GE 9FA gas turbine, there was a problem in the
hydraulic/lift pump that it didn't give sufficient lift pressure to permit Turning Gear to run, so the lagging pump was forced to run. noticed that after reaching 3000 rpm couldn't make Auto-sync unless lagging pump was turned off.

the question is: what is the relation between Auto synchronization permissives and operating with both hydraulic oil pump?

 

Not so sure on 9FA, you need to check your Auto Sync logic, but you usually need Sequence Complete (L3) to be OK to get Auto Sync to run. An Auxiliary pump running at FSNL will stop Sequence Complete from completing (basically the system is trying to be smart and telling you it doesn't want to Sync. because there is a problem). I guess it may be the same for your Stand-by pump running. you need to check the logic for Auto Sync (L83AS) and L3 and see what is stopping it. Let us know what happens, I'm curious.

 

Amr1589,

This bit of "logic" (a control philosophy, really) is a carry-over from non-F-class gas turbines which had Accessory Gear-driven (mechanically driven) Main L.O. and -Hydraulic pumps, and most had AC motor-driven Auxiliary L.O. and -Hydraulic pumps (not all non-F-class gas turbine had or have Auxiliary Hydraulic pumps). The Auxiliary pumps are primarily for cooldown (turning gear; hydraulic ratchet; slowroll), starting and shutdown operation, and the Main pumps are to be producing rated pressure (flow) at FSNL (rated speed) and during loaded operation. Contrary to popular myth, the Aux. pumps were never intended to be used for sustaining loaded operation for extended periods--they are just there to assist with keeping the unit running while producing load until the problem with the Main pump can be resolved, or to allow an orderly shutdown of the unit to repair the Main pump.

The idea behind requiring the Main pumps to be running prior to synchronization is to ensure that, first, the Main pump(s) is(are) supplying sufficient pressure (flow), and, second, that there is a "back-up" pump available in the event the Main pump has an issue during loaded operation. The idea is not to allow synchronization and go on-line and produce power without the Main pump(s) in operation supplying proper pressure (flow) without a back-up pump; in other words, to prevent synchronization if there's a problem with either or both of the Main pumps and either or both of the Aux. pumps is(are) running.

F-class gas turbines don't have Accessory Gear drives--but they do have redundant AC motor-driven L.O. and Hydraulic pumps, which are operated in a lead-lag configuration. The lag provides the "back-up" pump operation the Aux. pumps do for the Gear-driven Main pumps, and the same control philosophy exists: Synchronization and loaded operation is prevented if the lead pump is <b>not</b> producing sufficient pressure (flow)--in this case, if the lag pump is running.

Now, if a plant wants to synchronize or operate with the lead- and lag pump running (or with only the lag pump running) that's their prerogative, and they must make a conscious decision to do so. (GE likely keeps this scheme in place for units under their warranty, but, it does provide a level of protection for the unit at all times--as long as people understand the philosophy.) If the lag pump is running at the end of a START prior to synchronization the indication is that the lead pump can't provide sufficient pressure (flow)--and that's not a good indication. (All that may have been necessary--if management deemed it okay to continue running the unit without a "back-up" pump--would have been to select the lag pump to be the lead pump; that would have shut down the lead, and provided the proper permissive to synchronize. Or, logic could have been manually forced to "achieve" Complete Sequence--again, if management deemed it prudent to continue.)

Again, contrary to popular myth, Aux. (lag) pumps aren't intended for long-term, sustained loaded operation, especially if the Main pumps aren't working. Sure; in "emergency" situations the unit can be synchronized and loaded and kept in operation on the Aux. (lag) pump--but the consequences of this decision need to be understood by all, and the "logic" in the Speedtronic control requires manually forcing to synchronization if the problem can't be resolved and management wants to continue. It is--and should be--a well-reasoned and prudent judgement call to synchronize and load the unit if the Aux. (lag) pump is running, indicating there's a problem with the main (lead) pump. (By the way, it goes without saying, the DC Emergency L.O. Pump isn't used for loaded operation.)

glenmorangie brings up an excellent point about another "artifact" of previous control philosophy: Complete Sequence. On older analogue control systems there was an indicating lamp on the control panel that would illuminate to indicate that the start-up sequence has successfully completed--including the shutdown of the Aux. pump(s), the closure of the compressor bleed valves, the proper position of the IGVs, etc. Every operator (okay; most every operator....) back then understood that the 'Complete Sequence' lamp had to be illuminated before synchronization could occur. And what was required for the 'Complete Sequence' lamp to be lit. (The Complete Sequence lamp was lit all during normal loaded operation--unless a STOP or automatic shutdown was initiated, or some condition like an Aux. pup starting occurred. It was very well understood (by most...) that the Complete Sequence should be illuminated at the end of a successful START and under normal running conditions--and if it wasn't, then something was amiss.)

Digital control systems still use 'Complete Sequence' (logic signal L3) in the sequencing/application code to indicate a successful START and normal unit operation in preparation for synchronization and loaded operation--but there's not the emphasis there was in the past on this condition for operators and their supervisors that there should be. If there were, say, a 'Complete Sequence' HMI display, there would be the same (better!) visual indication of what's required to achieve Complete Sequence, and what was preventing a Complete Sequence. (This is a great hint to the OEM and packagers and plant control technicians about a simple way to improve the HMI for operators, supervisors and field service personnel: Create a 'Complete Sequence' HMI display.)

And, there's another very important GE heavy duty gas turbine control philosophy that goes along with the inability to achieve 'Complete Sequence.' <b>ANY</b> condition that prevents a 'Complete Sequence' is accompanied by a Process Alarm--to alert the (conscious) operator to the condition that prevents a 'Complete Sequence.' The philosophy extends to any condition that, one, prevents a 'Ready to Start;' two, a trip;', three, a runback; or, four, or an automatic shutdown. Repeating (for emphasis): ANY condition that prevents a Ready to Start, a Complete Sequence, or that results in a turbine trip, runback or automatic shutdown has a Process Alarm to indicate why. That's just good and proper control system design--to annunciate an Alarm to indicate why some process can't be started, or hasn't completed, or why the unit has been tripped, runback or shutdown. And operators, their supervisors and technicians and field service personnel should all know, understand and make use of this philosophy.

I'm absolutely, 100% positive and certain that there was a Process Alarm on the HMI to indicate the lag pump was running. And, if it took more than a couple of minutes to diagnose why the unit couldn't be synchronized or that the Speedtronic wouldn't allow synchronization then it's a safe bet that Alarms aren't afforded the weight and respect they should be at the site. Alarms--Process and Diagnostic--are important and each one should be understood when they are first annunciated and if they are allowed to persist.

Anyway, hope this helps to understand why synchronization was prevented--and that the alarm referring to the lag pump running was the indication why synchronization was being prevented. The intent of preventing synchronization with the lag (Aux.) pump running is to alert the operators and their supervisors of a situation that could result in tripping, or worse, machine damage. Resolving the alarm to achieve 'Complete Sequence'--or "bypassing" the permissive (by forcing)--is intended to be a conscious, well-reasoned and prudently thought-out decision.

No; this isn't documented in any manual or procedure. It's the result of knowledgeable and experienced control system designers having implemented this philosophy decades ago. This topic has been covered before on control.com--and unfortunately, most people believe the philosophy behind it is unnecessary and onerous. Everyone's entitled to their opinion. In this day and age where automated control systems are expected to do more and more (and operators and their supervisors are, unfortunately, expected to do less) to protect expensive and critical power generation equipment, it does seem to be a prudent and even necessary bit of programming. It should be better understood, and documented, but then, if wishes in this regard were even small demoninations of monetary units I would be a very, Very, VERY wealthy individual.

Alarm Management, Alarm Management, and, Alarm Management: <i><b>the three most important activities of an operator--and their supervisors</i></b>. Full stop. Period. It's the response to Alarms (Process and Diagnostic) that defines a well-operated plant versus one that's just being "operated." Unfortunately, at most plants (with any OEM's equipment) most Alarms are just considered to be nuisances and aren't properly attended to and understood and dealt with. Some reasons for that are that control system providers make it entirely too easy to annunciate alarms; and control system integrators/packagers don't really understand what should--and shouldn't be--an Alarm. (A pump starting and running when it should start and run ISN'T an Alarm condition. A pump not starting and not running when it should be starting and running IS an Alarm....) And, cryptic alarm messages are also another reason operators ignore alarms. Plant technicians should be a part of correcting these kinds of issues; there's no reason that a poorly configured control system shouldn't be cleaned-up and made a crucial element of a well-run and -operated plant. But, dealing with--and properly responding to--Alarms is an operator's biggest and most important job. Anyone can click on START or STOP or change a load setpoint; it's how an operators responds to Alarms that many times decides if a plant will eventually trip, or will be allowed to syncrhonize, or can be quickly re-started or kept on line producing power in the event of a nuisance or unintended shutdown or trip. It's really all about Alarm Management.

(Something else to remember about heavy duty gas turbines of decades past--a LOT of them were put in service at unmanned sites for peaking applications. They were started remotely, and someone was usually sent to site during starting to acknowledge and resolve Alarms and monitor operation. Older analogue control systems used a limited number of discreet outputs to indicate Alarms to remote operators, and so the Alarm indications were "crude" and consisted of various of groups based on criticality. Unfortunately, present-day control system programmers don't know about past history and haven't changed some control system philosophies to reflect present day turbine applications and operation and made small adjustments to control system application code/sequencing to make them more suitable to present-day situations.)

This is probably too much information for some people, but understanding why things came to be the way they are sometimes helps to understand the reasons for why things are the way they are--especially when situations like this arise (which isn't usually very often--but do often occur at the most inopportune times). Understanding the 'why' also sometimes helps people to remember the 'how.' This knowledge and information can be used to educate (train) operators, their supervisors and technicians (as well as field service personnel) and even be helpful to understand why other equipment and control systems are configured they way they are (or aren't!). Apologies if it's too much information, but for some who read these posts if not for everyone, it is useful and important information. (My least favorite answer when encountering situations like this where someone just says, "The lag pumps must not be running to allow synchronization," is, "It's that way because it's always been that way." Things (usually) happen or are done for a reason--and it's those reasons that build a person's knowledge and experience--not just because they've always been done that way. That explanation doesn't help make anyone a better operator or supervisor or technician or field service person. Yes; it solves an immediate problem, but it does nothing to inform or educate.

(glenmorangie--this isn't directed at you; your answer was absolutely correct and concise.

 

In steam turbine permissives "ST ready to start" one of the permissive is "One pump running" could not start the unit unless the permissive bypass or force . Once the unit is in place would have to look into that contact ToolbooxST (controller GT) needed to activate the output signal L69TNM AUTO SYNCHRONIZE PERMISSIVE.

 

CSA,

I am very pleased with your brief answer, so thank you.

what I believe of Auto Synch permissives was that things _you knw (electrical)_ subjected to relation between the generator & the grid (frequency, volt, phase angle ) not things subjected to the turbine itself.

Now I know the reason of why control designer prevented Auto Synch to occur bcz no doubt it is up-normal condition having the lagging Aux L.O pump running as it means you haven't spare pump in case of any emergency as you just explained, but don't you agree with me that having lagging hydraulic pump running is not adequate reason to do so?

if it is such an IMPORTANT thing, why don't take an action in normal loading operation like even runback?

isn't it more appropriate to prevent START command rather than synchronization?

thank you again,

 

Amr1589,

I absolutely, positively <b>DO NOT AGREE</b> with your assessment. However, you are reminded--if the unit isn't under any warranty or LTSA (Long Term Service Agreement) the owner of the equipment, through their operators/operations company, are free to make or have made any sequencing/application code changes deemed appropriate. <i>As long as management and the site insurance company have done due diligence and understand all the possible knock-on effects and are willing to live with the consequences of the changes.</i> It's that simple. Full stop. Period. If "you" own--and don't like the application code--"you" can change it. Just be prepared to own the consequences--both good and bad.

This OEM's control philosophy is all about the complete machine's ability to reliably provide power after synchronization (sustained operation). The application code permits starting and accelerating to FSNL with the lag pump running; at that point, operations should resolve the issue with the running lag pump before continuing to ensure long-term reliability.

> isn't it more appropriate to prevent START command rather than synchronization?

If I understand the original post, manual intervention was required to allow a START because of a problem with the lift oil pressure.... Instead of solving the problem with the lead pump, the lag pump was manually started. Wouldn't you agree--there are already enough conditions that prevent or limit starting? And you're talking about adding <i>another</i> one.

> if it is such an IMPORTANT thing, why don't take an action in normal loading
> operation like even runback?

Because, if the lag pumps starts when the turbine is already synchronized and producing power it's presumed that operators and their supervisors will properly respond to the alarm--or if they can't repair the lead pump at least they are aware of and monitoring the lag pump and can shut the unit down when possible to repair the condition and restore lead pump operation. This is meant to be a conscious decision--to continue on-line operation with the lag pump running--and not to cause an automatic runback or shutdown. People would still complain (again, loudly) if the Speedtronic shut the unit down or unloaded it when the lag pump started--believing it should be an operator decision to do so.... A famous cliche in the English language is, "You can please some of the people some of the time; but you can't please all of the people all of the time."

There was already a Process Alarm about the lag pump running (after being manually started), and it was not resolved prior to or shortly after reaching FSNL. It was silenced, and acknowledged and, basically, ignored. Again, it seems the lag pump was manually started (if I read the original post correctly) and it was not manually shut down prior to or when the unit reached FSNL. ALL Alarms are important, contrary to popular belief. If the operators had just re-selected the currently selected lead pump to be the lead pump (and the pressure (flow) from that pump was sufficient), or if they had selected the currently selected lag pump to be the lead pump (presuming the lead pump's MCC starter switch wasn't in MANUAL/HAND), the Alarm would have cleared and Complete Sequence would have been achieved and automatic synchronization allowed to take place. Operators, their supervisors, and technicians should know this; apparently they don't.

So, how many "failures" (failures of humans to take appropriate action) does this constitute? And, what happens when the unit trips or is shut down and there's still a problem with lift oil pressure? Is someone going to remember to run out and manually start the lag pump before the bearings might be damaged as the shaft decelerates (the risk of bearing damage is highest at low speed)? If the lag pump had been shut down when the unit was accelerating prior to or just after reaching FSNL and the lead pump was providing sufficient pressure (flow) the unit would have achieved Complete Sequence and automatic synchronization would have been permitted. Right? Or, if the problem with the lead pump had been resolved....

Again, the driving philosophy is about <b>unit</b> reliability. If site operations and management don't like the application code as provided, and there's no warranty or LTSA preventing modification of the application code--then they are free to modify it (or have it modified), as long as they recognize and accept the consequences for any ill effects of the modification. (Don't forget to notify the insurance company; they usually take a dim view after the fact if there's a wreck.)

The lag pump is meant to serve as a "back-up" to the lead pump. If the lead pump has a problem, and the lag pump is already running and there's no lag pump, what's a turbine to do? (In this case, trip, due to loss of hydraulic oil pressure. And, then the question would be, "Why did the turbine trip?" Because the Alarm Printer wasn't working and the operators couldn't decipher the Alarm Log.)

As was mentioned, when this particular Complete Sequence permissive becomes apparent (as it usually does at some time during the life of the machine), people (operators and their supervisors and technicians and plant owners) scream very loudly, "This isn't or shouldn't be a synchronizing permissive!" (Sound familiar?) Technically, it's not--it's a Complete Sequence permissive. And achieving Complete Sequence is a permissive to automatic synchronization.

Probably because of my training and experience, I do not agree this should be removed as a Complete Sequence permissive, which is a permissive to allow automatic synchronization. Again, with the increased expectations of automated control systems to protect machines and improve reliability (that's how a lot of control system upgrades are sold/justified) this is important. And, based on the fact that most gas turbine operators only know how to click on START and STOP and how to change Pre-Selected Load Control setpoints it's even more important that control systems do as much as possible to protect the equipment they are controlling. Well-trained and experienced operators (even operators in training with experienced personnel) should be able to recognize and respond to alarms, and be able to explain unit operation. But, sadly, today, it just doesn't happen. This just emphasizes how much proper attention to Alarms is to the successful and reliable operation of a power plant. (And, yet, Alarms are mostly considered to be nuisances by most operators, their supervisors and plant owners. But they all want the turbine control system to take all appropriate action to protect the turbine at all time--but not when it comes to generating revenue.)

Sorry; but I've just come from yet another site where multiple <b>perceived</b> problems were incorrectly being attributed to and blamed on the Mark VI turbine control system by the operators, technicians and plant ownership. And they were steadfast and adamant--even with proof otherwise--that the Mark VI was the root of all evil. Not the operators, who believed--with no foundation (training; documentation; review of the sequencing/application code) for their beliefs--that the turbine should do this or that; or that this alarm or start-check permissive was onerous and should be deleted or changed (because of failed instrumentation which hadn't been repaired or replaced); etc. And, the number of Process- and Diagnostic Alarms which were continuously present on the HMI, and which were annunciated and basically ignored during starting and shutdown because of failed or failing instrumentation, and <i><b>the number of forced signals,</i></b> was simply mind-boggling. But, in their opinion the problem wasn't the operators or the technicians or the mechanical department--it was the evil, wicked, mean and nasty Mark VI. And the Customer is always right, aren't they?

(But they're not. Always right. Nor reasonable.)

I'm not saying there's not room for improvement; remember I said some of current sequencing/application code has been carried over from decades earlier when a lot of gas turbines where used for unmanned, peaking plant operation--not present-day continuously-manned combined-cycle plant operations. There is, but you asked, first, why this was a synchronizing permissive (and I answered it's a Complete Sequence permissive which is necessary for automatic synchronization). Second, you asked if I agreed it should be changed, and I reasoned that when operators and their supervisors and technicians are not well-versed in turbine operation and control it shouldn't be changed--or at least that I don't agree it shouldn't be changed for the reasons I put forth. Including the circumstances which occurred during this event at your site.

We don't always have to agree; we can agree to disagree on some issues and still be colleagues and still have insightful and informative discussions with always agreeing.

 

glenmorangie,

you are absolutely right I've checked Auto sync logic and found that signal TURBINE COMPLETE SEQUENCE L3 was inhibiting Auto synch.
If you are curios it is not only having lagging hydraulic pump running will not achieve L3 signal but also Emergency DC L.O.P , AC seal oil pump, DC seal oil pump and LCI complete sequence signal.
So one can say TURBINE COMPLETE SEQUENCE L3 is a check of all oil pumps conditions to assure safe operation before connecting to the grid.

best regards