Sending Email Results in nResult of -454 - Suspect issue with DNS/Gateway


#1

I have recently added some code downloaded from our community into my strategy.

I am trying to use gmail to send the message but unfortunately something is not working correctly.

When I look up the nResult value it defaults to -454 when the variable is met during my strategy.

Can anyone shed any light on this?

I have tried multiple DNS/gateway settings, downloaded the Equifax root certificate (even if it wasn’t needed) and correctly uploaded it to the controller (I think?).

I have also tried various combinations of the port and ssl/tls settings.

Thanks in advance!

Dan


#2

What controller are you using?


#3

Hi Beno,

We have an R1 controller.

Thanks,
Dan


#4

Some things to try / double check.

1. Put a computer / laptop on the same leg/port/switch as the R1 controller and check you can send an email from there.
2. If so, open a DOS box and do an ipconfig /all This will show you the DHCP and DNS server settings you need for the R1.
3. In PAC Manager. Click on Tools -> Change IP Settings. Put in the current IP and read the settings. Make sure the DHCP and DNS IP addresses match those in your DOS box. Double check them. Put your glasses on and check them again (this was a note to me, not you ;-))
3a. If they don’t match, reassign the same IP address and correct the server settings. Wait for the controller to reboot.
4.1. Make a gmail account just for your controller / control system.
Two reasons for this, 1. You will be using two factor authentication for your main/personal/any gmail account and that’s tough to get working for an application. 2. You really don’t want to dumb down your personal account to get it working with Windows. In the end, you will be able to send TO any email address your notification, but where it comes FROM has to be one step above a throwaway.
4.2. Once you make that gmail account, open an incognito (private) browser tab and log into it that gmail account. Then visit this URL; https://accounts.google.com/DisplayUnlockCaptcha and click on allow access.
What this is doing is allowing an app to send emails to that gmail account.
4.3. Visit this ULR; https://www.google.com/settings/security/lesssecureapps and allow less secure apps. What this is doing is allowing apps with basic authentication to send emails.
5. These two steps above are NOT optional. You must do them to allow an application to send gmail.
6. Use port 587 and smtp.gmail.com as your email server address.

gmail is getting harder and harder to use for IIoT devices. See how you go, but you might want to think about switching over to Yahoo! or Outlook just for your PAC-R1 controller emails.


#5

Thanks Beno,

Could you please give me a little more detail on putting a laptop on the same leg/port/switch as the R1 controller? How do you mean? Just plug into Ethernet port 1 on the R1 controller? If so the PC is already connected directly to the controller as we use it for the display permanently.

When I get the DHCP and DNS server settings is the the gateway and DNS address? Confused between DHCP and gateway?

Sorry I am not that IT savvy and never been able to sort networking issues out…!

Many thanks for your help so far :slight_smile:

I have also set up a yahoo account if that makes things simpler to send emails from?

I believe the IT people have stopped smtp emails from being sent due to spam reasons so is there a way around this?

Best regards,
Dan


#6

Do you currently have two network cables to the R1? One to an HMI computer and one to the company network?

The R1 will not be able to access the internet if only connected to a PC. The R1 will need a direct connection to the company network to access the internet and will need an IP address, subnet mask, gateway address and DNS server address. All these items must be obtained from the IT people - don’t go rouge, they don’t like it. You need to request a static IP address, as the R1 will not use a dynamic IP address from DHCP. Also, if using both network ports on the R1, only one of them should have the gateway and DNS entries filled out (the one that gets the R1 to the internet).

If you want to know what it all means and does:

DHCP - (dynamic host configuration protocol) this is how computers get all these IP addresses automatically from the network (from a DHCP server) so you don’t have to do anything when you plug in your laptop or connect to wifi. This is fine for client computers since they only make requests and don’t act as servers (no one needs to know how to reach them directly) Your controller needs to be reached by the HMI, so it needs a known IP address, so DHCP is not adequate for this purpose (with some exceptions). The Opto controllers don’t support DHCP anyways. Ben mentioned DHCP because if you connect a laptop to the network, by default it will obtain address information from DHCP, and you can most likely safely use the gateway and DNS setttings given by DHCP on your laptop for your R1. You will already need to have an assigned IP address from the IT people - don’t use the IP address that was given to the laptop.

DNS - domain name system - this turns domain names into IP addresses e.g. (smtp.gmail.com -> 74.125.135.108). If you are only using IP addresses, then you don’t need to have DNS configured, but I recommend you use DNS. The address you enter is the IP address of the DNS Server.

Gateway - This address tells the controller where to send network packets that are destined to go off the local network. It is typically the address of the networks router.

The above shows an example of the two network configuration: Ethernet 1 would be the company network with the IP settings obtained from the IT department. Ethernet 2 is a private network for all the brain IO and HMI system. Your addresses will be different, so don’t copy this as it probably won’t work for you.

This is a question for your IT people since they are responsible for securing their network. Most networks will block outbound port 25 (unencrypted SMTP) and allow encrypted/authenticated SMTP like port 465 and 587 - if you are using gmail/yahoo you will be using the encrypted ports so you may be okay. Also, the IT people may be able to setup an e-mail account for the R1 for you to use instead of using gmail or yahoo, so ask them about that as it may be a better option.