Hi.

Here in Germany we had an accident with a brand new DA 42 in Speyer
(EDRY) on 3-4-07 during take off.

It seems, that the battery was down and both engine were started with
remote power.
After take off when retracting the gear, the props feathered and both
engines stopped.

You can read about that accident in German (sorry) in
www.pilotundflugzeug.de

First hearing about that accident and the background, I could not
believe it.

Karl

Interesting! I have been a vocal proponent of the diesel movement for
years, but I'm also troubled by the real lack of technical discussion and
analysis of the Thielert and SMA products available here (USA). This past
Tues and Wed at Sun N Fun, I made several trips back and forth between the
Miami based Thielert retrofitters (near the SAAB tent) and the Superior
tent, hoping to chat with the Thielert technical expert. Each time I was
told that he (the only expert there) was at the other tent. I was hoping to
get the details of what problems they were experiencing with the 1.7 block;
to make them retool to the 2.0 block with no performance increase. Left to
my own imagination, I would not want to be flying behind the 1.7 at this
point forward.

Also, the Thielert boys seem to have committed to very modern electronic
control systems to manage their engine (lots of MB three pointed star
emblems on the electrical connectors). I asked last year at the AOPA Tampa
show if the engine had a Limp Home Mode for a major electrical system
failure. I got a quizical look and a promise of a call to my cell number
once "the only expert at that show" returned to the booth,... still waiting.

Too bad,... looks to me like they have a good product, but if they keep
hiding from the flying public they'll lose the trust factor fast.

Lastly, to speak to this DA-42 problem directly, I recall reading in the
early (post certification) period of the 1.7 in the euro version DA-40, they
experienced two documented in-flight electric control module failures which
resulted in engine shutdowns with unsuccesful restart. Just speculating
here: Looks like if the battery was dead and the LG motor surge was too much
for the alternators..., well, lets not speculate....


"Karl-Heinz Kuenzel" wrote ...
> Here in Germany we had an accident with a brand new DA 42 in Speyer
> (EDRY) on 3-4-07 during take off.
>
> It seems, that the battery was down and both engine were started
> with remote power.
> After take off when retracting the gear, the props feathered and both
> engines stopped.
>
>

"Mike Isaksen" > wrote in message news:oHRWh.10911$bZ2.2688@trndny01...
: Interesting! I have been a vocal proponent of the diesel movement for
: years, but I'm also troubled by the real lack of technical discussion and
: analysis of the Thielert and SMA products available here (USA). This past
: Tues and Wed at Sun N Fun, I made several trips back and forth between the
: Miami based Thielert retrofitters (near the SAAB tent) and the Superior
: tent, hoping to chat with the Thielert technical expert. Each time I was
: told that he (the only expert there) was at the other tent. I was hoping to
: get the details of what problems they were experiencing with the 1.7 block;
: to make them retool to the 2.0 block with no performance increase. Left to
: my own imagination, I would not want to be flying behind the 1.7 at this
: point forward.
:
:

Doesn't the 1.7 have a throw away TBO-like limitation that is very low?

Karl-Heinz Kuenzel wrote:
> Hi.
>
> Here in Germany we had an accident with a brand new DA 42 in Speyer
> (EDRY) on 3-4-07 during take off.
>
> It seems, that the battery was down and both engine were started with
> remote power.
> After take off when retracting the gear, the props feathered and both
> engines stopped.
>
> You can read about that accident in German (sorry) in
> www.pilotundflugzeug.de
>
> First hearing about that accident and the background, I could not
> believe it.

I don't even know where to start. How can an aircraft, that depends on
electrical power for the operation of it's engines, be airworthy without
fully redundant electrical systems? While in this particular case the pilot
might have noticed the problem, had he meticuously follow procedures and
started the second engine at the plane's own power, it is quite easy to find
failure modes that would go unnoticed inflight, yet cause double engine
failure at the instant the gear is lowered on final. Lead batteries are
known to occasionally go flat suddenly, once the buildup of oxide makes
contact between the lead elements. Happened to me in the car once. The
engine (a diesel with mechanical injection pump) ran happily without me even
noticing the failure until I shut it down. When I turned the power back on
again, not even the lights in the dashboard would light up, it was
completely and utterly dead.

I would never have thought that they cut corners like that at Diamond. I
Hope this will not create a lot of mistrust in aerodiesels, as it is not a
diesel issue. I guess you could call it a FADEC issue if you wanted, however
it really is an issue of redundancy of essential systems, and easily
solveable as such.

regards,
Friedrich

Friedrich Ostertag schrieb:
> Karl-Heinz Kuenzel wrote:
>> Hi.
>>
>> Here in Germany we had an accident with a brand new DA 42 in Speyer
>> (EDRY) on 3-4-07 during take off.
>>
>> It seems, that the battery was down and both engine were started with
>> remote power.
>> After take off when retracting the gear, the props feathered and both
>> engines stopped.
>>
>> You can read about that accident in German (sorry) in
>> www.pilotundflugzeug.de
>>
>> First hearing about that accident and the background, I could not
>> believe it.
>
> I don't even know where to start. How can an aircraft, that depends on
> electrical power for the operation of it's engines, be airworthy without
> fully redundant electrical systems? While in this particular case the pilot
> might have noticed the problem, had he meticuously follow procedures and
> started the second engine at the plane's own power, it is quite easy to find
> failure modes that would go unnoticed inflight, yet cause double engine
> failure at the instant the gear is lowered on final. Lead batteries are
> known to occasionally go flat suddenly, once the buildup of oxide makes
> contact between the lead elements. Happened to me in the car once. The
> engine (a diesel with mechanical injection pump) ran happily without me even
> noticing the failure until I shut it down. When I turned the power back on
> again, not even the lights in the dashboard would light up, it was
> completely and utterly dead.
>
> I would never have thought that they cut corners like that at Diamond. I
> Hope this will not create a lot of mistrust in aerodiesels, as it is not a
> diesel issue. I guess you could call it a FADEC issue if you wanted, however
> it really is an issue of redundancy of essential systems, and easily
> solveable as such.
>
> regards,
> Friedrich
>
>
Friedrich,

I did not believe it either. Maybe I am getting to old. For me a diesel
would run forever until you cut the fuel.

What those people did. They just started #1 and #2 (which was NOT ok) on
external power. And everything looked ok. Until they retracted the
landing gear....

I posted that story in our German newsgroup and nobody seemed to be
interested in that issue. I was just curious, if someone here is interested.

regards Karl

On Apr 23, 12:51 pm, "Neil Gould" > wrote:
> Recently, Friedrich Ostertag > posted:
>
>
>
> > Karl-Heinz Kuenzel wrote:
> >> Hi.
>
> >> Here in Germany we had an accident with a brand new DA 42 in Speyer
> >> (EDRY) on 3-4-07 during take off.
>
> >> It seems, that the battery was down and both engine were started with
> >> remote power.
> >> After take off when retracting the gear, the props feathered and both
> >> engines stopped.
>
> >> You can read about that accident in German (sorry) in
> >>www.pilotundflugzeug.de
>
> >> First hearing about that accident and the background, I could not
> >> believe it.
>
> > I don't even know where to start. How can an aircraft, that depends on
> > electrical power for the operation of it's engines, be airworthy
> > without fully redundant electrical systems? While in this particular
> > case the pilot might have noticed the problem, had he meticuously
> > follow procedures and started the second engine at the plane's own
> > power, it is quite easy to find failure modes that would go unnoticed
> > inflight, yet cause double engine failure at the instant the gear is
> > lowered on final. Lead batteries are known to occasionally go flat
> > suddenly, once the buildup of oxide makes contact between the lead
> > elements. Happened to me in the car once. The engine (a diesel with
> > mechanical injection pump) ran happily without me even noticing the
> > failure until I shut it down. When I turned the power back on again,
> > not even the lights in the dashboard would light up, it was
> > completely and utterly dead.
>
> > I would never have thought that they cut corners like that at
> > Diamond. I Hope this will not create a lot of mistrust in
> > aerodiesels, as it is not a diesel issue. I guess you could call it a
> > FADEC issue if you wanted, however it really is an issue of
> > redundancy of essential systems, and easily solveable as such.
>
> I have a somewhat different take on this event. It appears to me that the
> pilot didn't sufficiently understand his aircraft or the implications of
> the symptoms he observed. Knowing that there was insufficient power to
> start the engines, that the engine & prop controls were dependent on
> electric power and that the landing gear used an electric motor would have
> stopped me from taking off until the battery/electrical system problem was
> addressed. I don't find it surprising that the props feathered in this
> situation, and would even say that it would be the expected behavior,
> rather than a fluke of some kind. I would find it surprising if Diamond
> doesn't have adequate information about their flight systems in the POH to
> inform the pilot of this possibility.
>
> Regards,
>
> Neil

I just received an e-mail today from Diamond explaining the situation.
Since the engines are FADEC controlled, the dead battery did not have
enough power to retract the landing gear and keep the engines going.
The e-mail also stated that Diamond is looking into making some
changes.

Cary (DA42 owner)

Neil Gould schrieb:
> Recently, Friedrich Ostertag > posted:
>
>> Karl-Heinz Kuenzel wrote:
>>> Hi.
>>>
>>> Here in Germany we had an accident with a brand new DA 42 in Speyer
>>> (EDRY) on 3-4-07 during take off.
>>>
>>> It seems, that the battery was down and both engine were started with
>>> remote power.
>>> After take off when retracting the gear, the props feathered and both
>>> engines stopped.
>>>
>>> You can read about that accident in German (sorry) in
>>> www.pilotundflugzeug.de
>>>
>>> First hearing about that accident and the background, I could not
>>> believe it.
>> I don't even know where to start. How can an aircraft, that depends on
>> electrical power for the operation of it's engines, be airworthy
>> without fully redundant electrical systems? While in this particular
>> case the pilot might have noticed the problem, had he meticuously
>> follow procedures and started the second engine at the plane's own
>> power, it is quite easy to find failure modes that would go unnoticed
>> inflight, yet cause double engine failure at the instant the gear is
>> lowered on final. Lead batteries are known to occasionally go flat
>> suddenly, once the buildup of oxide makes contact between the lead
>> elements. Happened to me in the car once. The engine (a diesel with
>> mechanical injection pump) ran happily without me even noticing the
>> failure until I shut it down. When I turned the power back on again,
>> not even the lights in the dashboard would light up, it was
>> completely and utterly dead.
>>
>> I would never have thought that they cut corners like that at
>> Diamond. I Hope this will not create a lot of mistrust in
>> aerodiesels, as it is not a diesel issue. I guess you could call it a
>> FADEC issue if you wanted, however it really is an issue of
>> redundancy of essential systems, and easily solveable as such.
>>
> I have a somewhat different take on this event. It appears to me that the
> pilot didn't sufficiently understand his aircraft or the implications of
> the symptoms he observed. Knowing that there was insufficient power to
> start the engines, that the engine & prop controls were dependent on
> electric power and that the landing gear used an electric motor would have
> stopped me from taking off until the battery/electrical system problem was
> addressed. I don't find it surprising that the props feathered in this
> situation, and would even say that it would be the expected behavior,
> rather than a fluke of some kind. I would find it surprising if Diamond
> doesn't have adequate information about their flight systems in the POH to
> inform the pilot of this possibility.
>
> Regards,
>
> Neil
>
>
>

OK Neil.

You find it in the article.

POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE WITH
EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL PROCEDURE

That is it.

Karl

Recently, Friedrich Ostertag > posted:

> Karl-Heinz Kuenzel wrote:
>> Hi.
>>
>> Here in Germany we had an accident with a brand new DA 42 in Speyer
>> (EDRY) on 3-4-07 during take off.
>>
>> It seems, that the battery was down and both engine were started with
>> remote power.
>> After take off when retracting the gear, the props feathered and both
>> engines stopped.
>>
>> You can read about that accident in German (sorry) in
>> www.pilotundflugzeug.de
>>
>> First hearing about that accident and the background, I could not
>> believe it.
>
> I don't even know where to start. How can an aircraft, that depends on
> electrical power for the operation of it's engines, be airworthy
> without fully redundant electrical systems? While in this particular
> case the pilot might have noticed the problem, had he meticuously
> follow procedures and started the second engine at the plane's own
> power, it is quite easy to find failure modes that would go unnoticed
> inflight, yet cause double engine failure at the instant the gear is
> lowered on final. Lead batteries are known to occasionally go flat
> suddenly, once the buildup of oxide makes contact between the lead
> elements. Happened to me in the car once. The engine (a diesel with
> mechanical injection pump) ran happily without me even noticing the
> failure until I shut it down. When I turned the power back on again,
> not even the lights in the dashboard would light up, it was
> completely and utterly dead.
>
> I would never have thought that they cut corners like that at
> Diamond. I Hope this will not create a lot of mistrust in
> aerodiesels, as it is not a diesel issue. I guess you could call it a
> FADEC issue if you wanted, however it really is an issue of
> redundancy of essential systems, and easily solveable as such.
>
I have a somewhat different take on this event. It appears to me that the
pilot didn't sufficiently understand his aircraft or the implications of
the symptoms he observed. Knowing that there was insufficient power to
start the engines, that the engine & prop controls were dependent on
electric power and that the landing gear used an electric motor would have
stopped me from taking off until the battery/electrical system problem was
addressed. I don't find it surprising that the props feathered in this
situation, and would even say that it would be the expected behavior,
rather than a fluke of some kind. I would find it surprising if Diamond
doesn't have adequate information about their flight systems in the POH to
inform the pilot of this possibility.

Regards,

Neil

Recently, Karl-Heinz Kuenzel > posted:

> Neil Gould schrieb:
>> I have a somewhat different take on this event. [...]
>> I don't find it
>> surprising that the props feathered in this situation, and would
>> even say that it would be the expected behavior, rather than a fluke
>> of some kind. I would find it surprising if Diamond doesn't have
>> adequate information about their flight systems in the POH to inform
>> the pilot of this possibility.
>>
>
> OK Neil.
>
> You find it in the article.
>
My Deutsch is far too rusty to find it in the article. ;-)

> POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE
> WITH EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL
> PROCEDURE
>
> That is it.
>
That's fine for starting the engines, but that isn't the only issue, is
it?

Is there nothing in the POH about the electrically powered items (landing
gear, FADEC, etc.)? If there is, it shouldn't require an EE degree to
realize that one should be concerned about the condition of the batteries,
charging, etc. if one has to "jump start" the engine, or to realize that
something critical is in need of attention.

Maybe I'm just an overly cautious type. ;-)

Neil

Recently, Cary > posted:

> I just received an e-mail today from Diamond explaining the situation.
> Since the engines are FADEC controlled, the dead battery did not have
> enough power to retract the landing gear and keep the engines going.
> The e-mail also stated that Diamond is looking into making some
> changes.
>
> Cary (DA42 owner)
>
The actual wording of that email would be interesting. I'd think that the
FADEC keeps the fuel flow and props configured, and that the current draw
of the landing gear motor(s) probably shut the FADEC down due to low
voltage. While that could be addressed with a different power
configuration (a separate battery for the FADEC, for example), it may also
introduce more failure modes and more factors to take into consideration
during pre-flight.

Neil (NOT a DA42 owner)

Neil Gould wrote:
> Recently, Karl-Heinz Kuenzel > posted:
>
>> Neil Gould schrieb:
>>> I have a somewhat different take on this event. [...]
>>> I don't find it
>>> surprising that the props feathered in this situation, and would
>>> even say that it would be the expected behavior, rather than a fluke
>>> of some kind. I would find it surprising if Diamond doesn't have
>>> adequate information about their flight systems in the POH to inform
>>> the pilot of this possibility.
>>>
>>
>> OK Neil.
>>
>> You find it in the article.
>>
> My Deutsch is far too rusty to find it in the article. ;-)
>
>> POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE
>> WITH EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL
>> PROCEDURE
>>
>> That is it.
>>
> That's fine for starting the engines, but that isn't the only issue,
> is it?
>
> Is there nothing in the POH about the electrically powered items
> (landing gear, FADEC, etc.)? If there is, it shouldn't require an EE
> degree to realize that one should be concerned about the condition of
> the batteries, charging, etc. if one has to "jump start" the engine,
> or to realize that something critical is in need of attention.
>
> Maybe I'm just an overly cautious type. ;-)
>
> Neil

I agree that if you are flying what is basically an all electric aircraft
and you have an electrical problem on the ground that you should take extra
care before flight BUT, there should be some system in place that doesn't
allow the gear switch, landing lights or any other electrically operated
item to become an OFF switch with out some damn significant warning.

"Blueskies" wrote ...
>
> "Mike Isaksen" wrote...
> : I was hoping to
> : get the details of what problems they were experiencing with the 1.7
> block;
> : to make them retool to the 2.0 block with no performance increase. Left
> to
> : my own imagination, I would not want to be flying behind the 1.7 at this
> : point forward.
>
The main reason, according to Thielert, was that DaimlerChrysler stopped
producing the 1.7 in favor of the 2.0. Keeping the performance specs the
same avoids the need to modify type certificates and aircraft installations.

> Doesn't the 1.7 have a throw away TBO-like limitation that is very low?
>
Yep, the TBR is around 2,400 hours IIRC. This also means all the 1.7 blocks
will eventually be replaced.

Recently, Gig 601XL Builder <wrDOTgiaconaATsuddenlink.net> posted:

> Neil Gould wrote:
>> Recently, Karl-Heinz Kuenzel > posted:
>>
>>> Neil Gould schrieb:
>>>> I have a somewhat different take on this event. [...]
>>>> I don't find it
>>>> surprising that the props feathered in this situation, and would
>>>> even say that it would be the expected behavior, rather than a
>>>> fluke of some kind. I would find it surprising if Diamond doesn't
>>>> have adequate information about their flight systems in the POH to
>>>> inform the pilot of this possibility.
>>>>
>>>
>>> OK Neil.
>>>
>>> You find it in the article.
>>>
>> My Deutsch is far too rusty to find it in the article. ;-)
>>
>>> POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE
>>> WITH EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL
>>> PROCEDURE
>>>
>>> That is it.
>>>
>> That's fine for starting the engines, but that isn't the only issue,
>> is it?
>>
>> Is there nothing in the POH about the electrically powered items
>> (landing gear, FADEC, etc.)? If there is, it shouldn't require an EE
>> degree to realize that one should be concerned about the condition of
>> the batteries, charging, etc. if one has to "jump start" the engine,
>> or to realize that something critical is in need of attention.
>>
>> Maybe I'm just an overly cautious type. ;-)
>>
>> Neil
>
> I agree that if you are flying what is basically an all electric
> aircraft and you have an electrical problem on the ground that you
> should take extra care before flight BUT, there should be some system
> in place that doesn't allow the gear switch, landing lights or any
> other electrically operated item to become an OFF switch with out
> some damn significant warning.
>
A simple voltmeter with a "red line" should suffice, along with a caution;
"Don't take off with the needle outside the green arc". Of course, that
won't prevent someone from insisting on making a bad decision.

Neil

Neil Gould wrote:
> A simple voltmeter with a "red line" should suffice, along with a
> caution; "Don't take off with the needle outside the green arc". Of
> course, that won't prevent someone from insisting on making a bad
> decision.
>
I again agree but if you are going to have an sytem with FADEC it ought to
have the authority to to clearly tell you that it is about to use its'
authority to shut the engine off.

Recently, Gig 601XL Builder <wrDOTgiaconaATsuddenlink.net> posted:

> Neil Gould wrote:
>> A simple voltmeter with a "red line" should suffice, along with a
>> caution; "Don't take off with the needle outside the green arc". Of
>> course, that won't prevent someone from insisting on making a bad
>> decision.
>>
> I again agree but if you are going to have an sytem with FADEC it
> ought to have the authority to to clearly tell you that it is about
> to use its' authority to shut the engine off.
>
We may be describing the same elephant from different sides. ;-)

Neil

Gig 601XL Builder <wrDOTgiaconaATsuddenlink.net> wrote:
> Neil Gould wrote:
> > A simple voltmeter with a "red line" should suffice, along with a
> > caution; "Don't take off with the needle outside the green arc". Of
> > course, that won't prevent someone from insisting on making a bad
> > decision.
> >
> I again agree but if you are going to have an sytem with FADEC it ought to
> have the authority to to clearly tell you that it is about to use its'
> authority to shut the engine off.

From the description it sounds more like the FADEC didn't have the
authority (or power) to do anything.

More to the point, if all the power goes away, what happens to all
the "settings" the FADEC controls?

Do they go to zero, full, stay where they are?

It appears that they go to zero, which is a damn unhandy failure mode.

--
Jim Pennino

Remove .spam.sux to reply.

"Neil Gould" > wrote in message
.. .
> Recently, Cary > posted:
>
> > I just received an e-mail today from Diamond explaining the situation.
> > Since the engines are FADEC controlled, the dead battery did not have
> > enough power to retract the landing gear and keep the engines going.
> > The e-mail also stated that Diamond is looking into making some
> > changes.
> >
> > Cary (DA42 owner)
> >
> The actual wording of that email would be interesting. I'd think that the
> FADEC keeps the fuel flow and props configured, and that the current draw
> of the landing gear motor(s) probably shut the FADEC down due to low
> voltage. While that could be addressed with a different power
> configuration (a separate battery for the FADEC, for example), it may also
> introduce more failure modes and more factors to take into consideration
> during pre-flight.
>
> Neil (NOT a DA42 owner)
>
>
I have to admit that I am a little surprised that (or if) they did not
include a little magneto/generator in/on each engine, sufficient to power
the FADEC and pumps, to prevent the sort of incident described.

OTOH, I am trying to remember whether larger aircraft systems behave in a
similar way, and I must admit that I do not recall.

In any case, it is very interesting and most unfortunate for those involved,
and we will all know a lot more is the investigation progresses; and a lot
of what we learn will be equally applicable to FADEC equipped spark ignition
engines. It will obviously be worth the effort, over the longer term, since
fuel savings translate readily into payload and range--which is usually
worth more than the fuel savings.

Peter

Karl-Heinz,

> First hearing about that accident and the background, I could not
> believe it.
>

And that may well be wise. There is no official accident report yet.

--
Thomas Borchert (EDDH)

Blueskies,

> Doesn't the 1.7 have a throw away TBO-like limitation that is very low?
>

No. it has a TBR (r for replacement) of 2400 hours, guaranteed by
Thielert. When you buy the engine, that price buys you 2400 hours. Can
you say that of any Lycosaurus or TCM?

yes, they currently do replace the engines sooner than that - but you
don't pay for it. They're working up to final TBR.

--
Thomas Borchert (EDDH)

The problem, as I understand it, was the battery was dead. According
to the POH, the battery is used to start the engine and is used as a
backup during flight for all the electronic gear (including the
FADEC). Although the investigation is still ongoing and other answers
may be forthcoming, when they operated the landing gear they exceded
the power available from the alternators and the backup system (the
battery) was not available so the FADEC (engine computers) stopped.
One of the lessons here is that one should not fly an airplane that
relies on electricity if you don't have a battery to run the
electricity!

Cary

On Apr 23, 4:35 pm, wrote:
> Gig 601XL Builder <wrDOTgiaconaATsuddenlink.net> wrote:
>
> > Neil Gould wrote:
> > > A simple voltmeter with a "red line" should suffice, along with a
> > > caution; "Don't take off with the needle outside the green arc". Of
> > > course, that won't prevent someone from insisting on making a bad
> > > decision.
>
> > I again agree but if you are going to have an sytem with FADEC it ought to
> > have the authority to to clearly tell you that it is about to use its'
> > authority to shut the engine off.
>
> From the description it sounds more like the FADEC didn't have the
> authority (or power) to do anything.
>
> More to the point, if all the power goes away, what happens to all
> the "settings" the FADEC controls?
>
> Do they go to zero, full, stay where they are?
>
> It appears that they go to zero, which is a damn unhandy failure mode.
>
> --
> Jim Pennino
>
> Remove .spam.sux to reply.

Aircraft using FADEC are relatively recent so why isn't power-loading
prioritized by the electrical system? When an electrical event occurs that
overloads the system capacity, why isn't there enough built-in systems
intelligence onboard to protect the FADEC? If we have enough smarts to
design and build a FADEC why don't we have enough smarts to protect it?

--
Jim Carter
Rogers, Arkansas

The message came as a PDF file. I don't think I can post such a file
to the newsgroup, so if you would like to see the file, let me know
where to send it.

Cary

On Apr 23, 1:28 pm, "Neil Gould" > wrote:
> Recently, Cary > posted:
>
> > I just received an e-mail today from Diamond explaining the situation.
> > Since the engines are FADEC controlled, the dead battery did not have
> > enough power to retract the landing gear and keep the engines going.
> > The e-mail also stated that Diamond is looking into making some
> > changes.
>
> > Cary (DA42 owner)
>
> The actual wording of that email would be interesting. I'd think that the
> FADEC keeps the fuel flow and props configured, and that the current draw
> of the landing gear motor(s) probably shut the FADEC down due to low
> voltage. While that could be addressed with a different power
> configuration (a separate battery for the FADEC, for example), it may also
> introduce more failure modes and more factors to take into consideration
> during pre-flight.
>
> Neil (NOT a DA42 owner)

But the point seems to be that even if you had a good electrical system and
a good battery on departure, if a total power failure occurs it appears that
FADEC just packs it up and defaults to zero. Like Jim wrote "a damn unhandy
failure mode".

--
Jim Carter
Rogers, Arkansas

Cary > wrote:
> The problem, as I understand it, was the battery was dead. According
> to the POH, the battery is used to start the engine and is used as a
> backup during flight for all the electronic gear (including the
> FADEC). Although the investigation is still ongoing and other answers
> may be forthcoming, when they operated the landing gear they exceded
> the power available from the alternators and the backup system (the
> battery) was not available so the FADEC (engine computers) stopped.
> One of the lessons here is that one should not fly an airplane that
> relies on electricity if you don't have a battery to run the
> electricity!

> Cary

> On Apr 23, 4:35 pm, wrote:
> > Gig 601XL Builder <wrDOTgiaconaATsuddenlink.net> wrote:
> >
> > > Neil Gould wrote:
> > > > A simple voltmeter with a "red line" should suffice, along with a
> > > > caution; "Don't take off with the needle outside the green arc". Of
> > > > course, that won't prevent someone from insisting on making a bad
> > > > decision.
> >
> > > I again agree but if you are going to have an sytem with FADEC it ought to
> > > have the authority to to clearly tell you that it is about to use its'
> > > authority to shut the engine off.
> >
> > From the description it sounds more like the FADEC didn't have the
> > authority (or power) to do anything.
> >
> > More to the point, if all the power goes away, what happens to all
> > the "settings" the FADEC controls?
> >
> > Do they go to zero, full, stay where they are?
> >
> > It appears that they go to zero, which is a damn unhandy failure mode.

Well, we are all guessing here, but...

A battery pack backup for the FADEC itself independant of the aircraft
systems would be trivial technically.

A bigger problem may be how much power does it take to actually control
something with the FADEC?

That is, while the FADEC itself probably doesn't require much in the
way of power, how much power does it take to manipulate the throttle,
mixture, and prop?


--
Jim Pennino

Remove .spam.sux to reply.

Recently, Cary > posted:

> The message came as a PDF file. I don't think I can post such a file
> to the newsgroup, so if you would like to see the file, let me know
> where to send it.
>
No need, at this point. I was mainly curious about whether Diamond
addressed the risk of taking off or flying with low voltage?

Neil

"Jim Carter" > wrote in message
et...
> Aircraft using FADEC are relatively recent so why isn't power-loading
> prioritized by the electrical system? When an electrical event occurs that
> overloads the system capacity, why isn't there enough built-in systems
> intelligence onboard to protect the FADEC? If we have enough smarts to
> design and build a FADEC why don't we have enough smarts to protect it?
>
> --
> Jim Carter
> Rogers, Arkansas
>
Well said. It should have some fall back. If the coffee maker shorts the
engines quit?

Al G

Jim Carter wrote:
> Aircraft using FADEC are relatively recent so why isn't power-loading
> prioritized by the electrical system? When an electrical event occurs that
> overloads the system capacity, why isn't there enough built-in systems
> intelligence onboard to protect the FADEC? If we have enough smarts to
> design and build a FADEC why don't we have enough smarts to protect it?

That's really the question, though it wouldn't
necessarily have gotten them home safe. Before
the FADEC dropped out, there should have been
an undervolt alarm and load shedding. Then they
could have cranked the gear down if possible.

"Cary" > wrote in message ...
> The message came as a PDF file. I don't think I can post such a file
> to the newsgroup, so if you would like to see the file, let me know
> where to send it.
>

Some pdf readers come with a SELECT TEXT TOOL icon in the tool bar. Switch
to this mode and you can copy and paste text in pdf doc like normal.

Thomas Borchert wrote:

> Blueskies,
>
>
>>Doesn't the 1.7 have a throw away TBO-like limitation that is very low?
>>
>
>
> No. it has a TBR (r for replacement) of 2400 hours, guaranteed by
> Thielert. When you buy the engine, that price buys you 2400 hours. Can
> you say that of any Lycosaurus or TCM?
>
> yes, they currently do replace the engines sooner than that - but you
> don't pay for it. They're working up to final TBR.
>

What does it cost the owner at 2400 hours?

> wrote in message ...
> A battery pack backup for the FADEC itself independant of
> the aircraft systems would be trivial technically.
>
> A bigger problem may be how much power does it take to
> actually control something with the FADEC?
>
> That is, while the FADEC itself probably doesn't require much
> in the way of power, how much power does it take to manipulate
> the throttle, mixture, and prop?

The answers to those kind of questions seem to be missing from the public
record, and even the public discussion. I was asking just that when I
inquired about any "Limp Home" capability of this fully FADEC system. I'm
hoping a Mike Busch media type will attend one of the $4k three day Thielert
maintenance seminars down in Texas and write some details.

Thielert comes to aviation from the automotive industry's custom engine
design and engineering world. And their ability to Design, Produce and STC
the 4.0 diesel in a v8 block in a 2 year window shows they got that part of
their business down. I just hope the Failure Analysis guys or the second
contingency curmudgeons weren't asked to leave the design/production
meetings. When those guys are ignored, they often make excellent "reluctant"
witnesses for the Plaintiff.

As much as I like the Thielert concept (with some healthy concerns), the SMA
guys seem to be walking a much different road technology wise. They have
designed their turbo diesel as an air cooled horiz opposed mostly mechanical
controlled system. When I talked in detail to one of their engineers at SNF
two years ago I walked away thinking that their design was pretty bullet
proof. But, even though I haven't heard of any tech problems, SMA can't seem
to get off the ground.

"Cary" > wrote in message
oups.com...
> The problem, as I understand it, was the battery was dead. According
> to the POH, the battery is used to start the engine and is used as a
> backup during flight for all the electronic gear (including the
> FADEC). Although the investigation is still ongoing and other answers
> may be forthcoming, when they operated the landing gear they exceded
> the power available from the alternators and the backup system (the
> battery) was not available so the FADEC (engine computers) stopped.
> One of the lessons here is that one should not fly an airplane that
> relies on electricity if you don't have a battery to run the
> electricity!
>
> Cary
>
> On Apr 23, 4:35 pm, wrote:
>> Gig 601XL Builder <wrDOTgiaconaATsuddenlink.net> wrote:
>>
>> > Neil Gould wrote:
>> > > A simple voltmeter with a "red line" should suffice, along with a
>> > > caution; "Don't take off with the needle outside the green arc". Of
>> > > course, that won't prevent someone from insisting on making a bad
>> > > decision.
>>
>> > I again agree but if you are going to have an sytem with FADEC it ought
>> > to
>> > have the authority to to clearly tell you that it is about to use its'
>> > authority to shut the engine off.
>>
>> From the description it sounds more like the FADEC didn't have the
>> authority (or power) to do anything.
>>
>> More to the point, if all the power goes away, what happens to all
>> the "settings" the FADEC controls?
>>
>> Do they go to zero, full, stay where they are?
>>
>> It appears that they go to zero, which is a damn unhandy failure mode.
>>
>> --
>> Jim Pennino
>>
>> Remove .spam.sux to reply.
>
>

Even if the battery worked fine, something that causes damage, even
something as small as a bird strike can cause a short; dropping voltage,
and shutting down the engines, plural. Wouldn't a relay that isolated the
engine when the buss voltage dropped to zero have helped? Surely some
prioritizing is in order.

Al G

Neil Gould wrote:
> Recently, Friedrich Ostertag >
> posted:
>
>> Karl-Heinz Kuenzel wrote:
>>> Hi.
>>>
>>> Here in Germany we had an accident with a brand new DA 42 in Speyer
>>> (EDRY) on 3-4-07 during take off.
>>>
>>> It seems, that the battery was down and both engine were started
>>> with remote power.
>>> After take off when retracting the gear, the props feathered and
>>> both engines stopped.
>>>
>>> You can read about that accident in German (sorry) in
>>> www.pilotundflugzeug.de
>>>
>>> First hearing about that accident and the background, I could not
>>> believe it.
>>
>> I don't even know where to start. How can an aircraft, that depends
>> on electrical power for the operation of it's engines, be airworthy
>> without fully redundant electrical systems? While in this particular
>> case the pilot might have noticed the problem, had he meticuously
>> follow procedures and started the second engine at the plane's own
>> power, it is quite easy to find failure modes that would go unnoticed
>> inflight, yet cause double engine failure at the instant the gear is
>> lowered on final. Lead batteries are known to occasionally go flat
>> suddenly, once the buildup of oxide makes contact between the lead
>> elements. Happened to me in the car once. The engine (a diesel with
>> mechanical injection pump) ran happily without me even noticing the
>> failure until I shut it down. When I turned the power back on again,
>> not even the lights in the dashboard would light up, it was
>> completely and utterly dead.
>>
>> I would never have thought that they cut corners like that at
>> Diamond. I Hope this will not create a lot of mistrust in
>> aerodiesels, as it is not a diesel issue. I guess you could call it a
>> FADEC issue if you wanted, however it really is an issue of
>> redundancy of essential systems, and easily solveable as such.
>>
> I have a somewhat different take on this event. It appears to me that
> the pilot didn't sufficiently understand his aircraft or the
> implications of the symptoms he observed. Knowing that there was
> insufficient power to start the engines, that the engine & prop
> controls were dependent on electric power and that the landing gear
> used an electric motor would have stopped me from taking off until
> the battery/electrical system problem was addressed.

Well said, and I wouldn't disagree. However, the very same potentially
deadly failure could occur anytime the battery fails inflight, with no way
for the pilot to know about it before he actually hits the button to lower
the gear. That alone appears to me to be a major design flaw that would make
me pretty uncomfortable, batteries are known to fail suddenly sometimes. I
really would expect redundancy in something as critical as the power supply
for the fadec to be a requirement for airworthyness. Why have two sets of
magnetos on the typical SI-engine? It's just an electrical system, too...
Why have a twin engined aircraft?

> I don't find it
> surprising that the props feathered in this situation, and would even
> say that it would be the expected behavior, rather than a fluke of
> some kind.

If you are saying that a shut-down is to be expected when the power supply
on a fadec controlled engine fails, you are right. No modern engine will
continue running without electrical power. Even on a diesel with common rail
fuel supply (as the thielert is) without electricity no fuel injection is
possible.

regards,
Friedrich

Karl-Heinz Kuenzel wrote:
> I did not believe it either. Maybe I am getting to old. For me a
> diesel would run forever until you cut the fuel.

not with a common rail fuel supply. The injectors won't open without power.

The main point as far as I'm concerned is, that this is not a particular
problem of the thielert or aerodiesels in general, it's a problem you get
with engines depending on electrical power. This dependancy on electricity
is somehow the price you pay for better fuel efficiency, more comfort and,
as far as the engine itself is concerned, less "finger problems" and
therefore more reliability. As the article itself states, it is not a big
issue to create a redundant system that will eliminate the risk of a single
point electrical failure shutting down an engine, let alone both.

> What those people did. They just started #1 and #2 (which was NOT ok)
> on external power. And everything looked ok. Until they retracted the
> landing gear....

> I posted that story in our German newsgroup and nobody seemed to be
> interested in that issue. I was just curious, if someone here is
> interested.

I'm not a pilot, though I enjoy flying in small aircraft and I have some
technical interest in aviation. As a development engineer in automotive I
particularly like to learn about aeroengines and I somewhat follow the
development of the aerodiesels. I'm mainly lurking here...

regards,
Friedrich

>> More to the point, if all the power goes away, what happens to all
>> the "settings" the FADEC controls?
>>
>> Do they go to zero, full, stay where they are?

Without electrical power, apart from the fact that the FADEC is a computer,
and no computer will run without power, on a common rail diesel the
injectors cannot open. A purely mechanical "limp home" mode is physically
not possible. Multipoint or direct injected gasoline engines are the same.

>> It appears that they go to zero, which is a damn unhandy failure
>> mode.

Yes it is, but that's just the way it is. It's no different from the failure
mode you get when your fuel supply or both magnetos fail or something
similar. That's why the power supply of a FADEC should be held to similar
stringent redundancy requirements. Actually, the FADEC itself IS double
redundant but fed from just one battery. Go figure.

regards,
Friedrich

On Mon, 23 Apr 2007 21:35:03 GMT, wrote:

> It appears that they go to zero, which is a damn unhandy failure mode.

It's the new, revolutionary fail unsafe mode.

--
Dallas

Friedrich Ostertag wrote:
> Neil Gould wrote:
>> Recently, Friedrich Ostertag >
>> posted:
>>
>>> Karl-Heinz Kuenzel wrote:
>>>> Hi.
>>>>
>>>> Here in Germany we had an accident with a brand new DA 42 in Speyer
>>>> (EDRY) on 3-4-07 during take off.
>>>>
>>>> It seems, that the battery was down and both engine were started
>>>> with remote power.
>>>> After take off when retracting the gear, the props feathered and
>>>> both engines stopped.
>>>>
>>>> You can read about that accident in German (sorry) in
>>>> www.pilotundflugzeug.de
>>>>
>>>> First hearing about that accident and the background, I could not
>>>> believe it.
>>> I don't even know where to start. How can an aircraft, that depends
>>> on electrical power for the operation of it's engines, be airworthy
>>> without fully redundant electrical systems? While in this particular
>>> case the pilot might have noticed the problem, had he meticuously
>>> follow procedures and started the second engine at the plane's own
>>> power, it is quite easy to find failure modes that would go unnoticed
>>> inflight, yet cause double engine failure at the instant the gear is
>>> lowered on final. Lead batteries are known to occasionally go flat
>>> suddenly, once the buildup of oxide makes contact between the lead
>>> elements. Happened to me in the car once. The engine (a diesel with
>>> mechanical injection pump) ran happily without me even noticing the
>>> failure until I shut it down. When I turned the power back on again,
>>> not even the lights in the dashboard would light up, it was
>>> completely and utterly dead.
>>>
>>> I would never have thought that they cut corners like that at
>>> Diamond. I Hope this will not create a lot of mistrust in
>>> aerodiesels, as it is not a diesel issue. I guess you could call it a
>>> FADEC issue if you wanted, however it really is an issue of
>>> redundancy of essential systems, and easily solveable as such.
>>>
>> I have a somewhat different take on this event. It appears to me that
>> the pilot didn't sufficiently understand his aircraft or the
>> implications of the symptoms he observed. Knowing that there was
>> insufficient power to start the engines, that the engine & prop
>> controls were dependent on electric power and that the landing gear
>> used an electric motor would have stopped me from taking off until
>> the battery/electrical system problem was addressed.
>
> Well said, and I wouldn't disagree. However, the very same potentially
> deadly failure could occur anytime the battery fails inflight, with no way
> for the pilot to know about it before he actually hits the button to lower
> the gear. That alone appears to me to be a major design flaw that would make
> me pretty uncomfortable, batteries are known to fail suddenly sometimes. I
> really would expect redundancy in something as critical as the power supply
> for the fadec to be a requirement for airworthyness. Why have two sets of
> magnetos on the typical SI-engine? It's just an electrical system, too...
> Why have a twin engined aircraft?
>
>> I don't find it
>> surprising that the props feathered in this situation, and would even
>> say that it would be the expected behavior, rather than a fluke of
>> some kind.
>
> If you are saying that a shut-down is to be expected when the power supply
> on a fadec controlled engine fails, you are right. No modern engine will
> continue running without electrical power. Even on a diesel with common rail
> fuel supply (as the thielert is) without electricity no fuel injection is
> possible.
>
> regards,
> Friedrich
>
>
This is a cut and paste from a AOPA story on the plane

There are three batteries. The main battery is a 24-volt 10-amp-hour
size. Electrical power is provided by two 24-volt 60-amp alternators —
one on each engine. There also is a 24-volt 1.3-amp-hour
alternator-excitation battery to provide alternator start-up
(excitation) voltage if the main battery is discharged below the
required excitation threshold. The third battery is a stand-alone
emergency battery that powers the electric artificial horizon and an
instrument floodlight for one and a half hours.

The question then become if there are 2 60AMP alternators and a single
10AMP-hour battery how could the battery being dead cause the issue. I
think there is much more here then meets the eye. Perhaps we should
wait for more data before we jump to conclusions.

"Newps" > wrote in message . ..
:
:
: Thomas Borchert wrote:
:
: > Blueskies,
: >
: >
: >>Doesn't the 1.7 have a throw away TBO-like limitation that is very low?
: >>
: >
: >
: > No. it has a TBR (r for replacement) of 2400 hours, guaranteed by
: > Thielert. When you buy the engine, that price buys you 2400 hours. Can
: > you say that of any Lycosaurus or TCM?
: >
: > yes, they currently do replace the engines sooner than that - but you
: > don't pay for it. They're working up to final TBR.
: >
:
: What does it cost the owner at 2400 hours?


A new engine...

On 2007-04-22 04:23:22 -0700, Karl-Heinz Kuenzel
> said:

> Hi.
>
> Here in Germany we had an accident with a brand new DA 42 in Speyer
> (EDRY) on 3-4-07 during take off.
>
> It seems, that the battery was down and both engine were started with
> remote power.
> After take off when retracting the gear, the props feathered and both
> engines stopped.
>
> You can read about that accident in German (sorry) in www.pilotundflugzeug.de
>
> First hearing about that accident and the background, I could not believe it.
>
> Karl

If you have to start both engines with remote power it seems to me that
is should be obvious that the electrical system is not working. If it
doesn't work with one engine running it is not going to work with them
both running.

According to the article, the battery was so dead that it could not
excite the alternator -- the alternator needs some current in order to
start. For example, if you hand-prop a single engine piston airplane
that has a dead battery, you might get the engine to run but you still
will not have an electrical system. The article complains about there
being a "single point of failure" for the plane, but in fact most small
aircraft have the same single point of failure. In the case of the
DA-42, however, electrical current is needed to keep the engines
running. This is a big difference from the piston engines most of us
are used to. This turns an electrical failure from a nuisance to
something deadly. The excitation battery system is needed to run the
ECU for each engine. Although each engine has its own bus, both are
dependent on the excitation battery system. If that fails, both engine
buses and the main bus go down. Since the excitation battery system
does not have anywhere near the power to handle loads like the gear,
the avionics, and the engine (and it was already broken), there was no
way this plane was going to fly.

The pilot should have known that if both engines needed to be started
remotely that this plane was not airworthy. Spending a little time
studying the electrical system of your plane can save your life. Look
at each component and ask yourself, what if it quits?

The props on most twin engine aircraft feather when they quit. It helps
prevent loss of control in an engine failure. Only piston single engine
props do the opposite in an attempt to keep the prop and engine turning
to make it easier to restart -- but at the cost of greatly reducing
your glide distance. Having a prop go to max rpm if it quits on a light
twin is likely to be deadly.

In general, it looks like a maintenance problem that was allowed to
turn into an emergency, which in turn was badly mishandled. One very
popular way of falling out of the sky is to take off in an airplane
that you knew had problems before you left.

All of that said, I think the article makes a strong argument that this
kind of thing should not happen. If you are going to have engines
dependent on electricity to keep running, then you need to have some
form of backup, but the DA-41 has a backup system -- it just didn't
cover what would happen if the alternator failed on takeoff and someone
raised the gear. I don't like the idea of the engines shutting down in
an electrical failure, either, but that is one price of FADEC. In the
DA-42, it appears that installing a generator was considered to be
enough redundancy in the event of an alternator failure. It apparently
never occurred to anyone that someone would take off with a failed
alternator and then try to raise the gear.

The question is why raising the landing gear should be allowed to cause
a complete system failure. The easiest fix would be to install a bigger
generator, but that is probably not a complete solution. I agree that
the electrical system should prioritize things, too. And if things
fail, I don't want just a red line on the voltmeter -- I want it to be
something that attracts attention to itself. In the DA-42, it appears
that there is an alternator failure light. This thing should have been
lit. Perhaps the pilot ignored it. Presumably the generator would keep
things running once the engine starts, but if all you have is the
generator I don't think you have any business departing the field. In
this case, the alternator appears to have never even started running
because of the failure of the excitation system, and the generator was
too weak to run the whole system, so it quit completely. Dang.

Yeah, I think there is a design problem, but it seems to me that the
pilot missed plenty of warning signs and opportunities to do something
about them.
--
Waddling Eagle
World Famous Flight Instructor

On 2007-04-24 14:47:11 -0700, "Friedrich Ostertag"
> said:

> Neil Gould wrote:
>> Recently, Friedrich Ostertag >
>> posted:
>>
>>> Karl-Heinz Kuenzel wrote:
>>>> Hi.
>>>>
>>>> Here in Germany we had an accident with a brand new DA 42 in Speyer
>>>> (EDRY) on 3-4-07 during take off.
>>>>
>>>> It seems, that the battery was down and both engine were started
>>>> with remote power.
>>>> After take off when retracting the gear, the props feathered and
>>>> both engines stopped.
>>>>
>>>> You can read about that accident in German (sorry) in
>>>> www.pilotundflugzeug.de
>>>>
>>>> First hearing about that accident and the background, I could not
>>>> believe it.
>>>
>>> I don't even know where to start. How can an aircraft, that depends
>>> on electrical power for the operation of it's engines, be airworthy
>>> without fully redundant electrical systems? While in this particular
>>> case the pilot might have noticed the problem, had he meticuously
>>> follow procedures and started the second engine at the plane's own
>>> power, it is quite easy to find failure modes that would go unnoticed
>>> inflight, yet cause double engine failure at the instant the gear is
>>> lowered on final. Lead batteries are known to occasionally go flat
>>> suddenly, once the buildup of oxide makes contact between the lead
>>> elements. Happened to me in the car once. The engine (a diesel with
>>> mechanical injection pump) ran happily without me even noticing the
>>> failure until I shut it down. When I turned the power back on again,
>>> not even the lights in the dashboard would light up, it was
>>> completely and utterly dead.
>>>
>>> I would never have thought that they cut corners like that at
>>> Diamond. I Hope this will not create a lot of mistrust in
>>> aerodiesels, as it is not a diesel issue. I guess you could call it a
>>> FADEC issue if you wanted, however it really is an issue of
>>> redundancy of essential systems, and easily solveable as such.
>>>
>> I have a somewhat different take on this event. It appears to me that
>> the pilot didn't sufficiently understand his aircraft or the
>> implications of the symptoms he observed. Knowing that there was
>> insufficient power to start the engines, that the engine & prop
>> controls were dependent on electric power and that the landing gear
>> used an electric motor would have stopped me from taking off until
>> the battery/electrical system problem was addressed.
>
> Well said, and I wouldn't disagree. However, the very same potentially
> deadly failure could occur anytime the battery fails inflight, with no way
> for the pilot to know about it before he actually hits the button to lower
> the gear.

No. This was not caused by a battery failure per se. It was a failure
of the electrical excitation system which starts the alternators. That
should prevent the engine from starting and it did. However, the pilot
bypassed that by starting both engines (a big no-no) with external
power. The battery is not actually used in-flight to keep the engines
running. The alternators are used for that, with a generator backup,
and finally a battery for backup, with warning lights all over the
place. Once the plane is flying, assuming the alternators start out
working, you would practically have to have a major electrical fire to
duplicate the problem. But take off without a working alternator and
you have a big problem.


--
Waddling Eagle
World Famous Flight Instructor

On 2007-04-24 09:09:14 -0700, Cary > said:

> The problem, as I understand it, was the battery was dead. According
> to the POH, the battery is used to start the engine and is used as a
> backup during flight for all the electronic gear (including the
> FADEC). Although the investigation is still ongoing and other answers
> may be forthcoming, when they operated the landing gear they exceded
> the power available from the alternators and the backup system (the
> battery) was not available so the FADEC (engine computers) stopped.
> One of the lessons here is that one should not fly an airplane that
> relies on electricity if you don't have a battery to run the
> electricity!

Actually, if the battery is dead the alternators will never start
working. This is the excitation battery system that failed. Its sole
purpose is to supply enough current to excite the alternator when the
engine is started. After that it is never used again during the flight.

The DA-42 has considerable redundancy. Click on the electrical diagram
in the article and you can see the problem immediately. This particular
airplane has two alternators *and* a generator. If the alternators do
not work (as is probable) then the generator kicks in. The generator,
however, is not big enough to operate both landing gear and engine -- a
possible design flaw. Also, if you are going to have a generator, why
not use it to excite the alternators if the excitation system has
failed? Apparently the designers assumed that if the generator is being
used that the alternators have failed beyond repair, but here it might
have been possible to get the alternators working with a full
complement of power. On the other hand, maybe the original problem was
the alternators were both dead (doesn't seem likely) and that is why
the excitation system was dead. So even current from the generator
would not have excited the alternators.


--
Waddling Eagle
World Famous Flight Instructor

On 2007-04-23 14:35:03 -0700, said:

> Gig 601XL Builder <wrDOTgiaconaATsuddenlink.net> wrote:
>> Neil Gould wrote:
>>> A simple voltmeter with a "red line" should suffice, along with a
>>> caution; "Don't take off with the needle outside the green arc". Of
>>> course, that won't prevent someone from insisting on making a bad
>>> decision.
>>>
>> I again agree but if you are going to have an sytem with FADEC it ought to
>> have the authority to to clearly tell you that it is about to use its'
>> authority to shut the engine off.
>
> From the description it sounds more like the FADEC didn't have the
> authority (or power) to do anything.
>
> More to the point, if all the power goes away, what happens to all
> the "settings" the FADEC controls?
>
> Do they go to zero, full, stay where they are?
>
> It appears that they go to zero, which is a damn unhandy failure mode.

If you are talking about the props feathering when the engines quit, it
is absolutely essential in a twin.
--
Waddling Eagle
World Famous Flight Instructor

On 2007-04-23 13:44:11 -0700, "Gig 601XL Builder"
<wrDOTgiaconaATsuddenlink.net> said:

> Neil Gould wrote:
>> A simple voltmeter with a "red line" should suffice, along with a
>> caution; "Don't take off with the needle outside the green arc". Of
>> course, that won't prevent someone from insisting on making a bad
>> decision.
>>
> I again agree but if you are going to have an sytem with FADEC it ought to
> have the authority to to clearly tell you that it is about to use its'
> authority to shut the engine off.

The FADEC cannot tell you anything or control anything if it doesn't
have power. There would be warning systems, but all they would tell you
is that your engines have quit. :-)

The problem is not FADEC. It is pilot error -- taking off with a known
electrical problem in an airplane dependent on electricity to fly,
coupled with a poor understanding of how an alternator works.
--
Waddling Eagle
World Famous Flight Instructor

> The problem is not FADEC. It is pilot error -- taking off with a known electrical problem in an airplane dependent on electricity to fly, coupled with a poor understanding of how an alternator works.

Maybe the problem in =this= flight was pilot error, inasmuch as the
takeoff would be ill-advised under the circumstances. However, the
accident does illustrate a weak point of the system. There are other
ways to trigger that weak point.

I don't know the system, so I can't second guess the engineers
intellegently about it. However, it does seem to be a serious oversight
that the engines themselves can't supply their own juice.

Jose
--
Get high on gasoline: fly an airplane.
for Email, make the obvious change in the address.

On 2007-04-23 11:32:17 -0700, "Gig 601XL Builder"
<wrDOTgiaconaATsuddenlink.net> said:

> Neil Gould wrote:
>> Recently, Karl-Heinz Kuenzel > posted:
>>
>>> Neil Gould schrieb:
>>>> I have a somewhat different take on this event. [...]
>>>> I don't find it
>>>> surprising that the props feathered in this situation, and would
>>>> even say that it would be the expected behavior, rather than a fluke
>>>> of some kind. I would find it surprising if Diamond doesn't have
>>>> adequate information about their flight systems in the POH to inform
>>>> the pilot of this possibility.
>>>>
>>>
>>> OK Neil.
>>>
>>> You find it in the article.
>>>
>> My Deutsch is far too rusty to find it in the article. ;-)
>>
>>> POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE
>>> WITH EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL
>>> PROCEDURE
>>>
>>> That is it.
>>>
>> That's fine for starting the engines, but that isn't the only issue,
>> is it?
>>
>> Is there nothing in the POH about the electrically powered items
>> (landing gear, FADEC, etc.)? If there is, it shouldn't require an EE
>> degree to realize that one should be concerned about the condition of
>> the batteries, charging, etc. if one has to "jump start" the engine,
>> or to realize that something critical is in need of attention.
>>
>> Maybe I'm just an overly cautious type. ;-)
>>
>> Neil
>
> I agree that if you are flying what is basically an all electric aircraft
> and you have an electrical problem on the ground that you should take extra
> care before flight BUT, there should be some system in place that doesn't
> allow the gear switch, landing lights or any other electrically operated
> item to become an OFF switch with out some damn significant warning.

Either that, or put in a big enough generator to run everything. Good
grief, this airplane had batteries, backup batteries, two alternators,
and a generator. It had warning lights and systems which should have
told the pilot that only the generator was working. The pilot should
have known that the generator does not generate full electrical power.
How much redundancy is enough? You spend a fortune on a plane and don't
learn the emergency procedures? What's up with that?
--
Waddling Eagle
World Famous Flight Instructor

On 2007-04-23 11:20:24 -0700, "Neil Gould" > said:

> Recently, Karl-Heinz Kuenzel > posted:
>
>> Neil Gould schrieb:
>>> I have a somewhat different take on this event. [...]
>>> I don't find it
>>> surprising that the props feathered in this situation, and would
>>> even say that it would be the expected behavior, rather than a fluke
>>> of some kind. I would find it surprising if Diamond doesn't have
>>> adequate information about their flight systems in the POH to inform
>>> the pilot of this possibility.
>>>
>>
>> OK Neil.
>>
>> You find it in the article.
>>
> My Deutsch is far too rusty to find it in the article. ;-)
>
>> POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE
>> WITH EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL
>> PROCEDURE
>>
>> That is it.
>>
> That's fine for starting the engines, but that isn't the only issue, is
> it?
>
> Is there nothing in the POH about the electrically powered items (landing
> gear, FADEC, etc.)? If there is, it shouldn't require an EE degree to
> realize that one should be concerned about the condition of the batteries,
> charging, etc. if one has to "jump start" the engine, or to realize that
> something critical is in need of attention.
>
> Maybe I'm just an overly cautious type. ;-)
>
> Neil

No, you are not overly cautious. Every pilot should be taught that if
the battery is dead and you start the plane with external power, the
first thing you check is to see if the alternator(s) is charging. If it
isn't, either the alternator is broken or the battery did not excite
the alternator.

Now, if the excitation system did not excite the alternator, why didn't
the remote starting system do it? It should have. I would want a look
at the power cart, its cables, and the wiring to the port on the
airplane. In fact, especially the latter, as it could provide a clue as
to why the excitation battery died in the first place.
--
Waddling Eagle
World Famous Flight Instructor

On 2007-04-24 10:19:56 -0700, "Al G" > said:

>
> "Jim Carter" > wrote in message
> et...
>> Aircraft using FADEC are relatively recent so why isn't power-loading
>> prioritized by the electrical system? When an electrical event occurs that
>> overloads the system capacity, why isn't there enough built-in systems
>> intelligence onboard to protect the FADEC? If we have enough smarts to
>> design and build a FADEC why don't we have enough smarts to protect it?
>>
>> --
>> Jim Carter
>> Rogers, Arkansas
>>
> Well said. It should have some fall back. If the coffee maker shorts the
> engines quit?
>
> Al G

That is a little over the top, really. A look at the electrical diagram
shows the problem: the alternators were not working because the
excitation system failed and the backup generator did not generate
enough power to run everything. Not a problem in most circumstances,
but a pilot should be smart enough not to take off in that condition.

That said, I think protecting essential systems such as the engine is a
good idea. It ought to be part of the fix, along with a bigger
generator, revised engine checklist for starting engine with remote
power (don't, under any circumstances, start both engines this way --
there is no such thing as an emergency take-off) and better pilot
training.
--
Waddling Eagle
World Famous Flight Instructor

On 2007-04-24 18:45:43 -0700, Jose > said:

>> The problem is not FADEC. It is pilot error -- taking off with a known
>> electrical problem in an airplane dependent on electricity to fly,
>> coupled with a poor understanding of how an alternator works.
>
> Maybe the problem in =this= flight was pilot error, inasmuch as the
> takeoff would be ill-advised under the circumstances. However, the
> accident does illustrate a weak point of the system. There are other
> ways to trigger that weak point.

Really? Name one.

>
> I don't know the system, so I can't second guess the engineers
> intellegently about it. However, it does seem to be a serious
> oversight that the engines themselves can't supply their own juice.
>
> Jose

They do -- with an alternator on each engine. There is also a
generator. How predictable is the failure of two alternators, the
batteries, etc?
--
Waddling Eagle
World Famous Flight Instructor

>> There are other ways to trigger that weak point.
> Really? Name one.

I'm guessing here (as I don't know the system), but it seems like a
short circuit in the landing gear could fail the engine's alternator, if
they are interconnected the way it seems from the postings.

>> it does seem to be a serious oversight that the engines themselves can't supply their own juice.
> They do -- with an alternator on each engine.

Well, those alternators seem to be supplying juice to everything, making
them more vulnerable. No?

Jose
--
Get high on gasoline: fly an airplane.
for Email, make the obvious change in the address.

"C J Campbell" > wrote in message
news:2007042418074350073-christophercampbell@hotmailcom...
> On 2007-04-22 04:23:22 -0700, Karl-Heinz Kuenzel
> > said:
>
> > Hi.
> >
> > Here in Germany we had an accident with a brand new DA 42 in Speyer
> > (EDRY) on 3-4-07 during take off.
> >
> > It seems, that the battery was down and both engine were started with
> > remote power.
> > After take off when retracting the gear, the props feathered and both
> > engines stopped.
> >
> > You can read about that accident in German (sorry) in
www.pilotundflugzeug.de
> >
> > First hearing about that accident and the background, I could not
believe it.
> >
> > Karl
>
> If you have to start both engines with remote power it seems to me that
> is should be obvious that the electrical system is not working. If it
> doesn't work with one engine running it is not going to work with them
> both running.
>
> According to the article, the battery was so dead that it could not
> excite the alternator -- the alternator needs some current in order to
> start. For example, if you hand-prop a single engine piston airplane
> that has a dead battery, you might get the engine to run but you still
> will not have an electrical system. The article complains about there
> being a "single point of failure" for the plane, but in fact most small
> aircraft have the same single point of failure. In the case of the
> DA-42, however, electrical current is needed to keep the engines
> running. This is a big difference from the piston engines most of us
> are used to. This turns an electrical failure from a nuisance to
> something deadly. The excitation battery system is needed to run the
> ECU for each engine. Although each engine has its own bus, both are
> dependent on the excitation battery system. If that fails, both engine
> buses and the main bus go down. Since the excitation battery system
> does not have anywhere near the power to handle loads like the gear,
> the avionics, and the engine (and it was already broken), there was no
> way this plane was going to fly.
>
> The pilot should have known that if both engines needed to be started
> remotely that this plane was not airworthy. Spending a little time
> studying the electrical system of your plane can save your life. Look
> at each component and ask yourself, what if it quits?
>
> The props on most twin engine aircraft feather when they quit. It helps
> prevent loss of control in an engine failure. Only piston single engine
> props do the opposite in an attempt to keep the prop and engine turning
> to make it easier to restart -- but at the cost of greatly reducing
> your glide distance. Having a prop go to max rpm if it quits on a light
> twin is likely to be deadly.
>
> In general, it looks like a maintenance problem that was allowed to
> turn into an emergency, which in turn was badly mishandled. One very
> popular way of falling out of the sky is to take off in an airplane
> that you knew had problems before you left.
>
> All of that said, I think the article makes a strong argument that this
> kind of thing should not happen. If you are going to have engines
> dependent on electricity to keep running, then you need to have some
> form of backup, but the DA-41 has a backup system -- it just didn't
> cover what would happen if the alternator failed on takeoff and someone
> raised the gear. I don't like the idea of the engines shutting down in
> an electrical failure, either, but that is one price of FADEC. In the
> DA-42, it appears that installing a generator was considered to be
> enough redundancy in the event of an alternator failure. It apparently
> never occurred to anyone that someone would take off with a failed
> alternator and then try to raise the gear.
>
> The question is why raising the landing gear should be allowed to cause
> a complete system failure. The easiest fix would be to install a bigger
> generator, but that is probably not a complete solution. I agree that
> the electrical system should prioritize things, too. And if things
> fail, I don't want just a red line on the voltmeter -- I want it to be
> something that attracts attention to itself. In the DA-42, it appears
> that there is an alternator failure light. This thing should have been
> lit. Perhaps the pilot ignored it. Presumably the generator would keep
> things running once the engine starts, but if all you have is the
> generator I don't think you have any business departing the field. In
> this case, the alternator appears to have never even started running
> because of the failure of the excitation system, and the generator was
> too weak to run the whole system, so it quit completely. Dang.
>
> Yeah, I think there is a design problem, but it seems to me that the
> pilot missed plenty of warning signs and opportunities to do something
> about them.
> --
> Waddling Eagle
> World Famous Flight Instructor
>
As you correctly pointed out, we will all have to wait for the accident
report to know very much. In my case, I already knew that the DA-42 had two
common rail diesel engines and was very fuel efficient--but nearly all of
the rest came from this thread. The result of what I am learning here is
that I am becomming less critical of the the aircraft systems and more
suspicious of a catastrophic series of human errors--from what I have read
in this conversation, it appears that, if a DA-42 is parked with the master
switch(es) on, and with the alternator exciter battery switches also turned
on, and the pilot did not understand the aircraft systems; then something
like this could easily occur.

Obviously, at this time, none of use know what really happened; but I am no
longer ready to presume that the systems lacked a normal level of safety.
In fact, I am no longer ready to presume anything--other than the fact that
I plan to read the report when available.

Peter

"C J Campbell" > wrote in message
news:2007042418505437709-christophercampbell@hotmailcom...
> On 2007-04-23 11:20:24 -0700, "Neil Gould" > said:
>
> > Recently, Karl-Heinz Kuenzel > posted:
> >
> >> Neil Gould schrieb:
> >>> I have a somewhat different take on this event. [...]
> >>> I don't find it
> >>> surprising that the props feathered in this situation, and would
> >>> even say that it would be the expected behavior, rather than a fluke
> >>> of some kind. I would find it surprising if Diamond doesn't have
> >>> adequate information about their flight systems in the POH to inform
> >>> the pilot of this possibility.
> >>>
> >>
> >> OK Neil.
> >>
> >> You find it in the article.
> >>
> > My Deutsch is far too rusty to find it in the article. ;-)
> >
> >> POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE
> >> WITH EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL
> >> PROCEDURE
> >>
> >> That is it.
> >>
> > That's fine for starting the engines, but that isn't the only issue, is
> > it?
> >
> > Is there nothing in the POH about the electrically powered items
(landing
> > gear, FADEC, etc.)? If there is, it shouldn't require an EE degree to
> > realize that one should be concerned about the condition of the
batteries,
> > charging, etc. if one has to "jump start" the engine, or to realize that
> > something critical is in need of attention.
> >
> > Maybe I'm just an overly cautious type. ;-)
> >
> > Neil
>
> No, you are not overly cautious. Every pilot should be taught that if
> the battery is dead and you start the plane with external power, the
> first thing you check is to see if the alternator(s) is charging. If it
> isn't, either the alternator is broken or the battery did not excite
> the alternator.
>
> Now, if the excitation system did not excite the alternator, why didn't
> the remote starting system do it? It should have. I would want a look
> at the power cart, its cables, and the wiring to the port on the
> airplane. In fact, especially the latter, as it could provide a clue as
> to why the excitation battery died in the first place.
> --
> Waddling Eagle
> World Famous Flight Instructor
>
Actually, it may be possible to start some older airplanes on external
power, disconnect the power cart, and then not have enough voltage to engage
the alternator solenoid. I no longer recall the exact circumstances, and
don't have a manual available, but I believe that it was even possible to
induce the problem on a plain old Cessna 172.

Peter

Jose,

> However, it does seem to be a serious oversight
> that the engines themselves can't supply their own juice.
>

That will become totally common with FADEC engines. It's just DIFFERENT
failure modes we have to be used to - our current old engines have
single failure points, too.

--
Thomas Borchert (EDDH)

Newps,

> What does it cost the owner at 2400 hours?
>

I seem to recall it's something like 20k for a new engine.

--
Thomas Borchert (EDDH)

"C J Campbell" wrote ...
>
> According to the article, the battery was so dead that it could not excite
> the alternator -- the alternator needs some current in order to start.

I'm sorry, but the quoted article seems to point more at the main battery as
the culprit.

Without the buffering effect of the main battery, the current spike of the
gear retract was supposedly enough to decrease the voltage on the ECU bus
and cause an ECU reset.

There is a discussion whether the main battery was connected to the battery
bus at all. Judging from the electrical diagram, if the battery is flat
there is no way to activate the battery relay to get the main battery
connected to the battery bus.

If the excitation battery had been the culprit, I guess an alternator
warning light would have been very visible.

Recently, Friedrich Ostertag > posted:

> Neil Gould wrote:
>> Recently, Friedrich Ostertag >
>> posted:
>>
>>> Karl-Heinz Kuenzel wrote:
>>>> Hi.
>>>>
>>>> Here in Germany we had an accident with a brand new DA 42 in Speyer
>>>> (EDRY) on 3-4-07 during take off.
>>>>
>>>> It seems, that the battery was down and both engine were started
>>>> with remote power.
>>>> After take off when retracting the gear, the props feathered and
>>>> both engines stopped.
>>>>
>>>> You can read about that accident in German (sorry) in
>>>> www.pilotundflugzeug.de
>>>>
>>>> First hearing about that accident and the background, I could not
>>>> believe it.
>>>
>>> I don't even know where to start. How can an aircraft, that depends
>>> on electrical power for the operation of it's engines, be airworthy
>>> without fully redundant electrical systems? While in this particular
>>> case the pilot might have noticed the problem, had he meticuously
>>> follow procedures and started the second engine at the plane's own
>>> power, it is quite easy to find failure modes that would go
>>> unnoticed inflight, yet cause double engine failure at the instant
>>> the gear is lowered on final. Lead batteries are known to
>>> occasionally go flat suddenly, once the buildup of oxide makes
>>> contact between the lead elements. Happened to me in the car once.
>>> The engine (a diesel with mechanical injection pump) ran happily
>>> without me even noticing the failure until I shut it down. When I
>>> turned the power back on again, not even the lights in the
>>> dashboard would light up, it was completely and utterly dead.
>>>
>>> I would never have thought that they cut corners like that at
>>> Diamond. I Hope this will not create a lot of mistrust in
>>> aerodiesels, as it is not a diesel issue. I guess you could call it
>>> a FADEC issue if you wanted, however it really is an issue of
>>> redundancy of essential systems, and easily solveable as such.
>>>
>> I have a somewhat different take on this event. It appears to me that
>> the pilot didn't sufficiently understand his aircraft or the
>> implications of the symptoms he observed. Knowing that there was
>> insufficient power to start the engines, that the engine & prop
>> controls were dependent on electric power and that the landing gear
>> used an electric motor would have stopped me from taking off until
>> the battery/electrical system problem was addressed.
>
> Well said, and I wouldn't disagree. However, the very same potentially
> deadly failure could occur anytime the battery fails inflight, with
> no way for the pilot to know about it before he actually hits the
> button to lower the gear. That alone appears to me to be a major
> design flaw that would make me pretty uncomfortable, batteries are
> known to fail suddenly sometimes. I really would expect redundancy in
> something as critical as the power supply for the fadec to be a
> requirement for airworthyness. Why have two sets of magnetos on the
> typical SI-engine? It's just an electrical system, too... Why have a
> twin engined aircraft?
>
I agree that a failure mode allowing in-flight engine shutdown due to low
battery voltage implies that there may be an aspect of the design that
needs attention. On the other hand, the dead battery could have been a
symptom of a larger problem, and the existing design really is quite
reasonable.

>> I don't find it
>> surprising that the props feathered in this situation, and would even
>> say that it would be the expected behavior, rather than a fluke of
>> some kind.
>
> If you are saying that a shut-down is to be expected when the power
> supply on a fadec controlled engine fails, you are right. No modern
> engine will continue running without electrical power. Even on a
> diesel with common rail fuel supply (as the thielert is) without
> electricity no fuel injection is possible.
>
Right, however, the alternator should be able to supply the electricity
needed to keep the engines running. It wouldn't surprise me to find that
the a breaker had popped when the landing gear was retracted and the pilot
didn't think to reset it.

Neil

"Neil Gould" wrote ...
>>
> If the alternators weren't excited, wouldn't the pilot be looking at two
> alternator warning lights prior to take off?


According to the AFM there are amber caution lights for alternator failure,
so yes.


> Does the aircraft have an
> ampmeter?
>


Again according to the AFM, yes, but notably, it is not on the MFD's default
engine display page but on the "System" page together with the voltmeters.
You need to push a button to see it. However, the checklist requires you to
have a look at the "System" page after engine start as well as before
take-off, so if the checklist is followed a fault would not go unnoticed.

In the other scenario posited by the article, i.e. an unconnected main
battery, things become interesting. In this scenario the ammeters would
presumably show "normal" values, i.e the instantaneous consumption of the
electrical devices. In this case the voltmeter would really be essential .
The AFM says about the voltmeters: "Under normal operating conditions the
alternator voltage is shown, otherwise it displays the 'main'-battery
voltage." So the voltmeters presumably measure the bus voltage, and in this
scenario (battery disconnected) they would probably show an abnormal voltage
which could alert the pilot. I'm no expert here, but I seem to recall
stories of batteries failing in-flight and how that can be seen from the
voltmeter.

Also, in this case, there seems to be no way of positively checking the
actual, pure main battery voltage, because according to the schematic the
main battery relay needs power from the battery itself to operate and
connect to the battery bus. Or then I'm missing something......

Recently, C J Campbell > posted:

> On 2007-04-23 11:20:24 -0700, "Neil Gould" >
> said:
>
>> Recently, Karl-Heinz Kuenzel > posted:
>>
>>> Neil Gould schrieb:
>>>> I have a somewhat different take on this event. [...]
>>>> I don't find it
>>>> surprising that the props feathered in this situation, and would
>>>> even say that it would be the expected behavior, rather than a
>>>> fluke of some kind. I would find it surprising if Diamond doesn't
>>>> have adequate information about their flight systems in the POH to
>>>> inform the pilot of this possibility.
>>>>
>>>
>>> OK Neil.
>>>
>>> You find it in the article.
>>>
>> My Deutsch is far too rusty to find it in the article. ;-)
>>
>>> POH -> Under - abnormal operating procedures - 4B.7 STARTING ENGINE
>>> WITH EXTERNAL POWER - #13 Opposite engine ..... START WITH NORMAL
>>> PROCEDURE
>>>
>>> That is it.
>>>
>> That's fine for starting the engines, but that isn't the only issue,
>> is it?
>>
>> Is there nothing in the POH about the electrically powered items
>> (landing gear, FADEC, etc.)? If there is, it shouldn't require an EE
>> degree to realize that one should be concerned about the condition
>> of the batteries, charging, etc. if one has to "jump start" the
>> engine, or to realize that something critical is in need of
>> attention.
>>
>> Maybe I'm just an overly cautious type. ;-)
>>
>> Neil
>
> No, you are not overly cautious. Every pilot should be taught that if
> the battery is dead and you start the plane with external power, the
> first thing you check is to see if the alternator(s) is charging. If
> it isn't, either the alternator is broken or the battery did not
> excite the alternator.
>
> Now, if the excitation system did not excite the alternator, why
> didn't the remote starting system do it? It should have. I would want
> a look
> at the power cart, its cables, and the wiring to the port on the
> airplane. In fact, especially the latter, as it could provide a clue
> as to why the excitation battery died in the first place.
>
If the alternators weren't excited, wouldn't the pilot be looking at two
alternator warning lights prior to take off? Does the aircraft have an
ampmeter?

Neil

Thomas, et al,
I agree about our legacy systems having single points of failure (SPOF);
but I would hope the new technology offered by FADEC would begin to
eliminate those SPOFs without introducing new ones. It appears to me that we
still have all of the legacy SPOFs and have now added new ones. Prior to
FADEC we didn't even have to have an electrical system to make an engine
run.

--
Jim Carter
Rogers, Arkansas
"Thomas Borchert" > wrote in message
...
> Jose,
>
>> However, it does seem to be a serious oversight
>> that the engines themselves can't supply their own juice.
>>
>
> That will become totally common with FADEC engines. It's just DIFFERENT
> failure modes we have to be used to - our current old engines have
> single failure points, too.
>
> --
> Thomas Borchert (EDDH)
>

"C J Campbell" > wrote ...
> Jose > said:
>> I don't know the system, so I can't second guess the engineers
>> intellegently about it. However, it does seem to be a serious oversight
>> that the engines themselves can't supply their own juice.
>
> They do -- with an alternator on each engine. There is also a generator.
> How predictable is the failure of two alternators, the batteries, etc?

Chris,
I do not see the Generator to which you keep refering. Each engine has a
Starter Motor and an Alternator. The Airframe has a single Main Battery (10
amphour rated) and a series up Alternator Excitation Battery (1.3 amphour)
used "in the event of a main bat failure" (Diamond quote in POH). From the
article's diagram the magazine editor marked the excitation battery in RED.
I am not good enough with technical German to read the article, maybe
another reader can summerize the reason for the red highlight.

http://img.edsb.airworkpress.com/red/da42/esys_big.gif

http://www.pilotundflugzeug.de/artikel/2007-04-12/DA42_Unfall

I am a bit confused how that excitation battery is normally charged and how
the battery is monitored.

I also note that the Ground Power system is pretty standard looking in the
schematic, ie keep the Main Electric Master off and turn one Engine Master
on for starting so as not to have the bad battery connected and draw down
the Cart while cranking. But then what? You got your backup Battery excited
Alternator running your ECU on that engine, but it looks like you need to
keep the APU Cart connected because the power to activate the Alt relay can
only come from the main bus side. Is this normal for other twins?

Recently, Snowbird > posted:

>> "Neil Gould" wrote ...
>>
>> Does the aircraft have an
>> ampmeter?
>>
>
>
> Again according to the AFM, yes, but notably, it is not on the MFD's
> default engine display page but on the "System" page together with
> the voltmeters. You need to push a button to see it. However, the
> checklist requires you to have a look at the "System" page after
> engine start as well as before take-off, so if the checklist is
> followed a fault would not go unnoticed.
>
I would think that this preflight requirement has implications for this
accident.

> In the other scenario posited by the article, i.e. an unconnected
> main battery, things become interesting. In this scenario the
> ammeters would presumably show "normal" values, i.e the instantaneous
> consumption of the electrical devices.
>
If the alternators are working, the ammeters should show a higher than
normal postive value, as the battery is not putting a normal load on the
charging system. That, too, would stop me from taking off.

> In this case the voltmeter
> would really be essential . The AFM says about the voltmeters: "Under
> normal operating conditions the alternator voltage is shown,
> otherwise it displays the 'main'-battery voltage." So the voltmeters
> presumably measure the bus voltage, and in this scenario (battery
> disconnected) they would probably show an abnormal voltage which
> could alert the pilot. I'm no expert here, but I seem to recall
> stories of batteries failing in-flight and how that can be seen from
> the voltmeter.
>
Hmm. I'd think the alternator voltage would always be shown unless the
engines aren't running, and then the bus voltage is shown. A look at the
schematic could reveal which case is correct.

> Also, in this case, there seems to be no way of positively checking
> the actual, pure main battery voltage, because according to the
> schematic the main battery relay needs power from the battery itself
> to operate and connect to the battery bus. Or then I'm missing
> something......
>
I'd think that checking when the engines are not running would show the
main battery voltage level. If the battery is dead, of course, the relay
wouldn't have power to connect to the bus.

Neil

Recently, Mike Isaksen > posted:

> "C J Campbell" > wrote ...
>> Jose > said:
>>> I don't know the system, so I can't second guess the engineers
>>> intellegently about it. However, it does seem to be a serious
>>> oversight that the engines themselves can't supply their own juice.
>>
>> They do -- with an alternator on each engine. There is also a
>> generator. How predictable is the failure of two alternators, the
>> batteries, etc?
>
> Chris,
> I do not see the Generator to which you keep refering.
>
On the schematic you're referencing, the Generators are the circular
symbols with the 'G' and labeled as such. However, as the relay in the
Generator circuit is labled "Alternator Relay", and there is an excitation
circuit I suspect that the terms are being used interchangeably. Not
technically correct, but...

> Each engine
> has a Starter Motor and an Alternator. The Airframe has a single Main
> Battery (10 amphour rated) and a series up Alternator Excitation
> Battery (1.3 amphour) used "in the event of a main bat failure"
> (Diamond quote in POH). From the article's diagram the magazine
> editor marked the excitation battery in RED. I am not good enough
> with technical German to read the article, maybe another reader can
> summerize the reason for the red highlight.
>
> http://img.edsb.airworkpress.com/red/da42/esys_big.gif
>
> http://www.pilotundflugzeug.de/artikel/2007-04-12/DA42_Unfall
>
> I am a bit confused how that excitation battery is normally charged
> and how the battery is monitored.
>
The excitation battery has a direct feed from both generators (really
alternators). If the fuse isn't blown, either alternator may be able to
charge this battery from excitation feedback. There is no indication of
how the battery condition would be monitored, but if neither alternator
operates, the excitation battery would be highly suspect.

Neil

On 2007-04-24, Al G > wrote:
> Well said. It should have some fall back. If the coffee maker shorts the
> engines quit?

No, a breaker pops.

Personally, I'm more interested in the accident investigation - all we
know at the moment is the pilot had a discharged battery and the engines
quit.

How do we know that there were not two systems that were failed on the
aircraft - such as the backup generator (which has been mentioned) as
well as the battery? We don't until the accident investigation
concludes.

--
Yes, the Reply-To email address is valid.
Oolite-Linux: an Elite tribute: http://oolite-linux.berlios.de

"Dylan Smith" wrote ...

> Personally, I'm more interested in the accident investigation - all we
> know at the moment is the pilot had a discharged battery and the engines
> quit.
>
Here's some more:
http://www.flightglobal.com/Articles/2007/04/23/213371/accident-ignites-da42-engine-row.html

"Snowbird" > wrote ...
>
> "Dylan Smith" wrote ...
>
>> Personally, I'm more interested in the accident investigation - all we
>> know at the moment is the pilot had a discharged battery and the engines
>> quit.
>>
> Here's some more:
> http://www.flightglobal.com/Articles/2007/04/23/213371/accident-ignites-da42-engine-row.html
>

WOW, great link! Tech details down to millisecond voltage dip measurements.
Hurray for the Poor Man's Black Boxes on those Thielerts. Reading this has
tipped me to beginning my research on getting a Graphic Engine Analyzer with
data logging. I only wish I had done this last week at SNF.

Snowbird wrote:
> "Dylan Smith" wrote ...
>
>> Personally, I'm more interested in the accident investigation - all
>> we know at the moment is the pilot had a discharged battery and the
>> engines quit.
>>
> Here's some more:
> http://www.flightglobal.com/Articles/2007/04/23/213371/accident-
> ignites-da42-engine-row.html

Well at least neither Diamond nor TAE is saying there is no problem and
trying to blame the pilot. This is an excellent first step in getting any
problem fixed.

On Apr 24, 3:47 pm, "Mike Isaksen" > wrote:
> > wrote in message ...
> > That is, while the FADEC itself probably doesn't require much
> > in the way of power, how much power does it take to manipulate
> > the throttle, mixture, and prop?
>
> The answers to those kind of questions seem to be missing from the public
> record, and even the public discussion. [..]

We had a large discussion of FADEC right here last November.
Unfortunately, non-engineer types decided to hijack the discussion,
mostly because they wanted to bash anyone who agreed with Mxsmanic
that all-electronic systems can have major failure modes. (Ever have
your car engine stop because of a failed sensor? I have.)

At that time, I wrote "Losing all power (including the battery backup)
on a FADEC means your engine stops."

Multiple people (who I will not name because they should rightfully be
embarrassed, but they post here a lot) threw insults at the very idea
that this could happen.

In any case, the FAA deems that EECs (Electronic Engine Controllers)
should fail such that the engine is producting at least 85% power.
EECs are just engine aids, however. Full authority FADECs have no
such requirement. Instead, they are supposed to have backup
batteries and/or alternators. Just like the DA-42, basically.

Regards, Kev

Gig 601XL Builder wrote:
> Snowbird wrote:
>> "Dylan Smith" wrote ...
>>
>>> Personally, I'm more interested in the accident investigation - all
>>> we know at the moment is the pilot had a discharged battery and the
>>> engines quit.
>>>
>> Here's some more:
>> http://www.flightglobal.com/Articles/2007/04/23/213371/accident-
>> ignites-da42-engine-row.html
>
> Well at least neither Diamond nor TAE is saying there is no problem and
> trying to blame the pilot. This is an excellent first step in getting any
> problem fixed.
>
>
As a DA42 owner I hope that the "problem" will get fixed by either
Diamond or TAE. However, note that Diamond did blame the pilot because
the pilot did not use the procedures outlined in the POH to start the
second engine.

Cary

Jim,

> but I would hope the new technology offered by FADEC would begin to
> eliminate those SPOFs without introducing new ones.

That's pretty much impossible by definition. Not even NASA does it on
spacecraft.

>It appears to me that we
> still have all of the legacy SPOFs and have now added new ones.

I disagree.

--
Thomas Borchert (EDDH)

On 2007-04-26, Kev > wrote:
> We had a large discussion of FADEC right here last November.
> Unfortunately, non-engineer types decided to hijack the discussion,
> mostly because they wanted to bash anyone who agreed with Mxsmanic
> that all-electronic systems can have major failure modes. (Ever have
> your car engine stop because of a failed sensor? I have.)

I've had more older car engines stop because of failed mechanical
ignition parts like points. I've never actually had a car engine with an
ECU fail.

I know a pilot who had a double magneto failure, too, which resulted in
the C172 on its back in a field. Guess what - most two magneto engines
have single points of failure.

It's not a question that FADECs will fail - but what will be more
failure prone: a manual-everything engine where the pilot can mismanage
the engine into quitting, or a FADEC that can lose electrical supply and
cause the engine to quit. Only time will really tell in aviation which
is more reliable. However, my bet on having owned both cars with purely
mechanical ignition and cars with engine management computers is that
the ones with engine management computers are orders of magnitude more
reliable. I would at this stage be putting my bets on FADEC being more
relibale than purely mechanical engines + manual engine management in
the long run. That's not to say FADECs won't fail, but pilots+mechanical
electrical systems will fail more often.

--
Yes, the Reply-To email address is valid.
Oolite-Linux: an Elite tribute: http://oolite-linux.berlios.de

"Dylan Smith" > wrote in message
...
>
> I know a pilot who had a double magneto failure, too, which resulted in
> the C172 on its back in a field. Guess what - most two magneto engines
> have single points of failure.
>

What caused the mags to fail?

On 2007-04-26, Maxwell > wrote:
> What caused the mags to fail?

I don't remember the specifics (and I'm trying to find the NTSB report
with no joy so far). I believe it was one of those 'dual mag'
installations and there was a mechanical failure.

--
Yes, the Reply-To email address is valid.
Oolite-Linux: an Elite tribute: http://oolite-linux.berlios.de

"Maxwell" > wrote in message
...
>
> "Dylan Smith" > wrote in message
> ...
> >
> > I know a pilot who had a double magneto failure, too, which resulted in
> > the C172 on its back in a field. Guess what - most two magneto engines
> > have single points of failure.
> >
>
> What caused the mags to fail?
>
>
Obviously, I am not familiar with the particular case; but here are a couple
of scenarios:
1 There is a single gear which drives the entire accessory section.
2 There is/was a product called a dual magneto, used on some four
cylinder Lycoming engines which had an internal gear to drive the two
magneto sections and impulse coupler(s). There were several failures on
relatively new Piper Tomahawks in the early eighties.

Additional possibilities include shorts behind the instrument panel, or even
in the ignition switch or switches--since a magneto is dissabled (turned
off) by shorting the P-lead toground.

In addition to the magnetos; common failure modes include mixture and
throttle control cables and fittings.

Like Dylan, I have found the automotive ECMs to be far more reliable in
service than the old breaker ignition systems. I have had a defective
throttle positioner which resulted in a higher than normal idle speed, and a
rough running engine due to a defective spark plug, but nothing that
disabled the engines. So, personal feelings aside (which I admit is another
issue), the ECMs and FADECs seem to have better long term reliability than
the mechanical/manual systems they replace--and they may far fewer mistakes
than I do.

Peter

"Peter Dohm" > wrote in message
.. .
..
>
> Additional possibilities include shorts behind the instrument panel, or
> even
> in the ignition switch or switches--since a magneto is dissabled (turned
> off) by shorting the P-lead toground.
>
> In addition to the magnetos; common failure modes include mixture and
> throttle control cables and fittings.
>
> Like Dylan, I have found the automotive ECMs to be far more reliable in
> service than the old breaker ignition systems. I have had a defective
> throttle positioner which resulted in a higher than normal idle speed, and
> a
> rough running engine due to a defective spark plug, but nothing that
> disabled the engines. So, personal feelings aside (which I admit is
> another
> issue), the ECMs and FADECs seem to have better long term reliability than
> the mechanical/manual systems they replace--and they may far fewer
> mistakes
> than I do.
>

But that's a completely different kettle of fish. I was wondering what cause
the dual mag failure on a 172.

Dylan Smith wrote:

> It's not a question that FADECs will fail - but what will be more
> failure prone: a manual-everything engine where the pilot can mismanage
> the engine into quitting, or a FADEC that can lose electrical supply and
> cause the engine to quit.




Not all FADEC's fail with the loss of electrical power. The PRISM
system will continue to run without electricity. Matter of fact I'm not
aware of any other system that fails with a loss of electrical power.

Thomas,
Can you please elaborate on your comments? In almost every other
endeavor we've tried, introducing advanced technology attempts to reduce
risk while improving efficiency and reliability. Now that we've got FADECs
around, why shouldn't we expect the same goals from that technology?

When NASA introduced computing capabilities to the space program (flight
side) they understood how we would come to rely on the technology and how it
would become mission critical. As such they built in certain redundancies -
and this was 30 years ago.

Why shouldn't we expect further improvements beyond that early
technology from today's FADEC equipped aircraft? As far as current SPOFs, we
still have the mechanical or electro/mechanical fuel system, but we have
eliminated the magnetos. However the magnetos were usually a redundant
installation. With FADEC we've introduced a single engine controller that
manages the prop, the fuel, the air intake, and the resulting power output.
So we've traded one redundant system for a SPOF system even though they
don't do exactly the same things.

Please don't just say "I disagree"; explain yourself so maybe we can
learn something from each other.

--
Jim Carter
Rogers, Arkansas
"Thomas Borchert" > wrote in message
...
> Jim,
>
>> but I would hope the new technology offered by FADEC would begin to
>> eliminate those SPOFs without introducing new ones.
>
> That's pretty much impossible by definition. Not even NASA does it on
> spacecraft.
>
>>It appears to me that we
>> still have all of the legacy SPOFs and have now added new ones.
>
> I disagree.
>
> --
> Thomas Borchert (EDDH)
>

At one time there was a single drive to a Tee connector that drove both
magnetos. Stupid design that probably met some budget requirement with no
regard to why there were two magnetos to start with.

Dylan's statement that "most two magneto engines have single points of
failure" surprises me unless he's talking about other components. A properly
implemented two magneto setup is fully redundant.

--
Jim Carter
Rogers, Arkansas
"Maxwell" > wrote in message
...
>
> "Dylan Smith" > wrote in message
> ...
>>
>> I know a pilot who had a double magneto failure, too, which resulted in
>> the C172 on its back in a field. Guess what - most two magneto engines
>> have single points of failure.
>>
>
> What caused the mags to fail?
>

On Apr 26, 5:54 pm, Newps > wrote:
> Not all FADEC's fail with the loss of electrical power.

All true FADECs will fail. In a full authority electronic system, no
juice = no electronics.

> The PRISM
> system will continue to run without electricity. Matter of fact I'm not
> aware of any other system that fails with a loss of electrical power.

That's because PRISM (and ePiC) are not Full Authority systems. Not
even close. They're simply electronic aids to timing, fuel flow,
etc. They're no more a FADEC than an electronic ignition on a car
is.

Kev

On Apr 26, 1:29 pm, "Peter Dohm" > wrote:
> Like Dylan, I have found the automotive ECMs to be far more reliable in
> service than the old breaker ignition systems. [...]

<grin> That's because neither of you have had a failure yet. I've
had automotive computer systems fail due to cold solder joints, part
failures, sensor failures. Even had a transmission computer decide
to go into limp mode just because a sensor glitched for a few
seconds. If I were out in the woods, I'd much rather have old-style
points act up, than have a computer failure.

(Throttle positioning sensors don't count... the throttle is still
mechanical in that case.)

Mind you, every day I'm glad that my vehicles start instantly because
of electronic engine aids. But I'm not so happy about my wif'e's Land
Rover with fully electronic gas pedal. It's already had a recall
because the software could glitch and go into full throttle mode.
Yes, that could happen mechanically as well, but that you can fix
yourself on the side of the road!

And as I've opined before, I'm not looking forward to cars with fully
electronic brake pedals and steering wheels. <shiver> Not in my
lifetime, anyway ;-)

Regards, Kev

Jim,

> With FADEC we've introduced a single engine controller
>

No, we haven't. There are two on the Thielert, for example. And they
are required by certification, with good reason.

What I'm trying to say is this:

Leaving the accident under discussion aside (since there isn't even an
accident report available) and leaving aside that it might point to
deficiencies in the system which would then be corrected (as has been
the case with so many systems in aviation - perfectly normal), it is
absurd to say that the new certified systems are somehow more prone to
failure than the old ones. Both have SPOFs - and I simply can't see the
increase in SPOFs or risk that you claim.

IMHO, it's just another case of the "new is bad because my plane
doesn't have it and I can't afford it" syndrome so common among pilots
(an over-simplification, I know). But I've been flamed for saying this
before, so have at it.

--
Thomas Borchert (EDDH)

Newps,

> The PRISM
> system will continue to run without electricity.
>

The not-yet-certified PRISM, as opposed to the certified system in the
Thielert?

PRISM is not a FADEC.

--
Thomas Borchert (EDDH)

"Newps" > wrote in message
. ..
>
>
> Dylan Smith wrote:
>
>> It's not a question that FADECs will fail - but what will be more
>> failure prone: a manual-everything engine where the pilot can mismanage
>> the engine into quitting, or a FADEC that can lose electrical supply and
>> cause the engine to quit.
>
>
>
>
> Not all FADEC's fail with the loss of electrical power. The PRISM system
> will continue to run without electricity. Matter of fact I'm not aware of
> any other system that fails with a loss of electrical power.
>

What ever happened to GAMI's PRISM system?

Matt,

> What ever happened to GAMI's PRISM system?
>

It'll be certified rsn...

--
Thomas Borchert (EDDH)

No flames here Thomas, and thanks for the follow-up.

I think leaving the accident aside is a good step at this point because we
are uninformed as of yet.

My issue with the whole situation is that it appears that even though there
may have been redundancy in the controllers, the design in the DA appears to
be powered from a single main bus. If the bus is highly reliable (no moving
parts - it most likely is) then the availability of power should be
dependant on other loads. If those other loads compromise the availability
of the bus then the bus (and power supplies) must be protected some other
way. Hence my very early post in this thread about load shedding.

By introducing a design that has only component level redundancy and not
system level redundancy we do little to improve reliability. By then
implementing a critical subsystem (like FADEC) that relies on system level
redundancy we do ourselves no favors.

I'm not opposed to FADEC at all (especially as fuel prices soar), nor am I
opposed to the DA design. I am merely suggesting that I was surprised that
after all these years of work in high-availability design something like
this relatively open bus slipped through.

--
Jim Carter
Rogers, Arkansas
"Thomas Borchert" > wrote in message
...
> Jim,
>
>> With FADEC we've introduced a single engine controller
>>
>
> No, we haven't. There are two on the Thielert, for example. And they
> are required by certification, with good reason.
>
> What I'm trying to say is this:
>
> Leaving the accident under discussion aside (since there isn't even an
> accident report available) and leaving aside that it might point to
> deficiencies in the system which would then be corrected (as has been
> the case with so many systems in aviation - perfectly normal), it is
> absurd to say that the new certified systems are somehow more prone to
> failure than the old ones. Both have SPOFs - and I simply can't see the
> increase in SPOFs or risk that you claim.
>
> IMHO, it's just another case of the "new is bad because my plane
> doesn't have it and I can't afford it" syndrome so common among pilots
> (an over-simplification, I know). But I've been flamed for saying this
> before, so have at it.
>
> --
> Thomas Borchert (EDDH)
>

Recently, Jim Carter > posted:
>
> My issue with the whole situation is that it appears that even though
> there may have been redundancy in the controllers, the design in the
> DA appears to be powered from a single main bus. If the bus is highly
> reliable (no moving parts - it most likely is) then the availability
> of power should be dependant on other loads. If those other loads
> compromise the availability of the bus then the bus (and power
> supplies) must be protected some other way. Hence my very early post
> in this thread about load shedding.
>
The problem that I have with load shedding as a solution is that it
doesn't increase the reliability if the load can exceed the supply, so one
is in pretty much the same predicament as a system without load shedding.

> By introducing a design that has only component level redundancy and
> not system level redundancy we do little to improve reliability. By
> then implementing a critical subsystem (like FADEC) that relies on
> system level redundancy we do ourselves no favors.
>
However, this wasn't implemented without some consideration for the
implications, and there is a level of system-level redundancy in the
design. Procedures are created for a reason and with insights into the
systems involved. Looking at the schematic, one can see that starting only
one engine on external power and requiring the starting of the other using
on-board power is a reasonable check that the load will not exceed the
supply, because the engines shutting down and props feathering while still
on the ramp should be an important clue that one is not ready to depart.
;-)

> I'm not opposed to FADEC at all (especially as fuel prices soar), nor
> am I opposed to the DA design. I am merely suggesting that I was
> surprised that after all these years of work in high-availability
> design something like this relatively open bus slipped through.
>
At worst, I think that the system wasn't "dumbed down" enough to prevent
someone from making a bad decision. But, can *any* systemprevent such a
thing? Were I to be a DA owner, I wouldn't have any discomfort with this
system as I understand it from the schematic.

On a similar, but divergent note, does anyone know the details of the
single-engine DA systems? I'd think that the verification of system
integrity may rely on going through the engine monitor pages.

Neil

"Kev" > wrote in message
oups.com...
> On Apr 26, 1:29 pm, "Peter Dohm" > wrote:
> > Like Dylan, I have found the automotive ECMs to be far more reliable in
> > service than the old breaker ignition systems. [...]
>
> <grin> That's because neither of you have had a failure yet. I've
> had automotive computer systems fail due to cold solder joints, part
> failures, sensor failures. Even had a transmission computer decide
> to go into limp mode just because a sensor glitched for a few
> seconds. If I were out in the woods, I'd much rather have old-style
> points act up, than have a computer failure.
>
> (Throttle positioning sensors don't count... the throttle is still
> mechanical in that case.)
>
> Mind you, every day I'm glad that my vehicles start instantly because
> of electronic engine aids. But I'm not so happy about my wif'e's Land
> Rover with fully electronic gas pedal. It's already had a recall
> because the software could glitch and go into full throttle mode.
> Yes, that could happen mechanically as well, but that you can fix
> yourself on the side of the road!
>
> And as I've opined before, I'm not looking forward to cars with fully
> electronic brake pedals and steering wheels. <shiver> Not in my
> lifetime, anyway ;-)
>
> Regards, Kev
>
There are a lot of new "features" that can keep me driving and flying the
old ones as well. And I am just about old enough to make that a viable
option--expecially for aircraft.

Peter

On 2007-04-27, Jim Carter > wrote:
> Dylan's statement that "most two magneto engines have single points of
> failure" surprises me unless he's talking about other components. A properly
> implemented two magneto setup is fully redundant.

That big gear at the back of the engine that drives the mags is a single
point of failure. While it is a very robust object, it's still driving
both mags.

--
Yes, the Reply-To email address is valid.
Oolite-Linux: an Elite tribute: http://oolite-linux.berlios.de

> That big gear at the back of the engine that drives the mags is a single
> point of failure. While it is a very robust object, it's still driving
> both mags.

There are a few significant differences between this SPOF and the DA42
electrical SPOF. That big gear is =part= of the engine (in the same
sense that the mags are part of the engine), and it does not drive
anything else. Were that gear to also drive (say) the air conditioner,
then the air conditioner could put unwanted stress on the gear and
possibly break it. This is what (I gather) could happen with the
DA-42's design, where the electrical bus in question is not =dedicated=
to the engine.

Jose
--
Get high on gasoline: fly an airplane.
for Email, make the obvious change in the address.

On 2007-04-28, Jose > wrote:
> anything else. Were that gear to also drive (say) the air conditioner,

Well, that big gear usually drives the vacuum pump, and it's not unknown
that it also drives the generator or alternator.

--
Yes, the Reply-To email address is valid.
Oolite-Linux: an Elite tribute: http://oolite-linux.berlios.de