Configuration Notes:
If the CPU recognizes an asynchronous or synchronous error during the cyclical run (e.g. diagnostics alarm of a DP slave or PROFINET I/O device, station failure, etc.), it calls an appropriate organization block (OB). Users thus have the option of responding to this event.
The following OBs have to be loaded in the CPU to ensure that they can be called by the CPU's operating system if an asynchronous or synchronous error occurs.
OB no.
Explanation
OB called
if
Error
category
Call upon
incoming event
Call upon
outgoing event
82
Diagnostics alarm
A diagnostics-compatible module, for which you have enabled the diagnostics alarm, detects an error and when the error is cleared
(e.g. a short circuit in the input module).
Asynchronous error
Yes
Yes
83
Remove/plug alarm1)
A module in the central or expansion devices is removed and plugged in (e.g. an input module is removed).
Asynchronous error
Yes
Yes
85
Program
cycle error
- A start event for an Alarm OB is present, but the OB cannot be executed because it has not been loaded into the CPU
- An error has occurred when accessing the instance DB of a system function block.
- An error has occurred when updating the process image (module missing or defective).
Asynchronous error
Configuration-specific
Configuration-specific
86
Module rack
failure
Failure of a DP slave in a PROFIBUS DP master system or of an IO device in the PROFINET IO system.
Asynchronous error
Yes
Yes
121
Programming
error
A programming error has occurred (e.g. called block is not loaded).
Synchronous error
Yes
No
122
IO access
error
An attempt is made to access a non-existent signal module.
Synchronous error
Yes
No
1) In the S7-300 CPU, there is no remove/plug alarm when removing/plugging in modules that are used on the PROFIBUS DP, like removing a DP slave module (exception: CPU 318-2). Depending on the DP slave used, the complete DP slave fails, which leads to OB86 "Subrack failure" being called, or standard diagnostics are performed, which leads to OB82 "Diagnostics alarm" being called.
In the S7-300 CPU, there is a remove/plug alarm only when removing/plugging in modules that are used on the PROFINET IO (e.g. removing an IO device).
If the above-mentioned organization blocks are not loaded in the CPU, the CPU switches to the "STOP" mode after attempting to call them.
Warning: If you use the error OBs, then error handling should be programmed for reliable and error-free plant operation or at least a message should be generated in case of an error. Please take into account that the CPU might no longer go into "STOP" and thus dangerous plant statuses might remain unnoticed.
Detailed information on programming the error OBs is available in the STEP 7 Online Help or in the manual "System Software for S7-300/400 System and Standard Functions" in Entry ID: 1214574.
Further information and notes: The diagnostics buffer of the CPU contains more information and notes about which organization block the CPU has called.
More detailed information on individual error OBs is also available in the STEP 7 Online Help under the following keywords:
"Diagnostics > Measures in the program for error handling"
"Calling reference data (LAD/FBD/STL, blocks ...) > Language description, block help, system attributes > Help on OBs"
"Error OBs"
"Settings for reporting system errors"
The following entry tells you which organization blocks do you need for error handling in the S7 program of the CPU: 11499205.
How can you recognize whether an I/O access error occurs several times from the error code in the OB122?
Description: The evaluation of I/O access errors has been changed in the SIMATIC S7-400 series CPU generation. Now, no difference is made with regard to the memory area (I/O area / process image). This also means that it is now no longer possible to have information about I/O access errors that occur multiple times (error codes B#16#44 and B#16#45).
All I/O access errors are imaged on error codes B#16#42 and B#16#43. It is therefore no longer possible to count the number of I/O access errors based on the error code in OB 122.
The change is valid for the following releases and higher:
QUESTION:
Why isn't the OB81 called although the battery is empty or has been taken out?
ANSWER:
You are using an S7-400. You have taken out the battery or it is empty, but the OB81 is not called.
Background:
In the S7-400 the OB81 is called in the case of battery failure only if the battery check is activated with the BATT.INDIC switch. If you want to change the battery, it is best to set the BATT.INDIC switch purposely to OFF, in order to suppress the calling of an OB81 in this case.
The event "At least one backup battery of central controller is empty" (16#21, BATTF) is only active when one of the batteries fails (in the case of redundant backup batteries). Now, if the other battery fails too, the event does not occur again. Only a complete failure of the backup batteries leads to OB81 with the event "Backup power supply of central controller empty/removed" (16#22, BAF).
Which organization blocks do you need for error handling?
Description
The S7-CPU modules are able to recognize the following types of error:
Synchronous errors
These errors are triggered by a specific operation during processing and can be assigned to a specific part of the user program.
Asynchronous errors
These errors cannot be assigned directly to the processing user program. These are priority class errors or errors in the automation system (module defects) or redundancy errors.
The table below gives you an overview of the organization blocks (OBs) that are called and processed when asynchronous and synchronous errors occur. If the relevant OB is not loaded, the CPU goes into the STOP state (exceptions: OBs 70, 72, 73 and 81).
Which error OBs are enabled in your CPU and which you can thus insert in a STEP 7 project is given in the Properties of your CPU in the "Interrupts" tab.
Fig. 01
The Hardware Configuration provides a convenient alternative to manually incorporating error OBs via the menu command "Options > Report System Error...".
Note on using error OBs
You should program error handling for reliable and error-free plant operation or at least program that a message is generated in case of an error, because you must take into account that the CPU might no longer go into "STOP" and thus dangerous plant statuses might remain unnoticed.
Notes
OB 70 and OB 72 are supported only by H CPUs.
OB 73 is available only for CPU 417-4H V2.0.X.
More information about individual error OBs is available in the STEP 7 Online Help under
"Change in the error evaluation in the OB 122 with series 400 CPUs" - Entry ID: 5708202.
Keyword "Generated error OBs".
Keyword "Settings for reporting system errors".
The following entry gives you information about which OBs have to be loaded in the CPU to ensure that the CPU does not go into the "STOP" status when a remote IO fails: 19350076.
Example of a power supply failure
The operating system of the CPU calls the OB81 when an event occurs that is triggered by a power supply failure (only in S7-400) or buffering fault. After clearing the error the OB81 is called again. If there is a battery fault in the S7-400 the OB81 is called only if battery checking is activated with the BATT.INDIC switch. If OB 81 is not programmed, the CPU does not go into STOP mode. If the OB81 is not available, the CPU continues running if there is a power supply failure.
In the sample program the temporary variable "OB81_FLT_ID" from OB81 is evaluated to determine a battery failure. In this example the variable has the error code "22hex". If the condition is fulfilled in a comparative query (battery failure), the marker M81.1 is addressed. Two event classes can be recognized with the "OB81_EV_CLASS" variable:
B#16#39: incoming event, battery has failed.
B#16#38: outgoing event, battery failure has been cleared.
Evaluation of these variables sets and resets the marker M81.0.
Fig. 02
The marker M81.0 is set if the markers M81.1 and M81.2 have the signal status "TRUE" (in the case of power failure and incoming event). The marker M81.0 is reset when the query of the ID is an outgoing event. The example described above is for the case when the battery failure occurs when the CPU is running. If the battery failure occurs in the STOP operating mode, the incoming event (call of OB81) is triggered only when the CPU goes into RUN mode again. If the power supply is switched off, the incoming event (battery failure) is not triggered.
Further information Detailed information about programming the error OBs is also available in the STEP 7 Online Help or in the manual "System Software for S7-300/400 System and Standard Functions" in Entry ID: 1214574.
Description You can use SFC51 "RDSYSST" to read out SSL parts lists or excerpts of SSL parts lists of a CPU . The configuration below has been created in the example attached.
Fig. 01
In the user program (OB1), you use SFC51 "RDSYSST" to read out the system status list of the CPU.
When you call SFC51 "RDSYSST", by means of the input parameter SSL_ID you specify which system status list you want to read out. In this way you can read out the following data, for example:
Module identifications.
Status of the module LEDs.
Status of the stations of a DP master system or PROFINET IO system that is connected to the integrated DP or Industrial Ethernet interface of a CPU.
There is information available about all the SSL IDs in the manual entitled "System Software for S7-300/400 System and Standard Functions" in Entry ID 1214574.
When you call SFC 51 "RDSYSST", at the INDEX input parameter you specify the number of the PROFIBUS DP master system or of the PROFINET IO system in HEX format. The number of the PROFIBUS DP master system or of the PROFINET IO system can be found in the Hardware Configuration (see Fig. 01).
Parameterization of the SFC51 "RDSYSST" differs according to the CPU used:
Sample parameterization for SFC51 "RDSYSST" in a PN/DP CPU
Fig. 02
Enter SSL_ID=694(hex) to determine the status of the stations of a DP master system or PROFINET IO system connected to a PN/DP CPU. You specify the memory area where the data of the system status list read out (diagnostics data) is to be stored. The memory area of diagnostics data is 258 bytes.
The length of 258 bytes is derived from the structure of Table 01.
Contents
Length
Meaning
index
1 word
0: Central module
1-31: remote module on the PROFIBUS DP master system
100-115: remote module on the PROFINET IO system
status_0
BOOL
Group information
1: at least one of the following status bits has the value 1
0: all the following status bits have the value 0
status_1
BOOL
Status of Station 1
1: Station 1 failed (valid only for 694)
status_2
BOOL
Status of Station 2
1: Station 2 failed (valid only for 694)
...
status_2047
BOOL
Status of Station 2047
1: Station 2047 failed (valid only for 694)
Table 01
You can determine the status of a maximum of 2047 stations. 1 bit is required for each station in the memory area of the diagnostics data. Furthermore, another 1 bit is required for the group information, which means in the memory area of the diagnostics data you need 256 bytes for the status information of each station and 2 bytes for the index (information on the PROFIBUS DP master system or PROFINET IO system).
The following sample program contains a complete hardware configuration of an S7 station with the call of SFC51 "RDSYSST" in the user program.
Sample parameterization for SFC51 "RDSYSST" in a CPU without integrated Industrial Ethernet interface
Fig. 03
Enter SSL_ID=692(hex) to determine the status of the stations of a DP master system that is connected to the integrated DP of a CPU without Industrial Ethernet interface. You specify the memory area where the data of the system status list read out (diagnostics data) is to be stored. The memory area of diagnostics data is 16 bytes.
The length of 16 bytes is derived from the structure of Table 02.
Contents
Length
Meaning
status_0
1 byte
Bit 0: base units (INDEX=0) or Station 1
Bit 1: expansion device or Station 2
...
Bit 7: expansion device or Station 8
status_1
1 byte
Bit 0: expansion device or Station 9
Bit 1: expansion device or Station 10
...
Bit 7: expansion device or Station 16
status_2
1 byte
Bit 0: expansion device or Station 17
Bit 1: expansion device or Station 18
...
Bit 7: expansion device or Station 24
status_3
1 byte
Bit 0: expansion device or Station 25
Bit 1: expansion device or Station 26
...
Bit 6: expansion device in the S5 area or Station 31
Bit 7: expansion device in the S5 area or Station 32
...
status_15
1 byte
Bit 0: expansion device in the S5 area or Station 121
Bit 1: expansion device in the S5 area or Station 122
...
Bit 7: expansion device in the S5 area or Station 128
Table 02
You can determine the status of a maximum of 128 stations. For each station, 1 bit is required in the memory area of the diagnostics data, which means in the memory area of the diagnostics data you need 16 bytes for the status information of each station.
The following sample program contains a complete hardware configuration of an S7 station with the call of SFC51 "RDSYSST" in the user program.
The sample programs have been created with STEP 7 V5.4 SP4. Copy the SSL_Status_PNDP.zip or SSL_Status_DP.zip file into a separate directory and then dearchive it in STEP 7. The STEP 7 project is then unpacked with all its subdirectories. You can then use the SIMATIC Manager to process the unpacked STEP 7 project.
Capturing module and diagnostics data of the automation system
Contents When using a PLC, you often need information during operation about events and their causes.
These instructions show how you can read out module and diagnostics data from the SIMATIC controllers S7-300 and S7-400.
QUESTION: Why does the CPU goes into STOP when I run ONLINE functions
with my PG or PC via PROFIBUS?
ANSWER:
The CPU goes into STOP possibly for the following reasons:
You attempt to go online with your PG or PC. However you have
not configured your PG or PC in your project. Now, as soon as the
PG or PC becomes active (i.e. is included in the Token Ring), the
bus cycles are increased, which leads to STOP.
Another reason might be that a great amount of diagnostics data
is requested via ONLINE functions, which the increases CPU cycle
time beyond the parameterized limit. A remedy in this case would be
to change the parameters of the CPU from "Test mode" to
"Process mode". However, in this case not all the diagnostics
options will be available.
You should also make sure that the bus parameters of your PC/PG
are identical to those of the PROFIBUS network. In order to be able
to compare these you must first determine which bus parameters are
set for the PROFIBUS network. Please proceed as follows:
1. Open the project and the hardware configuration.
2. Double-click the PROFIBUS master system.
3. Then click "Properties...".
4. In the window that opens select the "Network settings" tab.
5. Click "Bus parameters...".
Now you can see the settings of the bus parameters for the PROFIBUS
network.
The bus parameters must also be set in your PG. Please proceed as
follows to view and change the parameters of your PG:
1. Open the Control Panel via "Start > Settings".
2. Double-click "Set PG/PC interface".
3. In the window that opens click "Properties...".
4. Under "Network reference" set "User-defined" for
the profile.
5. Click "Bus parameters...".
6. Set the same bus parameters as for the PROFIBUS network.
Keywords: STOP state
Why after power off/on or after return of a DP standard slave does the EXTF LED on the CPU 300/400 remain on and doesn't go out?
Description:
Upon station return of a standard slave the CPU receives a
diagnostics message from the standard slave. Now the CPU makes a
diagnostics buffer entry from the diagnostics message and switches
off the EXTF LED again.
If the message consists only of 6 bytes (in compliance with
standard), the diagnostics message of the returning slave is not
accepted by the CPU. In this case the CPU only makes a diagnostics
buffer entry, but doesn't switch off the EXTF LED again.
Communications with the slave are normal.
The problem described occurs with the following
modules:
S7-300, CPU 318-2DP, operating system
V3.0.0
S7-400, all CPUs with operating system
V3.0.0 (therefore concerns all CPUs except CPU 413)
S7-400H, CPU 417-4HL00 with V2.1.3 and CPU
417-4HL01 with V3.0.0
Remedy:
As from firmware V3.0.1. (V2.1.4 with CPU 417-4HL00) the problem
is cleared. Do a firmware update. In the following Entry IDs you
will find the appropriate firmware and a description of how to do
the update.
Description In the Start data (local data) of the Startup OBs OB100, OB101 and OB102 there is the variable OB10x_STOP (x = 0,1,2). It contains the event ID of the last stop cause from the diagnostics buffer. With the SIMATIC S7-400 CPUs this variable can still be read after an overall reset.
With the SIMATIC S7-300 CPUs the OB100_STOP variable is no longer occupied after an overall reset.
Note A list of possible event IDs is available in the reference manual "System Software for S7-300/400 System and Standard Functions", section 34.5 "Event Class 4 - Stop Events and Other Mode Changes" in Entry ID 1214574.
Why won't the IM and/or the CP with a CPU S7-400 go into RUN mode when the event ID 530D appears in the diagnostics buffer?
Description: An error message is recorded in the diagnostics buffer with the event ID 530D if the SDB is precisely 10,000 bytes long.
Remedy: If the SDB is precisely 10,000 bytes long, adopt the following procedure:
Go to the HW Config in Tools > Settings and enable Save object names in the PLC. This makes SDBs about 500 bytes longer.
Fig. 01
When you check the length of the connection SDB, you will observe the behavior indicated above at precisely a length of 10,000 bytes. If the SDB is shorter or longer than 10,000, this behavior will not occur. After compiling the hardware configuration in STEP7, select the SDB container and check whether any of the SDBs are 10,000 bytes in length.
Valid for the following CPUs:
CPU
Order number
Firmware version
CPU 412
CPU 412-1
6ES7 412-1XF03-0AB0
V3.x.y
CPU 412-1
6ES7 412-1XF04-0AB0
V4.x.y
CPU 412-2
6ES7 412-2XG04-0AB0
V4.x.y
CPU 414
CPU 414-2
6ES7 414-2XG03-0AB0
V3.x.y
CPU 414-2
6ES7 414-2XG04-0AB0
V4.x.y
CPU 414-3
6ES7 414-3XJ03-0AB0
V3.x.y
CPU 414-3
6ES7 414-3XJ04-0AB0
V4.x.y
CPU414-4H
6ES7 414-4HJ00-0AB0
V3.x.y
CPU414-4H
6ES7 414-4HJ04-0AB0
bis V4.0.6
CPU 416
CPU 416-2
6ES7 416-2XK02-0AB0
V3.x.y
CPU 416-2
6ES7 416-2XK04-0AB0
V4.x.y
CPU 416-2F
6ES7 416-2FK02-0AB0
V3.x.y
CPU 416-2F
6ES7 416-2FK04-0AB0
V4.x.y
CPU 416-3
6ES7 416-3XL00-0AB0
V3.x.y
CPU 416-3
6ES7 416-3XL04-0AB0
V4.x.y
CPU 417
CPU 417-4
6ES7 417-4XL00-0AB0
V3.x.y
CPU 417-4
6ES7 417-4XL04-0AB0
V4.x.y
CPU 417-4H
6ES7 417-4HL01-0AB0
V3.x.y
CPU 417-4H
6ES7 417-4HL04-0AB0
up to V4.0.6
Why does the CPU remain in STOP after voltage recovery following complete loss of voltage for the entire system?
Description:
An entire system consisting of DP master S7-400 and slaves is deprived of voltage via a master switch. Through the CPU's internal voltage buffer the CPU normally continues to run about another 50ms to 100ms and in this phase recognizes the failure of the slaves connected. Depending on the power supply unit used the voltage buffer can be a lot longer (up to 500ms). Because of the missing slaves the CPU goes into STOP if no OB86 or OB122 has been programmed.
Remedy: You must program OB86 and OB122 (and if necessary OB82). You must start a timer there. The timer value must be greater than the duration of the CPU's voltage buffer (i.e. > 100ms as a guideline value). You must determine this value by making appropriate tests.
The timer is then checked in the cyclic program. If the timer expires, then a slave has failed in regular operation and the CPU responds as you have programmed it to. It goes into STOP because of the STOP command, for example.
The timer is also started when the master switched is switched off. If you have chosen the right time value, it cannot expire because the CPU also is without operating voltage shortly after the slaves. The CPU (central controller) is therefore deprived of voltage in RUN mode and upon voltage recovery also starts up in that operating mode.
Notes:
If you have chosen "Restart at Power On" as the start type (as opposed to "Restart"), you should reset the timer in the corresponding start OB so that its expiry after the CPU's restart doesn't trigger an unwanted program reaction.
Please note that in the case of long voltage buffering, other errors like station failure, I/O failure, time errors, exceeding of cycle time, buffer overflow etc. might occur, which do lead to the CPU going into STOP if they cannot be intercepted by program. Keep these error OBs as short as possible and if necessary extend the maximum cycle time.
What should you watch out for when using the blocks SFC 17 "ALARM_SQ", SFC 18 "ALARM_S", SFC 107 "ALARM_DQ" and SFC 108 "ALARM_D"?
Description: If you use one of the following
blocks
SFC 17 "ALARM_SQ"
SFC 18 "ALARM_S"
SFC 107 "ALARM_DQ"
SFC 108 "ALARM_D"
and you attach an associated value (parameter SD) with BOOL or
an odd number of BYTE or CHAR, an error might occur. The error ID
4535 1224 000 000 is entered in the diagnostics buffer.
Proceed as follows to to read out the diagnostics buffer when an
error occurs:
Set the CPU's operating mode switch to STOP.
Switch the Standby switch on the power supply module to OFF (0
V) and then back again to ON (rated voltage). The CPU then
automatically does an overall reset whereby the contents of the
diagnostics buffer are retained.
Remedy:
Increase the number of BYTE or CHAR in the associated value to
make it an even number. Use WORD, for example, instead of BOOL or
another format from the list given below.
You use an associated value when you want to deliver a measured
value with an alarm, for example, which indicates the temperature,
pressure or similar in the system at the time of the alarm. The
following formats are valid without restriction for the associated
value:
WORD
INT
DWORD
DINT
REAL
DATE
TOD
TIME
S5TIME
DATE_AND_TIME
Valid for the following CPUs:
CPU
Order
number
Firmware
version
CPU 412-1
6ES7 412-1XF04-0AB0
CPU 412-2
6ES7 412-2XG04-0AB0
CPU 414-2
6ES7 414-2XG04-0AB0
CPU 414-3
6ES7 414-3XJ04-0AB0
CPU 414-4H
6ES7 414-4HJ04-0AB0
up to V4.0.4
CPU 416-2
6ES7 416-2XK04-0AB0
CPU 416-2F
6ES7 416-2FK04-0AB0
CPU 416-3
6ES7 416-3XL04-0AB0
CPU 417-4
6ES7 417-4XL04-0AB0
CPU 417-4H
6ES7 417-4HL04-0AB0
up to V4.0.4
What should you watch out for when you use the SFC20 "BLKMOV", SFC81 "UBLKMOV" or SFC21 "FILL" blocks?
The source and target fields must be the same size and may not
overlap.
If the specified target field is larger than the source field,
the amount of data copied to the target field is limited to the
amount available in the source field.
If the specified target field is smaller than the source field,
the amount of data copied to it is limited to the capacity of the
target field.
If the target or source field which is actually available is
smaller than the configured memory area for the source or target
field (parameters SRCBLK, DSTBLK or BVAL and BLK in SFC21), no data
is transferred.
In this case, an error is displayed in the RET_VAL with the error
code W#16#8122 or W#16#8323. Always evaluate this RET_VAL in your
user program.
