Dear Team,
We are writing to seek technical clarification and support regarding watchdog timer faults observed on our Phoenix Contact PLCnext AXC F 2152 and AXC F 3152 controllers running the standard ASR (Application System Redundancy) programs.
PLC firmware version: 2024.6.1
ASR library 2152: PLCnext_ASR2152_5.pcwlx
ASR library 3152: PLCnext_ASR3152_4.pcwlx
PLCnext engineer verison: 2024.6
We are using the standard library programs provided with the PLCnext_ASR3152 library without any modificatons, specifically:
• ASR_EventStop_2 (assigned to the STOP event task)
• ASR_EventStart_1 (assigned to the COLDSTART and WARMSTART event tasks)
Over the past year, we have observed intermittent watchdog exceeded faults on multiple ASR PLCs deployed across our plant. The issue occurs very rarely and unpredictably, making it difficult to reproduce or identify the root cause. However, whenever the fault occurs, the affected PLC enters a stopped state and does not recover automatically. Manual intervention and PLC restart are required to restore operation.
A major concern is that this behavior has been observed only on PLCs running the ASR library programs. Across our plant, we have several AXC F 2152 and AXC F 3152 controllers, including both ASR and non-ASR applications. To date, every watchdog exceeded event has occurred only on the ASR controllers, while all non-ASR controllers have continued to operate normally without any watchdog-related faults. This consistent pattern suggests that the issue may be associated with the ASR library functionality, redundancy operation, or its interaction with the controller firmware.
Our notification logs indicate STOP task watchdog overruns ranging from 511 ms up to 39,666 ms, significantly exceeding the default watchdog limit of 500 ms. We have also observed occasional watchdog overruns on cyclic tasks T0 (9 ms watchdog, 10 ms interval) and T1 (59 ms watchdog, 60 ms interval).
Given that these controllers are deployed throughout a large operational plant, the impact of such events is significant. When multiple controllers stop due to watchdog faults, restoring the system requires manual intervention at each affected PLC, resulting in operational challenges and increased maintenance effort.
We would appreciate your guidance on the following points:
-
What are the recommended watchdog timer values for the STOP, COLDSTART, and WARMSTART event tasks when using the standard ASR library programs on AXC F 2152 and AXC F 3152 controllers?
-
Are the default watchdog values (500 ms for STOP and 100 ms for COLDSTART/WARMSTART) sufficient under all operating conditions, including PROFINET S2 AR teardown and redundancy switchover scenarios?
-
What is the expected execution time range for ASR_EventStop_2 during a normal redundancy switchover, and under what conditions could it exceed the default 500 ms watchdog limit?
-
Are there any known factors such as the number of PROFINET devices, network topology, MRP ring recovery, communication load, or controller resource utilization that may cause extended execution times?
-
Is there any known issue, limitation, firmware defect, or library-related behavior that could cause the ASR STOP task to exceed the watchdog limit and stop the controller? If so, are there any recommended firmware versions, patches, or library updates available to address this issue?
-
As a temporary mitigation measure, is it safe to disable the watchdog timer by setting it to 0 ms for the affected event tasks? If so, what are the implications for controller reliability, PROFINET S2 redundancy behavior, system safety, and IEC 62443 compliance?
We would like to emphasize that our primary objective is to identify and implement the correct long-term solution rather than simply disabling watchdog protection. Since this issue has affected ASR controllers across the plant over an extended period, we request your detailed technical assessment and recommendations to ensure stable and reliable operation.
Your prompt support on this matter would be greatly appreciated.
Kind regards,
Jaya Chandra