The food packing machines we built were designed to include a 12kW servo motor. The drive was equipped with a large external braking resistor that probably was not even required in our application, but the drive manufacturer insisted it could not be eliminated. Some time earlier, a predecessor had realized that these resistors can get hot if they are really used in the application, so they built a Plexiglas guard around the resistor.
Everything went fine for several years until eventually we had several dozen of these machines out in the field. Then, one day, we got the call no machine builder ever wants to hear: "Hey, your machine caught fire last night and burned up." The investigation soon led to the regen resistor and its flammable plastic guard as being a likely suspect for causing the fire. But we had never seen one of these resistors even get warm in operation, and we had had no problems with this servo in years.
The mystery continued until the same customer almost had a repeat of the same event, but the operator managed to kill the power when he started to notice the hot smell of melting Plexiglas in time to prevent the fire. Curiously, even though the plastic guard had melted when the machine was restarted, it ran flawlessly, and extensive testing revealed no bad parts.
Upon further investigation, we discovered that just prior to the event, the operator had mistakenly bumped an E-Stop button, which stopped the machine, and he quickly reset the E-stop circuit and continued to run. It turns out that these drives had always had the same feature, but no one had chanced on just the right sequence of operations to activate it. The drive has large capacitors in it and the manufacturer decided that, since a braking resistor is used with these drives, it would just dump the juice from the capacitors into the braking resistor when the drive was shut down.
A relay connected the braking resistor directly across the drive's DC bus on command from the drive's controller. The controller logic went something like this: “When the main power goes off, connect the braking resistor to the DC bus. Leave it connected until the bus voltage falls to a safe level.” What was lacking was the logic that should have said, “If the main power comes back on, open that relay, even if the DC bus voltage has not dropped to a safe level yet.” Fact is, it never will fall to a safe level with 40A of 480V three-phase power supplying the DC bus.
The drive manufacturer balked at correcting the design defect in the drive, arguing that the drives had been used with no problems for years. Then they suggested that we retrofit every one of these machines in the field with controls that would prevent reset of an E-stop for at least 45 seconds, and they agreed to pay for the parts to do that. Needless to say, this was unacceptable to most everyone. Our customer was a multinational company with an army of lawyers and a collection of color glossy photos of the smoking remnants of their $250k control panel, so about a year later a control revision was issued on the drive.
This entry was submitted by Kim L. Ground and edited by Rob Spiegel.
Tell us your experiences with Monkey-designed products. Send stories to Rob Spiegel for Made by Monkeys.
Given the potential liability that comes with a machine that catches fire, it's surprising that it took the drive company a year to deliver a complete solution. I would guess they lost some customers along the way.
Cadman-LT wrote: "It always seems like no company wants to admit to, or even correct their mistake. Not a good thing."
Well, stonewalling usually seems to occur on software and hardware products that have been in production for a long time. The original engineers and designers who understand the design have long since moved on, and the product engineering group is afraid to change anything. They will dig their heels in on the most trivial things to avoid making a change.
Notice that in this instance they wouldn't waive the unncessary resistor or accept the need for change when the multiple-button-press problem was found. Once you get attuned to looking for this behavior you will see it everywhere. <sigh>
Cadman-LT wrote: "It always seems like no company wants to admit to, or even correct their mistake. Not a good thing."
Well, stonewalling usually seems to occur on software and hardware products that have been in production for a long time. The original engineers and designers who understand the design have long since moved on, and the product engineering group is afraid to change anything. They will dig their heels in on the most trivial things to avoid making a change.
Notice that in this instance they wouldn't waive the unncessary resistor or accept the need for change when the multiple-button-press problem was found. Once you get attuned to looking for this behavior you will see it everywhere.
It's too bad that the folks who provide these tales don't mention offending companies by name so the rest of us out here in the real world will have some precautionary "ammunition" to avoid them.
Hi Old_Curmudgeon. Many of our Made by Monkeys and Sherlock Ohms postings do identify the offending companies. This is especially true with the postings about cars. Sometimes brands are not mentioned because the blogger is concerned about the posting being libelous.
As we engineers all know, we hate to find out we did something stupid or sloppy- or that something just slipped past us. But I bet when the design engineers at the company found out what had happened, they were sure anxious to fix it. But management, who is mostly interested in bottom lines and not quality, probably just tried to sweep it under the rug by offering a few cheap parts as a solution. It is shame to ruin a reputation over something that could potentially cause a fire or injury and REALLY cost money in the long or short run. Shame on them taking a year! (I'm a Texan so I have to add "Bless their hearts.")
If the capacitors do not discharge through the regen resistor, the drive stands a good chance of blowing those capacitors by overcharging them through too-rapid e-stop power-cycling.
A number of drive manufacturers state in their operations manuals that drives should not be power cycled more than once a minute.
Dumping the DC bus through the resistor is a good way to have numerous power cycles in a short period of time. If the resistor got that hot, it might be undersized for drive, even if the packaging machine doesn't normally use it. A large regen resistor is normally protected by a large perforated metal enclosure, not plastic.
Been there, done that. Often, the root cause of this problem is that the safety logic power of the drive is not separately powered from the control power - consequently, its safety logic is flawed. Quite a few drives have this particular feature but quite a few more don't even have an emergency stopping capability with or without an external braking resistor and some have an internal resistor which is adequate for normal operation but burns up during an E-Stop if a correctly sized external resistor is not connected. When you talk to drive manufacturers about functional safety issues, they will often tell you that they are only responsible for electrical safety and that the machine builder is responsible for functional safety, although there is only so much that you can do external to the drive. One big name vendor supplies an add-on E-Stopping solution which overheats motor windings necessitating a delayed restart to avoid cooking the motor. Even many drives with a certification, prove to be not certified to machinery or robotic standards, which is more than a little problem. While most machine safety standards require control voltages to be reduced to a nominally safe level after a brief period of time (see EN 60204-1 or NFPA 79), quite a few drives don't do this. In this case, which is not uncommon, the drive manufacturer implements a bargain basement solution. I'm sure most integrators are familiar with reset timers - this makes the servo drive happy ... the end user, not so much. Also, since everything in the control cabinet is supposed to have IP2x or IPxxb enclosure, it's surprising how many drive manufacturers do not supply properly enclosed resistors, as in this case. Obviously, a custom built enclosure is going to be questionable and more expensive than a commercial solution. But there are a few good guys in the business who manage category 1 stops sensibly and who provide properly sized and packaged regen and braking resistors. BTW, any power device should be packaged in materials with a good UL 94 or equivalent flammability rating (this should have been a routine design check).
That's a prudent policy. Integrators frequently have to employ controls solutions imposed by their customers or even their own supply chain. One must tread very lightly. Also, major suppliers have a mix of good and not so good product. And it's not just drive manufacturers that can be delinquent. The fact that a certifying body will approve products that have functional safety deficiencies is also an issue. Ideally, integrators should be able to select approved product and have no worries assuming they follow the manufacturers instructions but, with servo drives, that is far from the case. One must always RTFM (at least twice). When the problem is systemic, few suppliers want to step up. Based on experience, I'd say truly safe stopping adds approximately $125 to the cost of a servo drive - seems expensive until OSHA catches up with you. However, users aren't entirely blameless: a careful reading of NFPA 70 & 79 and EN 60204-1 will provide good instruction in providing proper and sufficient protection for motors and drives. Of course, in this specific instance, the user did not follow the supplier's instructions exactly (vis 45 second delay) and executed an incomplete risk analysis (vis prevention of restart and use of flammabile materials in controlgear).
Note, the use of transparent finger guards may be a necessary evil: it is a requirement that identification of devices and terminals by clearly visible and also a requirement that terminals and devices be touch safe. Metal covers typically require duplication of marking and must be polarized so that they can't be installed improperly and must be properly grounded. Transparent materials have obvious advantages; however, one must choose the correct material with adequate temperature tolerance and fire retardent properties (these should be standard check boxes in the annotated BOM).
From Dell / Intel® New Paradigms in Design Work Scott Hamilton, vertical market strategist for Dell Precision workstations, 5/2/2013 5
Early in my career, I worked as a draftsman and remember the days of drawing on vellum with numbered pencils and Mylar with plastic lead. This was a fun experience in the sense that I ...
I've been using workstations for more than 10 years and love finding ways to get more performance from my system. With demanding professional applications that require more power each ...
A lasting memory from my first job as an engineer in an auto assembly plant is standing on hard concrete at six in the morning, vending-machine coffee clutched in hand, listening to ...
A quick look into the merger of two powerhouse 3D printing OEMs and the new leader in rapid prototyping solutions, Stratasys. The industrial revolution is now led by 3D printing and engineers are given the opportunity to fully maximize their design capabilities, reduce their time-to-market and functionally test prototypes cheaper, faster and easier. Bruce Bradshaw, Director of Marketing in North America, will explore the large product offering and variety of materials that will help CAD designers articulate their product design with actual, physical prototypes. This broadcast will dive deep into technical information including application specific stories from real world customers and their experiences with 3D printing. 3D Printing is
To save this item to your list of favorite Design News content so you can find it later in your Profile page, click the "Save It" button next to the item.
If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
7 
