STRING type 16 bytes. The challenge size used for this authentication phase is between 8 and 64 bytes. The authentication mechanism, as defined by the "authentication_mechanism_name" attribute of the association object, is: OCTET STRING (SIZE (7)) = {0x60, 0x85, 0x74, 0x05, 0x08, 0x02, 0x02} ;
But when I use SHA256 I get "Connection is permanently rejected. Authentication mechanism name not recognised."
Hi,
Hi,
In your trace file authentication is High (2), not SHA-256. Change your authentication to HighSha256. If you don't see it, change the manufacturer to Gurux and update other values.
BR,
Mikko