Known Issues and Limitations in GENESIS Version 11 Update 5 (11.05)

This topic describes the known issues and limitations in this release.

Common and Platform Services

  • When Windows Update installs a patch for the .NET 10 runtime, it removes the old version. Running services and/or applications are still using the old runtime, since they have the old DLLs loaded in the memory. However, when the user executes an action that requires loading a new DLL, the DLL no longer exists on the disk, and the process crashes. This is an expected behavior of the default configuration of NET Core Updates using the Windows Update, and it is a known issue.

    It can be fixed by setting HKLM\SOFTWARE\Microsoft.NET RemovePreviousVersion to nextSession, but it is up to the user's decision whether or not they want this setting. It affects all .NET 8 applications installed on the machine, not just GENESIS.

FrameWorX

  • All computers in the cluster (default cluster for thick clients) need to use the identical configuration database, in particular cluster and security configuration.

  • Performance counter names are always in English.

  • When setting up Integrated Windows Authentication, both the SPN service class and the UPN settings are ignored. This is a limitation of .NET 10 and is currently unsupported. See the following issues reported on Microsoft's GitHub:

    https://github.com/dotnet/runtime/issues/25320

    https://github.com/dotnet/runtime/issues/107733

GenBroker

  • In GENESIS version 11, GenBroker is now obsolete. Thus, the tag @sim64:\\<RemoteServerName>\ShortRandom(Period[sec],Min,Max,Phase[deg]) value will not work. The only way to get data from remote machines is to use the tag with the FrameWorX connection \\<RemoteServerName>\@sim64:\ShortRandom(Period[sec],Min,Max,Phase[deg]) value.

Global Search

  • Cannot search the full address space when using Global Search.

  • Some root nodes do not provide a context into the Global Search service.

Installation

  • Due to security strengthening, GENESIS services and applications may crash on some versions of Windows 10 IoT Enterprise. It is necessary to have the latest Windows Updates on the operating system, or at least the updates up to January 2025.

  • The version 11 installation does not support removing version 10 installations. Version 10 installations need to be uninstalled manually.

  • The Compatibility Analyzer is a stand-alone utility. It can run on existing GENESIS64 version 10 production systems to highlight possible issues when upgrading to GENESIS version 11. It is not a prerequisite for installing GENESIS version 11, but upgrading customers are strongly encouraged to use it before starting an upgrade.

  • We have tightened operating system requirements because some components, such as GraphWorX, require the latest operating system. All other components inherit that requirement in version 10 installations and allow operating system version requirement customization for advanced cases.

  • WebHMI and WebAPI components are not supported on the Windows 10 MSIX packaging environment operating system that is available in the Hyper-V server Quick Create option.

  • Some installation components (such as the Configure System Utility and FrameWorX), while available for selection, also serve as required prerequisites for other components, and are always installed when their dependent components are selected for installation.

  • If you click the Upgrade button without explicitly selecting a workload and/or components (on the Advanced tab) when performing an upgrade from a previous version 11 setup, the installation will upgrade the already installed setup.

  • If you are upgrading from 11.00 or 11.01 AND you have a Gmail configuration you need to backup C:/ProgramData/ICONICS/11/Gmail.config.xml, IcoEmailOAuth.xml and C:/ProgramData/ICONICS/11/IcoCustomSetup.ini and put them back once the installation is finished before clicking on the Launch button in the installer.

  • If you are upgrading from 11.03 or 11.04 AND you have a Gmail configuration, once the system is upgraded you need to open the email configuration in Workbench > Alarm and Notifications > Alert Notifications > Email Nodes and sign in to authenticate again with the Gmail server.

  • If you are upgrading from 11.02, some menu items under ICONICS Genesis Tools folder will not be removed from the Windows Start menu. They can be safely removed manually

Redundancy

Security Context Synchronization

  • When there is a failover of any HTML5 client, clients that are not connected to the failing node will refresh.

  • We have seen that failover in certain cases takes longer, and points are invalid during that time.

Security

  • The Classic OPC service is disabled by default for security reasons. We recommend only using this component in isolated environments or using the more modern and secure OPC UA protocol wherever possible.

  • When setting up network communications between GENESIS components using Integrated Windows authentication, the Kerberos identity of the server modules is always assumed to be an SPN in the form HTTP/< hostname >. This might cause a problem if the GENESIS server components are configured to run under an account other than Network Service.

  • Web requests that contain the scope parameter no longer work in GENESIS Version 11 Update 2 or later. This is an intentional change, and there is no plan to revert the functionality. To work around this issue, remove the scope parameter from authorization code requests to the token endpoint.

  • To maintain the security (confidentiality, integrity, and availability) of GENESIS against unauthorized access, denial-of-service (DoS) attacks, computer viruses, and other cyberattacks from external devices via the network, take appropriate measures such as firewalls, virtual private networks (VPNs), and antivirus solutions.

  • For information about security vulnerabilities, refer to iconics.com/cert.

Unified Data Manager (UDM)

  • Due to changes in services, UDM should now always run as Out-of-Process.

Alarms and Notifications

Alarm Historian

  • Alarm Historian isn't logging in the correct location when switching between Workbench projects.

    This behavior is by design. The .almi index files have names based on the logger name to make the name more human-readable. This is different from Hyper Historian, where the names are based on the GUID. If you have multiple projects, you should use a unique name for each logger.

    If you need to have loggers with the same name in different projects, then you should specify different locations for storing the index files. You can specify different locations by going to Alarm Historian > Product Configuration > System SettingsData Processing > Storage Index File Directory.

    By default, index files are saved to Program Data\ICONICS\11\AlarmHistorian.

Alert Notifications

  • The account that Alert Sierra runs under has changed to Network_Service. This may require the site to update firewall input or output rules.

Data Connectivity

BACnet

  • There is no utility to migrate old data in version 10 to the new .hhd file format in version 11.

  • When a BACnet configuration is modified on the Property Sheet, Workbench is unable to update the modified configuration from temporary files.

Mitsubishi Electric Factory Automation (FA)

  • Changes to MELSEC tag names in Mitsubishi Electric FA > MELSEC Device > Tag Group require a restart of the Mitsubishi Electric FA Point Manager service to be applied.

Classic OPC

  • Remote Classic OPC connections were possible in previous versions using a stand-alone installation of GenBroker that bridged the communication. However, GenBroker has been removed. Please use the Data Broker workload as a replacement.

    For now, people should use the full GENESIS installation to bridge communication if needed.

  • We have observed that the Kepware Server does not provide alarms and historical data without a proper license. This behavior is likely due to the absence of a valid license, as we observed the same behavior with other clients while other servers behaved correctly.

  • FwxGenClientService is running under LocalSystem.

    This service running under the Local System can be viewed as a potential security risk as it runs with the highest permissions.

    The service is disabled by default because of the security risk. You need to enable the service manually to connect to Classic OPC  servers.

  • Classic OPC XML DA is no longer supported.

OPC UA

  • Point names without the ua: prefix are no longer supported.

  • Writing values of complex data types does not work with some servers.

  • Some OPC UA servers may not be able to communicate with GENESIS Version 11 if a very low publish interval is set in the OPC UA connection configuration. This is due to a limitation of the latest version of the OPC UA stack. When tested with a publish interval of 250 milliseconds, the connection works correctly.

  • Selecting "Read value and Attributes" will not subscribe OPC UA events and they will not be shown in the Alarm Viewer. If you require to receive events please select "Subscribe Value and.."

  • OPC UA connection may not work with some OPC UA server (e.g. uaCpp)

Data Historian

  • The OPC DA/HDA client interface has been removed.

  • The OPC UA client interface is disabled by default and can be enabled from Workbench

GraphWorX

  • Grid controls (Table, Fault Viewer, Asset Navigator) incorrectly render gradient background colors.

  • Trend Viewer configurator has artifacts in the UI when using remote desktop with custom DPI settings.

HTML5 3D Gap Items

The following is a list of gap items. Although the following items are supported on the Desktop, they aren't currently supported in HTML5 3D.

Lights

  • Point light—Constant/quadratic attenuation

  • Spotlight—Constant/quadratic attenuation

Materials

  • Back material

  • Primitives mapping options

  • Diffuse/specular global color

  • Diffuse gradient

Dynamics

  • Color—On specular component of materials; it differs when no start or end color is used. In this case, the specular material component is set to the same value as the diffuse.

Annotations

  • Opacity

  • Angle property

  • Line thickness

Miscellaneous

  • There can be only one 3D viewer in the entire display.

HTML 3D Unsupported Features

The following items are unsupported due to limitations of HTML5 3D.

Lights

  • The ambient light might not have the same effect on the resulting look as in GraphWorX.

  • Even when using only the supported light features, the overall look of the lighting might not be the same as in GraphWorX.

Materials

  • Specular image

  • Specular gradient

  • Ambient color

  • Emissive/specular might have a different effect than in GraphWorX.

  • Even when using only the supported material features, the overall look of the material might not be exactly the same as in GraphWorX.

Dynamics

  • If the PointFailText is one character, the point fail text inside 3D annotations will only write this one character, as opposed to the desktop, where the character repeats a certain number of times.

Annotations

  • The desktop mode type annotations allow putting anything inside them, including free positioning.

Miscellaneous

  • The 3D Viewer is always on top of other objects, and its z-order cannot be changed.

Internet of Things

  • There is no utility to migrate old data logged in IoT Publisher version 10 to the new .hhd file format in version 11.

WebAPI

  • In .NET10, the WebAPI no longer redirects automatically to the login endpoint in the web browser. API calls to /fwxapi/rest/data endpoint for instance will now fail with 401 Unauthorized. Before they would redirect the user to a login page.

    This is a known breaking change in ASP.NET Core in NET10. After NET10 upgrade, the user has to:

    1. open /fwxapi/account/login page in the browser

    2. sign in, get redirected to the IIS default page

    3. open /fwxapi/rest/data?pointName=.... Now the authorization cookie has been set and the call should work

WebHMI Containers

  • When running an on-premises Kubernetes cluster with WebHMI server for a long time (weeks), WebHMI starts throwing this exception:

    Unhandled exception. System.IO.IOException: The configured user limit (128) on the number of inotify instances has been reached, or the per-process limit on the number of open file descriptors has been reached.

    To overcome this issue, you can run the following commands on each Kubernetes node to increase the limits of inotify instances:

    echo "fs.inotify.max_user_instances=512" | sudo tee -a /etc/sysctl.d/99-kubernetes-inotify.conf echo "fs.inotify.max_user_watches=524288" | sudo tee -a /etc/sysctl.d/99-kubernetes-inotify.conf sudo sysctl --system

Workbench

  • There is a validation issue for Name/Unit fields on Temperature sources in an Asset configuration.

  • You cannot use Asset Builder for MELSEC devices—it has been removed.

  • In an OPC UA configuration, all certificates are available, but only certificates with a private key should be used (via the file system).

  • When upgrading a Workbench setup database that is very large, we strongly recommend that you disable Execute the upgrade in a transaction and enable Backup the database before the upgrade instead.