How to Configure an OPC UA Server in Kepware: A Step-by-Step Guide

Kepware KEPServerEX is one of the most widely deployed OPC connectivity platforms in industrial automation. Its built-in OPC UA server capability allows engineers to expose data from hundreds of device types to any OPC UA-compliant client. This tutorial walks you through the complete configuration process — from initial setup to verifying client connectivity.

Prerequisites

  • KEPServerEX installed (version 6.x recommended)
  • Administrative rights on the Windows machine
  • An OPC UA client for testing (e.g., UaExpert by Unified Automation — free download)
  • Basic familiarity with your target PLC or device protocol

Step 1: Enable the OPC UA Interface in KEPServerEX

By default, the OPC UA server interface may not be enabled. To activate it:

  1. Open the KEPServerEX Configuration application
  2. Navigate to Project > Properties (or right-click on the project in the tree)
  3. Select the OPC UA tab
  4. Ensure "Enable UA Server Interface" is checked
  5. Note the default endpoint URL, typically: opc.tcp://[hostname]:49320
  6. Click OK and restart the KEPServerEX runtime service if prompted

Step 2: Create a Channel

A Channel in Kepware represents a communication path to a group of devices — it defines the driver and network settings.

  1. In the Configuration tree, right-click Connectivity and select New Channel
  2. Select your driver (e.g., Allen-Bradley ControlLogix Ethernet, Modbus TCP/IP, or Siemens TCP/IP Ethernet)
  3. Configure network interface and adapter settings as required by the driver
  4. Click through the wizard and finish

Step 3: Add a Device

Under your new channel, add the target device:

  1. Right-click the channel and select New Device
  2. Enter a device name (use meaningful names — these appear in the OPC UA address space)
  3. Enter the device's IP address or network identifier
  4. Configure driver-specific settings such as slot number, rack, or unit ID
  5. Set the scan rate (how often Kepware polls the device for data)
  6. Complete the wizard

Step 4: Define Tags

Tags are the individual data points you want to expose. You can add them manually or use automatic tag generation:

  • Auto-discovery: Right-click the device and choose Auto Create Tags (available for many drivers). Kepware will browse the device and create tags automatically.
  • Manual: Right-click the device, select New Tag, and specify the address (e.g., N7:0 for SLC 500, Program:MainProgram.MyDINT for ControlLogix), data type, and access (Read/Write).

Organize tags into Tag Groups to create a logical folder structure, which will be reflected in the OPC UA address space hierarchy.

Step 5: Configure OPC UA Security

For production environments, configure message security:

  1. Go to Project > Properties > OPC UA
  2. Set the Security Policy to Basic256Sha256 or higher
  3. Set the Message Mode to SignAndEncrypt
  4. Generate or import a server certificate via Tools > Manage Security

Note: For initial testing on a trusted network, you may use "None" security to verify connectivity before hardening.

Step 6: Test with UaExpert

  1. Open UaExpert and click Add Server
  2. Enter the endpoint URL: opc.tcp://[server-ip]:49320
  3. Accept the server certificate when prompted
  4. Browse the address space — your channels, devices, and tags should appear under the server node
  5. Drag tags into the Data Access View to monitor live values

Troubleshooting Tips

  • Connection refused: Check Windows Firewall — open port 49320 for inbound TCP
  • Bad quality tags: Verify device IP connectivity and driver configuration
  • Certificate errors: Trust the server certificate in UaExpert's certificate manager
  • No tags visible: Confirm the OPC UA interface is enabled and the runtime is running

With your OPC UA server configured and verified, you can now connect any compliant OPC UA client — whether it's a SCADA package, historian, or cloud gateway — to the live process data in KEPServerEX.