Skip to main content

Controller Setup

To enable data acquisition, the HEIDENHAIN controller must allow remote access from Reniway Edge. This guide describes the controller-side settings commonly needed for HEIDENHAIN DNC connectivity.

Prerequisites

Before connecting to the controller from Reniway Edge, verify these items:

  1. External access allows remote systems to connect to the controller.
  2. DNC access allows Reniway Edge to communicate with the controller through the HEIDENHAIN DNC interface.
  3. HEIDENHAIN DNC Option 18 is active on the controller.
  4. Network reachability is available between Reniway Edge and the controller.

For newer controls such as TNC 320, TNC 620, TNC 640, and TNC 7, secure SSH communication is supported. Configure an SSH user and password on the controller when you enable Secure in the Reniway Edge HEIDENHAIN connector.

TNC 426, TNC 430, and iTNC 530

Configuration steps for older TNC controllers

Enter programming mode

  1. Switch to programming mode.
  2. Press the MOD key.

Enable external access

  1. If a dialog appears, navigate to Machine Settings > External Access.
  2. Verify that the External Access soft key is set to Yes.
  3. If the soft key is missing, make it visible by editing the OEM.SYS file.

Configure the OEM.SYS file

Edit OEM.SYS and verify that this line is present:

REMOTE.LOCKSOFTKEYVISIBLE = YES

You can use HEIDENHAIN TNCREMO to edit the file:

  1. Connect to the controller.
  2. In the Explorer Bar, enter PLC:\.
  3. Enter the PLC access key. The default is often 807667.
  4. Open OEM.SYS, edit it, and transmit it back to the controller.

Check TNC.SYS restrictions

In TNCREMO, browse to TNC:\ and open TNC.SYS.

Look for restrictive entries such as:

REMOTE.PERMISSION = PC2225;PC3547
REMOTE.TNCPASSWORD = KR1402
REMOTE.TNCPRIVATEPATH = TNC:\RK

If REMOTE.TNCPASSWORD exists without REMOTE.TNCPRIVATEPATH, the entire TNC drive is password-protected.

To adjust access:

  1. Comment out problematic lines by prefixing them with a semicolon (;).
  2. For REMOTE.PERMISSION entries, add the DNS hostname of the Reniway Edge device or the PC used for testing.

Troubleshoot common errors

ErrorWhat to check
LOGIN: Area INSPECT Unexpected responseCheck TNC.SYS for remote access restrictions.
LOGIN: Area PLCDEBUG Unexpected responsePLC access is locked.

If PLC password protection is enabled, check OEM.SYS for entries such as:

PLCPASSWORD = MYPLCPASSWORD
REMOTE.PLCPASSWORDNEEDED = YES
REMOTE.PLCPASSWORDFORCED = YES

Record the PLC password for the machine setup record.

Apply changes

  1. After modifying TNC.SYS or OEM.SYS, restart the controller.
  2. Verify that external access is working.

TNC 320, TNC 620, TNC 640, and TNC 7

Configuration steps for newer TNC controllers

Enter programming mode

  1. Switch to programming mode.
  2. Press the MOD key.

Enable external access

External access is often blocked by default. To access the machine from the network, ensure External Access is enabled.

  1. Navigate to Machine Settings > External Access.
  2. Ensure the External Access soft key is set to Yes.
  3. If the soft key is missing, configure access control settings.

Configure access control settings

Some systems need explicit approval for each connection. To allow Reniway Edge to always connect, we can either fully disable access control or permanently approve the connection to Reniway Edge on the control.

  1. Press MOD and select Code-Number Entry.
  2. Enter 95148, or the controller-specific password supplied by the machine builder.
  3. Navigate to CONFIG DATA > System > Network > CfgAccessControl.

Choose one of these approaches:

ApproachConfiguration
Disable access controlPress MORE FUNCTIONS > DELETE, confirm with YES, then press BACK, STORE, and confirm.
Adjust access controlSet denyAllConnections to FALSE and set permissions to Always to avoid manual approval for each connection.

Configure secure connection

Newer DNC models allow for secure communication over secure shell (SSH). When enabled, data exchanged between Reniway Edge and the controller is encrypted.

Use secure SSH communication when the controller and site policy allow it.

Configuration on the TNC7

  1. Select the Start operating mode.
  2. Switch to the Settings application.
  3. In the left column of the application, select Network/Remote Access.
  4. The different categories of operating systems are shown to the right of the column.
  5. Open the dialog by double-clicking DNC.
  6. The DNC settings are displayed on the right.
  7. Select Setup permitted under Secure connections for user xxx.
  8. It is now possible to set up secure connections.

Configuration on other NCK-based controls

Fast access for the current user, starting with version 17:

  1. Select the Machine settings group in the MOD menu.
  2. Select the External access function.
  3. Select Key management on the right under Secure connection.
  4. In the SSH tab, select Allow password authentication.
  5. Press the STORE AND RESTART SERVER NOW soft key.
  6. It is now possible to set up secure connections.

General procedure:

  1. Open the HEROS dialog Settings > Current User or Settings > OEM Function Users.
  2. Select the desired function user once you have selected OEM Function Users, for example oem.
  3. Press the CERTIFICATE AND KEYS soft key.
  4. In the SSH tab, select Allow password authentication. Enable password authentication
  5. Press the STORE AND RESTART SERVER NOW soft key.
  6. It is now possible to set up secure connections.

Reniway Edge configuration

In Reniway Edge, ensure Secure is enabled when creating a new HEIDENHAIN field connector, and enter the same SSH username and password.

Creating a secure connection

Resetting the password authentication

Password authentication is used only to exchange the needed SSH key. When the exchange is completed, it is advised to disable SSH password authentication again.

Resetting the setting on the TNC7

  1. Open the DNC settings as described above
  2. Deactivate Setup permitted

Resetting the setting on other NCK-based controls

  1. Open the SSH tab in the user dialog as described above
  2. Clear the Allow password authentication option
  3. Press the STORE AND RESTART SERVER NOW soft key

Configure non-secure communication

If you intentionally use legacy non-secure communication, enable the controller's non-secure DNC settings:

  1. Navigate to System > Network > CfgDncAllowUnsecur.

    Setting for CfgDncAllowUnsecur

  2. Press MORE FUNCTIONS > INSERT.

  3. Choose storage file PLC:\config\oem.cfg.

    Choosing the oem config file

  4. Change both settings from FALSE to TRUE:

    Choosing the oem config file 
allowUnsecureLsv2 = TRUE
allowUnsecureRpc = TRUE

Press BACK, then STORE, and confirm.

Record configuration details

  1. Note any custom passwords or code numbers used.
  2. Record the controller-specific access code if it differs from the default.
  3. Record whether the Reniway Edge connector should use secure or non-secure communication.

Apply changes

  1. After modifying configuration settings, restart the controller when required.
  2. Verify that external access is working.

Next Steps

After completing the controller setup:

  1. Test connectivity from Reniway Edge or another PC on the same machine network.
  2. Configure the HEIDENHAIN connector in Reniway Edge with the controller IP address, NC type, and secure communication settings.
  3. Validate live data by checking NC state, active program information, overrides, operating times, and alarms.

For machine-specific examples, see the Hermle C 12 U and Hermle C-400 setup guides in this section.