Thoughts on this?

http://www.flightglobal.com/articles/2007/04/23/213371/accident-ignites-da42-engine-row.html

Evidently, if you have a flat battery in a Twinstar you should only use external power to start one engine, remove the external and wait until the other engine can be started internally or the lack of charge will cause the ECU to shut BOTH of them down, autofeather and cause you to throw an expensive piece of kit on the floor.

Obviously, know your aircraft applies but who would have thought that starting both engines on external power would result in a double engine failure?

I'm sure many of us could have been caught by this and it makes you wonder what other 'gotchas' are out there in the modern systems.

Incidentally, I still think its a fantastic 'plane but after a search I could find no other mention of this on here so I thought I would pass it on for everone's perusal and comment

Regards
Xraf:ok:

This has been a cause of failure on some of the earlier Thielert conversions. Well the single flat battery issue has....

Interesting mode of failure though - surprising that the ECU goes and resets itself so quickly. However I seem to recall that the Porche conversions in Mooneys had complete dual electrical systems - presumably to make sure this didn't happen?

Diamond have advised all 42 owners and operators of this some while back and the POH has been amended accordingly.

I agree, not necessarily what you would expect, but certainly well documented and no excuse for not knowing.

Interesting. What it comes down to is that both alternators together are not strong enough to provide the current required to retract the gear. So when you retract the gear, the battery chips in and gets recharged later. Unless the battery is flat, in which case the voltage gets too low for the FADECs to keep on running.

General lesson: if your gear retracts electrically (not hydraulically) or if you have other transient electric loads that are too much for your alternators alone (de-icing comes to mind), don't take off with a near-flat battery. Unless you and your aircraft like flying with a temporarily non-functioning electrical system.

The thing I'm wondering about though is, on a DA-40 (single) there is an ECU backup battery which gets used automatically if the engine master is on, but no current from either the main battery or the alternators gets to the ECU. And this ECU backup battery is protected by a diode and relais in such a way that only ECU B can use it, and only if there is no voltage on the ECU bus (or if you pull just the right combination of circuit breakers), so you can't run this battery down. Doesn't the DA-42 have a similar system?

DA42 I flew certainly never had an ECU back-up battery. Presumably because it has redundancy with the two donkeys.

StraightLevel

An ECU backup battery (as in the DA40) is the solution proposed by Diamond, which Thielert don't seem too enthusiastic about. I guess it'll be whatever is the cheapest to certify and retrofit.

This seems like a good way to get a double engine failure on takeoff - that's when one retracts the gear.

It's also a good way to get a single engine failure on takeoff - in a marginal power drop situation, one ECU might reset but not the other one.

I am an electronics hardware/software designer and reckon this is very poor design. Handling power transients isn't rocket science. But you should see some of the design defects in Honeywell autopilots. No hardware watchdog at all. For some reason, the people that design electronics in aviation do the most stupid things.

Light twin pistons are not my particular area of expertise, but other FADEC systems I have used have, at worst, failed to a fixed power setting. A FADEC that shuts down a serviceable engine in flight sounds to me like an appalling design.

I'm not 100% sure but AFAIK the Thielert engine simply cannot run without a FADEC. Injection timing comes to mind. So defaulting to "feather" if both FADECs fail sounds sensible to me.

Main question is why the power supply is not sufficiently robust/reliable to ensure power to at least one FADEC in case of a near-flat (main) battery combined with a transient electric load that exceeds the power output capacity of the two alternators.

Anyone remember the DA-40 that had both FADECs A and B shutdown just after takeoff? The FI was able to get the plane on to the runway though. It was about 18 months ago....what was the outcome of that investigation?

Chaps (esses) any links to stats or other info regarding the Thielert inflight shut down rate? Is it as reliable as standard light aircraft piston engines?

Oh dear!

So what happend with the plane and the pilots ?

Apart from fuel gauge related problems, one problem our DA-40 had was with the various engine-related switches that are on the top left of the panel. They are very exposed with the hood open, as you enter or leave the aircraft. Apparently one of the switches (I think the flimsy FADEC Auto/B switch) had taken a hit from somebodys foot or so, and caused both FADECs to reset simultaneously, continuously. Pilot was in the circuit as this happened and able to make a safe landing. Since then, the club has put guards on each of these switches so it's virtually impossible to hit the switch themselves by accident, as you climb aboard.

Other than that, and the fuel gauge related problems, I've never heard of anything out of the ordinary with our DA-40. But I've only been flying this one since January.

I, for one, have no problem flying a DA-40 over the Channel.

I'm very surprised that the ECU's don't have independent power supplies, such as a very small generator that runs off the engine. It seems a bit of a retrograde step from magnetos and the like which are self-powering... :confused:

I am not an electrics wizard but wouldn't it be feasible to design a supply layout that shuts everything but the FADEC (plus maybe some vital avionics) off the electrical supply if voltage drops below a pre-determined level?

Alpine, yes, they probably could, but how do you ever get the gear up then?

Suppose there is a too-high load on the main bus, so a relay is tripped and only the FADEC and a few essentials keep running. At what point do you decide to restore power to the main bus? And if you restore power to the main bus, the gear motor will start whirring away again, overloading the system anyway. And all the while you are flying with the gear partially hanging out. Not locked so you cannot land safely, but also not retracted so you incur a drag penalty with anything you do. Not good. OTOH, having your FADECS (all four of them in case of a DA-42) quit on you is also not a good thing.

I think there's no real solution to this problem other than ensuring that both alternators individually are up to the task of supplying enough current (by themselves) to power the gear motors. But that probably requires alternators that are too big/heavy compared to the average load they need to sustain. Remember that, although items like starter motors, gear motors and such draw a lot of current, they only run for a few seconds. So you can use the battery as a buffer. Unless its flat...

Hence the discussion between Thielert and Diamond on how to solve this. Apparently the "best" solution, given the circumstances, has been to modify the ground-power starting procedure in such a fashion that it is ensured that you never take off with a flat battery: Since you are now required (by the POH) to start the second engine on the aircraft battery (and not on the GPU), it apparently is assumed that if you're able to start that second engine, there's enough life left in the battery to power the gear motors too. Although, obviously, starting the second engine on the aircraft battery might just suck the last few electrons out of the battery anyway.

I personally still favour the solution chosen for the DA-40: an ECU backup battery which is, under normal circumstances, recharged by the alternator via the main bus. But if there is no power on the main bus and the engine master is on, a relay is tripped so that the ECU backup battery now powers ECU B. And there is a diode preventing other electrical consumers from ever using the juice in this ECU backup battery. But then again, I have no idea what the weight of this system is.

A backup battery or PMA (dedicated "permanent magnet alternator" sure is the best solution, though probably heavier.

Even if the procedure to start the second engine on ship power only is followed, this would probably not prevent a FADEC shutdown during gear operation in other cases (e.g. single engine go-around with a weak battery or high current draw on the gear motor due to a mechanical gear fault - AFAIK this has resulted in complete loss of electrical power on other light A/C in the past.)

I would have supposed that there is some way to extend the gear without juice to avoid the "neither up nor down" scenario you described.

Is there no A/L or annunciation to inform the pilot that the battery/ batteries are not sufficiently charged for flight? Would it not be possible to electrically limit the actuation of the gear retract when the batteries are in a low state?

Not flown one myself but one of our group members went to pick up a Twinstar for the local flying school but found it had a flat battery when he arrived so decided not to take it. He then found out about this incident so good job!

Another thing he mentioned is that when the battery goes flat the gear extends by default so now not only do you no engines but you have massive drag as well and if over water your point of no return is suddenly several miles behind you....

Julian.

If you disable the remote power for start system then the aircraft is safe. If the battery is ok to start the engines you will have power for the gear and the ECU, if the battery is flat, charge it up or replace it.

Rod1

If the battery is ok to start the engines you will have power for the gear and the ECU

Not true, in a marginal scenario.

The alternators are 28V DC 60 Amp, that would seem to be enough.
In normal flight with everything turning and burning the load is app. 10 amps each.
When you cycle the gear this increases to about 28 amps each, therefore the gear motor draws about 30 amps.
The bus voltage drops from 28.5V to about 28.3V upon moving the gear lever.
The way I understand it; the ECU's are sensitive to a voltage drop over the bus.
With a low battery ( not sufficiently charged after a GPU start) that voltage drop could cause the ECU's to shut down, apparently what happened here.
I would have to check the maintenance manual to see how the GPU plug is wired, I have a suspicion that it bypasses the battery and the pilots in question simply did not allow enough time to charge the battery, even with both engines running on the ground.

Diamond says that retracting the gear placed a load on the electrical supply from the engine-driven alternators that caused a temporary voltage drop that could not be covered by the flat battery, and the accident has shown the engine control unit to be intolerant of transient electrical fluctuations

Diamond dismisses these claims and argues the control unit supplied by TAE should have been able to accept a 50 millisecond transient, but it started to reset after 1.7 milliseconds, and during the engine control unit reset the propeller system sensed the power loss and auto-feathered.


BTW, the gear does not automatically come down with an electrical failure, over time it will slowly sag as the electric hydraulic pump is no longer able to keep the pressure @ 1600PSI. This could take a very long time though.



Here is the next scenario;

Dual alternator failure in flight, if you shut down half the G1000 system and all the exterior lights you have app. 45 min to find an airport since the ECU's need battery power to run the engines. In sight of the airport it would not be wise to lower the gear using the normal system. Considering the above mentioned article that could apparently lead to instantaneous dual engine shut down and feather. Trick would be to use the emergency extension (free fall) Need to check the POH to see if that is mentioned.

Plastic fantastic seems to have an Achilles heel, no different from other aircraft then.........

The 1.7 milliseconds is the one which scares me. The DA-40 I fly presumably has the same FADECs with the same problems. What's the time required for a relay (or two relays in series) to switch? Because on the DA-40 you've got the ECU backup battery, but it requires at least one relay to switch (maybe even two, I do not have the POH to hand at this moment) to activate after a main bus failure.

Although I'd be very surprised if extending this time to the 50 milliseconds mentioned would help in the case we're discussing here. AFAIK, the gear doesn't come up in less than 50 milliseconds...

B2N2, does the gear motor also draw 30 amps when *lowering* the gear?

The DA-40 I fly presumably has the same FADECs with the same problems. What's the time required for a relay (or two relays in series) to switch? Because on the DA-40 you've got the ECU backup battery, but it requires at least one relay to switch (maybe even two, I do not have the POH to hand at this moment) to activate after a main bus failure.
I've tried switching off the electric master on a DA-40 TDI, while the engine was running (on the ground!), and it continued without a beat. The ECU alternate power relay certainly switched quickly enough on that aircraft.

On those specs you could easily hook up an emergency battery system that employs one diode and one sealed battery for each ECU that will maintain minimum voltage/current for each of the four ECUs for over an hour (if that's how long you want to spend playing with the gear/waiting for battery to charge), for a total weight penalty less than 2kg and a cost less than £50. Certification of course would be a different question.

What a ludicrous design. Adding documentation procedures is not a human factors solution, it's a recipe for more accidents. If it's the preferred solution to prohibit starting both engines on ground power, then the design itself should prohibit starting both engines on ground power...

soay, that's good to know... HOWEVER. I have here an article written for my clubs newsletter which deals with exactly the same problem. I just remembered reading about that, so I looked it up. It's a bit long (and in Dutch), so I'll try to summarize it here.

"
If you switch off the Electric Master while the engine is running idle (on the ground) the engine will halt, despite the fact that it should continue running on the ECU B Backup Battery. The articles analysis is that the switch to ECU B does happen as designed, however, the Thielert is a high-compression engine and at IDLE power only runs at 890 RPM or so. With this rotation speed there is insufficient impulse-moment to maintain rotation while ECU B is taking over. Because of that, the engine halts. Apparently, the engine needs at least 1300 RPM to maintain its momentum throughtout the process of ECU B taking over.

If you switch on the Electric Master again while the engine is running idle, the reboot of ECU A plus its takeover from ECU B takes even more time. Again, experimenting showed that at least 1300 RPM is required for a smooth takeover.

Conclusions:
- In the air, switching off, or switching off/on of the Electric Master, the engine will continue running due to the windmilling effect, even at idle power.
- On the ground, at least 1300 RPM is required for the engine to keep on running when the Electric Master is switched off, or off/on.
"

This analysis was published in July 2006, and although its conclusions may be right, with what I've read on this forum, the whole issue might not be sufficient impulse-moment, but ECUs that are too sensitive to power spikes.

How all this applies to the DA-42 that this thread is about, I don't know, since I assume that its engines were running at full speed, since they were just after take-off, raising the gear. But I do have that nasty feeling that there is a link somewhere.

Glad the DA-40 has "gear down and welded" though.

BackPacker, part of the pre-takeoff checks for a DA40 is to switch to ECU B, then back to auto, with the power at idle. This has never caused more than a slight hiccup, in my experience. Power was certainly at idle when I switched off the electric master, and the engine kept running, so I don't know why your club reported differently in their newsletter.

Same here. Switching from ECU Auto to B causes a slight hiccup. That's all. I've never switched the electric master off with the engine running. I guess that's something to experiment with next time I lay my hands on her.

The reason for the report was that in the early days we had the DA-40, people were still used to Pipers, and switched (or tried to, at least) the engine off with the electric master (key) instead of the engine master (I guess in absence of a mixture control). Obviously that's not what the POH and the checklist say is the right procedure but the unexpected result was what prompted the investigation. Or at least, that's what it said in the article. I wasn't flying the DA-40 at that time.

What a ludicrous design. Adding documentation procedures is not a human factors solution, it's a recipe for more accidents. If it's the preferred solution to prohibit starting both engines on ground power, then the design itself should prohibit starting both engines on ground power...
Disagree with you there, human factors always play a role in accidents.
Anytime something out of the usual occurs; refer to the POH.
That's what it's there for, that's why it should be within reach of the pilot in the cockpit, not in the luggage compartment.
It is not that hard to follow instructions, section 4B7 DOES read " start one engine only,
here is the copy & paste of the online manual
http://www.diamond-air.at/fileadmin/uploads/files/after_sales_support/DA42_Twin_Star/Airplane_Flight_Manual/Basic_Manual/70105e-Rev4-complete.pdf
' 10. Circuit breakers . . . . . . . . . . . . . . . . . . . . . . . check all in / as required
' 11. Idle RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . check, 900 ±20 RPM
' 12. External Power . . . . . . . . . . . . . . . . . . . . . . . disconnect
' 13. Opposite engine . . . . . . . . . . . . . . . . . . . . . . Start with normal procedure
' 14.Warm up . . . . . . . . . . . . . . . . . . . . . . . . . . . . IDLE for 2 minutes /
thereafter 1400 RPM
I agree, items 12 and 13 are not highlighted, underlined, printed in italics or otherwise made to attract attention, but still that's what it reads.
On the DA-42 the engines continue to run if you shut off the master switch on the ground.
According to the above mentioned article the ECU's are sensitive to under voltage situations on the electrical bus.
With a battery that is insufficiently charged an under voltage can oocur upon cycling the gear on any other high draw item.

As an after thought; a lot of airplanes have design features that make you go Hmmm.....:confused:

> Older models Cessna 172, hard fuel lines with a rubber bend going through the A-pillar on the pilot and pass side. Notorious for drying out, cracking and leaking. Several fires (in flight) have occurred as a result of the cockpit lighting switch (half way the A-pillar) shorting out.

> Piper Cherokee Six, 4 fuel tanks of 17 gallons each. Fuel flow on T/O is app. 30 gall./hr. Surely makes for a lot of switching in a high work load environment if you take off with less then full tanks.

> Piper Cherokee/Warrior series, nice fuel selector in an awkward place, easy to turn to an intermediate position or even OFF because of the lack of a stop.

> Any airplane with only one door on the wrong (= passenger) side.

> Piper AeroStar, loads of people taxi with the door open, waiting to loose an arm.

> any aircraft with a "wet-wing" fuel system, wing damage= tank damage= fuel leak= fire...

> Vacuum pumps that can get damaged if you turn the propeller against the normal direction of rotation, this will lead to early failure. Don't read about that in a POH.

> Dry vacuum pumps period, who ever came up with those needs to be shot...lubrication by self destruction is what it's called. They "recommend"
replacement after 500 hrs.


I could go on for hours....:ugh:
Point being, aircraft are inherently dangerous, proper training and application of common sense can reduce the chances of an accident or incident.

End of rant...I'll get my coat.

As a very long time aircraft driver having driven 'biggies' as a job for many years but 'seen the light', but first time user to this forum I will say:

I am somewhat alarmed by the attitude of B2N2 on the 'horror story' of the double engine failure on a DA42 as he seems to be connected in some way with Diamond Aircraft or a major operator or investor in these aircraft in the good old US of A. I do hope it does not reflect the attitude of his principles.

I am merely a poor sod eagerly waiting, but now rather alarmed, new owner awaiting delivery of a DA42.

Without wanting to get into 'geekish techno arguments' it would seem to me that it is not an unreasonable expectation that if you take off having started both engines on the GPU, which is quite normal operating procedure on every aircraft I have ever flown, and retract the undercarriage you should not expect both engines to stop! That the accident is in some part due to the crew not adhering to the checklist seems to me not to be a 'robust' solution to a clear design failure; and that Diamond have issued an advisory to start in accordance with the checklist does not solve the problem either. Hopefully it will just ensure this particualr type of incident does not happen again. It does not solve the problem of a major electrical problem stopping both engines!

I think that Diamond and Thielert should stop squabbiling about what is to be done, or more likely who is to pay, and get on and do a proper fix ASAP before someone gets killed. Clearly there is an acceptance by both parties that there is a problem despite what has been suggested by some on this forum.

The fact that EASA have said fix it pronto or we will issue a directive speaks volumes about this poor design.

Despite all of the above I do believe this aircraft is the greatest thing since sliced bread. I have little doubt that this surprising design failure will be fixed either by EASA or those involved soon and on my aircraft the engines will run after a total DC collapse - or some motor starting up or burning out somewhere and dropping busbar voltage for 1.7 milliseconds! One blessing I suppose is with it's heritage the DA42 should glide quite well!

I never thought I would be grateful to a 'bunch of bureaucrats' for knocking heads together; and it is alarming that they may have to!

72856, welcome to this forum. And soon: welcome to the club of Diamond owners/operators/pilots.

I have flown the clubs DA-40 TDI for about four months and I really like the plane. But we all need to remember that this is the first application of the Thielert diesel in a certificated airplane, and as such, the pilot community in general needs to build experience in handling this kind of engine. Some of us use this forum for exactly that. And eventually, I hope, some of the experience and knowledge that we gained will filter its way through into formal ab-initio pilot training. (Aircraft Technical, for starters.)

One main difference of the Thielert, as compared to the majority of the light aircraft fleet most of us come from, is a total reliance on an electric system, to power the ECUs. Now we can argue about whether this total reliance is good or bad (and we actually do, here on this forum) but at the end of the day we'll just have to accept that a small aircraft will not have the double, triple or more redundancy built-in as the big iron do. So it is very important to learn the POH and know what weaknesses the aircraft has, and what procedures that are out of the ordinary. I, for one, really like the fact that there is no mixture, and more importantly, carb heat to get wrong. (How many pilots have been killed because of carb ice?)

Not discussing an apparent safety issue, as far as I'm concerned, is a greater sin than the safety issue itself. Even if some people voice their opinion a bit loudly. But this whole discussion prompted me to review parts of the DA-40 POH again, to see to what extent the aircraft I fly would be vulnerable to the same thing. I learned something from that and I have a question or two that I will get answered by a bit of experimenting (on the ground) next time I get my hands on the plane.

I suggest you do the same. As soon as your beauty arrives, spend some time experimenting with the ECUs. Particularly try to simulate (e.g. by pulling the circuit breakers) the situation where you have a dual alternator + battery failure and the ECUs need to take over from each other somehow.

The DA-40 is a great plane. The DA-42 should be even better. I really hope you're going to enjoy it!

Howdy 72865, welcome to Pprune.
As an Instructor ( not the operator) I fly Diamonds for a living, every day, all day (long days..:) )
I was equally surprised by the double failure as many people are.
Good thing is that the source of the problem seems to be identified with (I'm sure) a fix on the way. It's not exactly a new airplane anymore with thousands of hours flown in Europe, Asia (China) and now the US.
It's not unusual for problems to surface after some time, you can check the AD list on any popular piston single/twin.
I am just somewhat cynical and sarcastic about blaming the tool and not the operator. They clearly went against the POH in this case.
That can get you into trouble in any airplane, not only the DA-42.
At the risk of sounding arrogant, it is my job to teach people how to operate this piece of machinery, it's not always that easy to convince people of doing it the right way.
However, you will receive outstanding ground school and flight instruction upon delivery of your airplane. I was trained by the Diamond Factory pilots in Canada.
I do hope it does not reflect the attitude of his principles

I hope that also...:ok:

Thanks for the welcome!

I don't expect I will be doing too many posts - not my scene. I was only prompted to do so by the suggestion that the blame largly lay in not adhering to a checklist.

Since I quit being an airline captain long ago I have owned a number of light aircraft - possible the 'heaviest' being a Cessna Golden Eagle and the 'lightest' a Grob 109.

By the way I flew into Schipol many times a long time ago as a very young captain for SABENA (RIP). A very hard way to build hours and earn a crust but you did get very good at doing an ILS doing eight short sectors a day.

I may stand corrected but on none of these aircraft, including 'heavy metal' airliners, did the engines stop if you had a major DC busbar failure. I do take your point that the Thielert engine is revolutionary and in fact it is what attracted me to the aircraft. I was about to buy a Piper Mirage. It has many advantages that you mention like ease of handling, and above all immunity from mishandling, so it is likely to reach it's TBO unlike a lot of conventional piston engines. However, I maintain that the engines should not stop with a major electrical problem, let alone a minor one! The way I was taught at Airline Flying School ARB lectures a very long time ago was that no major system should rely on another major system. They should be stand alone and not inter-dependant - most certainly the engines.

In fact Thielert, Diamond and EASA all agree with this in effect. The only argument seems to be who pays and whose reputation takes a knock. Theilert seem very determined it should not be them. Without knowing all the facts of the matter I would hesitate to aportion responsibility and liability. But I will say I started being sympathetic to the Diamond argument. Having learnt that the DA40 has a back up battery from this website I now lean to Thielert. If a battery backed up FADEC was available and fitted to the DA40 why did Diamond not specify it for the DA42? I expect it is very much six of one and half a dozen of the other though.

My concern is a proper fix is arrived at and the fix means the engines will not just run for one hour after a total electrical failure but for at least five hours - half the endurance of the aircraft so that when it all goes dark half way across the Bay of Bengal I can reasonably expect to reach the other side with the propellers still turning and not in glide mode!

I think the DA42 is a great aircraft with revolutionary engines and it was a 'marriage made in heaven'. I believe the owner of Diamond aircraft has said as much. It saddens me to see what seems to be rather undignified squabbiling now over who pays over such an important issue; if for no other reason than the resale value of my new toy! I can't imagine the fix will cost a mountain of money to two companies on such a roll.

I am confident there will be a fix very soon; and not just a 'read the checklist' missive from Diamond!

I have little doubt I will enjoy the new toy, particularly the running costs after a C421. It is certainly a 'drop dead gorgeous' looking piece of kit. It even has the same 'phallic nose' as the Golden Eagle, another gorgeous piece of kit. My Golden Eagle also had those wonderful tip tanks, and it made the most glorious noise - a whole lot better than a V12 Ferrari!

The pilot broke the rules and paid for it. There's going to be hell about this - neither Thielert or Diamond will back down. A 1.7ms power transient should be tolerable - losing both engines because of it is ridiculous, as are the electrically dependent engines. I can just imagine the Thielert engineers saying 'Now, how do we create a weak link in the engine design?'

Eureka! Aircraft engines that need electricity to continue running :ugh:

Now there's no doubt the DA42 is a great aircraft even after the abortive promotion specs, but this is ridiculous, and it's one thing I don't understand about flying and aircraft manufacturers in general - why don't they think of these things in the first place? With all the money they've spent you'd think someone would go 'What if this happens?'

Out of curiosity - are there any other commercial aviation powerplants that require electricity to continue running? Can't think of any offhand.

I was only prompted to do so by the suggestion that the blame largely lay in not adhering to a checklist.

I disagree - I would say that the full blame lies with the crew who did not adhere to procedures. As a big jet driver you should know that the crew are the last line of defence against the shortcomings of the aeroplane and that following an SOP correctly will normally keep you out of trouble and almost never actually place you in peril.

My background is also big aeroplanes, although I am now associated with smaller ones whilst instructing in CRM/MCC. I know that ALL aeroplanes have potentially dangerous properties and that a properly written SOP (as in this case) correctly followed (as not here) will minimise the risk.

This incident has overtones of the British Midland B737-400 crash in the late 1980s - a design fault in the CFM 56 engine caused a blade failure but an incident was turned into an accident (with over 40 fatalities) because the crew did not follow the SOP. As crew it is our job to know the aeroplane, its characteristics, its drills and most important its shortcomings.

It's absolutely explicitly stated in the POH that you must not start the second engine from the GPU. This ensures that the battery has charged sufficiently to provide the necessary oomph to run the systems. It would be nice if the alternators produced enough juice to run everything, but they don't. However, there IS a procedure that mitigates the problem.

It's no worse than the fact that you can blow a Seneca engine apart by overboosting due to the fact that they are fitted with turbochargers without wastegates. The difference here is that, after a bit of a spat, Thielert and Diamond will get it sorted - but the Seneca still doesn't have wastegates after 20+ years.

The checklist on ANY aeroplane covers all sorts of actions which, if not followed correctly, can lead to disaster. Airline SOPs have to be written to take account of the fact that many turbine engines can flame out when anti-ice is switched on (CFM 56 and PT6 to name but two) but no-one wants the manufacturers head on a block, even though a friend of mine was killed by a double flameout on a PT6 powered Short 360.

No-one died here, lessons will be learned and the problem sorted. That's more than can be said for some aeroplanes.

Am I the only one who's puzzled by the POH?

You have flat batteries
You start one engine using ground power
You disconnect the ground power
You now have flat batteries being charged by one alternator
You get enough charge into the batteries to crank the other engine, that depletes the charge, you have flat batteries again.
You take off.

Who's to say that the charge in the batteries is now sufficient to maintain voltage under load?

What happens to the 45 minutes ECU endurance mentioned by B2N2 following electrical failure in this situation?

For years boats have had a very simple system with a separate engine starting battery arranged using a blocking diode so that it is not depleted by the domestic load. As Vedeneyev suggests it's not difficult to set up a similar arrangement to provide a fully charged ECU battery permanently on-line.

I don't buy the arguments of moggiee et al. For years aircraft crashed because non-return valves were manufactured so that they could be inserted either way round. Writing documentation that said they had to be inserted the right way round didn't fix it. Making it mechanically impossible by having differing threads on each end did. If you follow the argument to its logical conclusion you wouldn't have squat switches or GPWS either because if the procedures were followed correctly the need for them would never arise.:rolleyes:

Stepping back a bit, I think the problem is that a lot of people are used to conventional engines and their separate mags. They are "safe" to fly on a flat battery, just so long as you can somehow get the engine started. Loads of people have done this, getting somebody to hand crank or start with a GPU.

Checklist or no checklist, I don't think people expect to have this rather odd failure mode. Also, a lot of pilots are used to flying without checklists - they jump in and fly. It's not right but it's an old tradition throughout GA. On an old C152 you get away with it. But people who rent these nice new machines will have to get their head in gear, and if the owner does even half decent vetting this is going to reduce the number of eligible pilots!

For some reason it's difficult to get a "two batteries with diodes" thing certified. It's such an obvious solution to electrical power issues but I know people have tried in (in the USA with a 337, usually) and gave up. It would be a great solution to a comms failure: feed the radio(s) via diodes and have a 2nd battery somewhere. 2 radios won't both fail together. Instead, one has to carry a handheld ICOM...

Despite all the previous posts about following the POH and SOP (which are technically correct, mind you), I still tend to lean towards blaming the aircraft, not the crew.

Sure, if you have flown big iron for all of your life, you know that there's a checklist or SOP for every possible contingency. And since most of these aircraft are multi-crew anyway, one pilot can fly while the other thumbs through the POH to see if a certain checklist matches the abnormal situation that has arisen.

But if you come from a smaill airplane background, single pilot, the situation is a bit different. Sure, there might be a checklist in the POH, but we all know that nobody uses the checklist from the actual POH itself. Instead, you use an abbreviated checklist because the actual POH is too big to have on your lap at all times. First question: did this abbreviated checklist contain a separate item "starting with ground power" or at least a warning that the "starting with ground power" procedure is significantly different from "starting with battery power", and that reference needed to be made to the actual POH? I just checked the three POHs I have here, and the corresponding (owner/operator-issued) abbreviated checklists. I found that both the DA-40 (!!!) and the Robin do not have "GPU-assisted start" checklists in the actual POH (let alone in the abbreviated checklists I use), and while the Piper Warrior has such a procedure in the POH, that procedure gets no mention into the two abbreviated checklists I have here (from two different operators).

The second factor is that if the crew (or single pilot, let's not rule that out) even knew that such a procedure existed in the POH, did he remember at the correct time? We don't know what kind of flight it is, whether he had (potentially nervous) passengers around and such. But we can assume that he was under a little more stress than usual. After all, if you find yourself preflighting an aircraft and discovering the battery is flat, you may have to do all sorts of things that you've never had to do before: find a GPU and somebody knowledgeable and willing to assist you with it (and will that person have specific experience with the DA-42, or only with more traditional twins & singles?). Find the GPU receptacle, possibly discovering that the standard plugs do not fit. The stress of having somebody walking very close to the fuselage with the engines running. And the stress of all your mates looking at you at the clubhouse, because this is something out of the ordinary and that attracts attention by default. Now you can argue that one of the things a pilot needs to do is manage stress, and that all this should not impact your performance, but you have to admit that this may just be a factor in not starting to read the POH, looking for the appropriate checklist.

And the third factor is that the POH may not be of much help anyway. I just read through the Warrior POH with regards to the external power startup (admittedly, first time I ever read that part, didn't even know it was in), and basically it comes down to this:
- All electrics off
- Connect GPU
- Normal start according to normal start checklist
- Lowest revs as possible
- Disconnect GPU
And that's exactly what I would have expected it to say. The GPU is connected, replaces the function of the main battery so you can do a normal start, and you've got to be careful while somebody removes the GPU. I even can understand that with a twin the procedure would be to connect the GPU on the left hand side, then start the right hand side, disconnect, start the left hand side. But I would read that as a safety issue with regards to the person disconnecting the GPU, not something that would assure a sufficiently charged battery to raise the gear (far later into the flight). So if I were to find out that after starting the first engine and disconnecting the GPU, the second engine wouldn't start? I would hook up the GPU again and start the second engine.

As I said before, yes, formally we've got to use the POH and SOP with everything we do. But in reality, things are not that simple, for starters because the POH itself is way too bulky to keep on your lap throughout the flight. So we use abbreviated checklists, improvise when necessary, do things from memory and even forget things from time to time. The aircraft should be designed so that this does not lead to a potentially deadly incident, which EFATO clearly is. So if it is possible to get into a situation where you have both engines running but a depleted main battery (either though an improperly executed GPU procedure or in the situation where the battery just had enough juice to start two engines but then gave up the ghost) then the aircraft should be designed so that at the very least, when you raise the gear, the engines keep on running.

The DA-40 has ECU backup batteries which cannot be depleted except in case they run the ECU. As far as I'm concerned, that's a good start. Without something like this, it's an accident which can happen again, despite the procedure in the POH.

This will be my last post on the matter as I have said it is not really my scene.

In reply to 'confabulous' and to reassure 'B2N2' I agree that the pilot broke the rules in he did not adhere to SOP and the checklist - and for that he paid - fortunatly not with his life. It still begs the question as to whether the fact that this happened does not expose a deeper and far more alarming design failure by 'whoever', and a failure that needs an urgent fix.

You say neither Diamond or Theilert will back down. It matters not one jot whether they do or they don't. If they don't EASA will mandate and that is an end to the matter! They will mandate sooner rather than later which is just as well. It will also be a sad end to a 'marriage made in heaven'.

As for SOP and using the checklist, I was brought up in a tradition of ALWAYS using it and I am totally sympathetic to B2N2 on this issue. I have friends who remained in aviation and are now senior 747 captains or recently retired from such posts and own their own aircraft. In my experience they are almost all religious in their use of a checklist even on a basic Cessna. It is the new PPL's who seem to have a more cavalier attitude.

As for knowing the aircraft and the systems it is very worthwhile. As for fooling with CB's I don't think that's too clever. The SOP and checklist was designed by people who know the aircraft far better than a 'mere driver' will ever do. They are in all probability far better educated and probably far smarter and therefore it follows what they suggest should be treated with some respect. I have had too many young F/O straight from flying school and with a new type rating burning a hole in their pockets who suffered from what I called 'the flying hands' desease! Little hands seemed to have an affinity for pulling little round things in flight. They were just trying to impress but on occasions I have had to say "just sit on your hands and don't touch anything".

It seems I agree with Mike Cross. I wonder if it is the same Mike Cross who attended the same airline flying school as me all those years ago. If it is he will remember the ARB lectures in the wooden hut where we were taught about system redundancy! If it is we also flew in the same airline together. Check your licence number - it probably rather dates us both!

I am not about to cancel my order for a DA42 as I know one party in the dispute will be forced to back down and there will be a proper fix. I am also conscious that all new aircraft, particularly revolutionary ones like the DA42, will have a list of AD's. I ordered the aircraft with my eyes open. I am aware that the Malibu/Mirage had a terrible time here and the whole fleet was grounded for a while which rather frightened me off them.

The important lesson is to learn quickly from incidents and do something positive about it rather than argue the toss over it!

Happy days - I hope!

Not the same Mike Cross, but by the sound of it of similar age!

Mike

I thought maybe the Gulf Aviation BAC 1-11 of the 1970's Mike Cross.

I am glad this has stayed a sensible discussion from which we can all learn.

and the checklist - and for that he paid - fortunately not with his life. It still begs the question as to whether the fact that this happened does not expose a deeper and far more alarming design failure by 'whoever', and a failure that needs an urgent fix.

The engines will continue to run with the Master Switch off.
This means that you could experience some major electrical problems (smoke in the cockpit?), turn off the Master and the engines keep humming.
For some reason it has the idiosyncrasy that led to the above discussed accident.
Some weird combination of circumstances led to this.
That door will need to be closed, either by Thielert or by Diamond.
No discussion there really.
But it needs to be made clear that not every little or large electrical problem will lead to a double engine shut down.
Just in this case somebody managed (unfortunately) to get all the ducks lined up.

Instead, you use an abbreviated checklist because the actual POH is too big to have on your lap at all times.

That is why you need to refer to it when something occurs that is not covered by the abbreviated checklist. That is why the POH needs to be in the cockpit area within reach.

Find the GPU receptacle, possibly discovering that the standard plugs do not fit.

Diamond uses the standard three prong plug.

The stress of having somebody walking very close to the fuselage with the engines running.

On the DA-42 the receptacle is right in front of the nose gear well, if you follow the POH you can even disconnect it from the non running side.

you can argue that one of the things a pilot needs to do is manage stress, and that all this should not impact your performance, but you have to admit that this may just be a factor in not starting to read the POH, looking for the appropriate checklist.

Agree with you here. Unfortunately this is when, as a pilot, you need to raise a warning flag; step back and review the situation. That is the hard part, human factors. In a rush, in a hurry, under stress, peer pressure, they can all lead to cutting corners and taking risks that you normally would not.
In my humble opinion it takes a better pilot to cancel a flight then to go on one.

So if I were to find out that after starting the first engine and disconnecting the GPU, the second engine wouldn't start? I would hook up the GPU again and start the second engine.

This is where I feel the POH should be clearer and more precise.
The glow plug ( remember, it's a diesel) takes app. 35 amps for 20 sec or so.
The starter motor takes another 30 amps, the battery needs to be sufficiently charged before you attempt to start the second engine. It is probably worth mentioning in the POH that you may need to run the first engine for 5-10 min to charge the battery.

The aircraft should be designed so that this does not lead to a potentially deadly incident, which EFATO clearly is. So if it is possible to get into a situation where you have both engines running but a depleted main battery (either though an improperly executed GPU procedure or in the situation where the battery just had enough juice to start two engines but then gave up the ghost) then the aircraft should be designed so that at the very least, when you raise the gear, the engines keep on running.

Agree...partially. I honestly do not have enough info on the accident. It is unknown how long they took to complete the checks before T/O. I suspect they did not take enough time on the ground to verify the battery was sufficiently charged and the bus voltage sufficiently high (read normal).

How long does it take to charge a 10Amp/hr battery with two 60 amp alternators? Not very long.
The DA-42 does not have a run-up in the classic sense,it has an ECU test which talkes all but 10 seconds.
I don't know for how long they taxied, but it could not have been long.
Me and my colleagues have had to GPU start a 42 three times now, in every case the master switch was left on during the preflight and the preflight briefing (inside the building). Normal procedures were followed and no problems there. 6-10 min before take-off and gear retraction.
In the case of the above accident the battery drained completely overnight, they very well may simply not have spend enough time charging the battery, causing the voltage drop with gear retraction.

In any case, I am sure Diamond will send follow up communications as to preventing this from happening again as they are working on a fix to prevent it all together.

In all the discussion it should not be forgotten the 42 is a very new design and so is much of the technology.

I am not making any excuses for what may arguably be faults in the design, but I wonder whether the 42 is any more or less prone to the odd design fault compared with aircraft of yester year or whether the testing is less rigorous than in the past.

I have getting on for 50 hours now on this type and am in no doubt all of those hours have proved invaluably in understanding the systems, and in particular the emergency procedures. A number of other "issues" have arisen during this period and I know that Diamond have in hand a few modifications.

However, as others have said, the POH on this particular issue is in my view quite clear. If the pilots had followed the POH they would not have allowed this combination of circumstances to cause the failure. I cant imagine in any twin that you would not consult the POH before a ground start after a flat battery.

I think it does however reinforce the importance of having the POH with you if you intend to fly more complex types. The G1000 instrumentation provides a far greater range of fault finding information than conventional instrumentation, and by its very nature has greater propensity for unfamiliar faults to arise. Personally I wouldn’t go anywhere in a 42 without the POH, and also the supplementary manuals produced by Garmin and Diamond. The fact of the matter is they are all available as a PDF if you want to keep the original safe and are really not that bulky.

Without the POH a GUI annunciated fan fail will grab your attention mid channel in IMC and you may have no idea whether one or other or both of the glass screens is about to overheat or what actions to take. In fact your concern would be completely misplaced about either screen over heating, but you might well be excused for jumping to the wrong conclusion.

However, and all that said, the POH could in a number of cases be more descriptive of the fault background and more specific as to actions to be taken and why. For example a GUI fan fail may either mean the blower to the avionics bay has failed or the fault reporting circuit has failed. The POH gives little information of if and in what circumstances the avionics are likely to overheat and if they do, what the consequences are, other than a comforting continue the flight but have the system inspected when next on the ground.

Another good example is the consequence of an engine failure. The POH is silent on whether or not the autopilot can be used single engine. You would have thought anyone flying a 42 would want to know before their first flight.

To delay mowing the lawn, I've just been studying the wiring diagrams of the DA40 and 42. This thread made me wonder what would happen if the short circuit that was reported in a DA40, in the current occurrences list (200610457), happened in a DA42. The battery relay short circuited, so the electric master had to be switched off, but luckily, the DA40 was on the ground. If this had happened while airborne, after the smoke had cleared, the ECU backup battery should have kept the engine running for up to 20 minutes, and the backup AI should have been OK with its own emergency batteries, but the radios, navaids and GPS would have been unavailable. Not a good time to be mid-channel, but otherwise a situation you could cope with.

The DA42's wiring is more complicated, but it looks as though the situation would be the same, except that each ECU would be powered by the alternator on its engine. Normal operation of the landing gear would not be possible, as there would be no power to the main bus, so it would have to be dropped manually, and there would be no risk of the engines cutting out.

Protecting the ECUs from transients only seems to be necessary when the battery is discharged and the electric master is switched on. It seems to me that the simplest solution would be to put a voltmeter across the battery, and display the output from that on the MFD. Displaying a low battery voltage alert should make most of us reach for the POH.

Can't put off getting the lawn mower out any longer ...

I have no knowledge of the electrical system or the type of battery used, but you cannot put 60 amps into a conventional battery without a very big bang! If the battery is fully flat and it is being charged conventionally you would need hours not minutes for it to be voltage stable under load.

Rod1

soay, I agree with you in principle. If you would have some sort of "low battery" warning, most of us would not take off until it disappeared, or grab the abnormal/emergency checklist when in the air. However... I think this is very hard to implement in practice. After all, a voltmeter across the battery would show the *alternator* voltage (about 14 or 28 volts) once the alternators are running and connected to the battery, not the disconnected-battery voltage.

I'm not an electronics engineer but I believe you need some very sophisticated equipment to determine the state of a battery that's being charged. (OTOH - my laptop battery can show the % charged even when charging, so it is doable.)

B2N2 - I think you just gave the best advice which works in any case, regardless of the type of aircraft. After a GPU-assisted start, make sure you run the engines for at least five, maybe even ten minutes to get a minimal charge in the batteries before taking off. (On the other hand, don't certain types of alternators require a minimum RPM before supplying the 14/28 volts required to charge the battery?)

If the battery is fully flat and it is being charged conventionally you would need hours not minutes for it to be voltage stable under load.
Probably the best solution on a completely flat battery, replace with a new one or remove and completely charge.
Same solution as with "normal" airplanes.

DA-42 idle is set at 900 rpm and the alternators are charging at this setting.

Am I the only one who's puzzled by the POH?
You have flat batteries
You start one engine using ground power
You disconnect the ground power
You now have flat batteries being charged by one alternator
You get enough charge into the batteries to crank the other engine, that depletes the charge, you have flat batteries again.
You take off.
Who's to say that the charge in the batteries is now sufficient to maintain voltage under load?

It's the same principle as a car battery - starting takes a lump out of the charge but running the engine puts it back.

After starting the first engine, the GPU is disconnected so that the pilot can be sure that the aeroplane alternator is capable of powering the electrical system. The use of the battery to start the second engine proves that the battery is recharging properly - and therefore you can be confident that the battery is serviceable. Having decent alternators means that the battery charges quickly - unlike those on some conventional aeroplanes where there is insufficient alternator output at idle to prevent battery depletion.


I don't buy the arguments of moggiee et al. For years aircraft crashed because non-return valves were manufactured so that they could be inserted either way round. Writing documentation that said they had to be inserted the right way round didn't fix it. Making it mechanically impossible by having differing threads on each end did.

Sorry, I may not have made myself 100% clear. I am not saying that there is nothing wrong with the design - clearly there is. However, what I am saying is that it's a known problem which has a perfectly adequate, simple, reliable procedure in place to counter it. This applies to just about every aeroplane on the planet - certainly, for example, to every retractable undercarriage aeroplane where the SOP and landing checklist are designed to prevent a wheels up landing (if followed correctly).

The problem with even an almost-idiot-proof-SOP is that there is an SOP-proof idiot out there somewhere. Despite SOPs, landing checklists and green lights (lack of) there are still people who get it wrong and land wheels up.

My reference to the Kegworth B737-400 crash, for example, showed that despite FOUR indications of an engine problem on the LEFT engine (fluctuating N1, high EGT, low & fluctuating fuel flow and finally a full-scale vibration indication) the crew still managed to shut down the RIGHT hand engine by mistake because they did not follow their SOP.

The DA42 does need a re-design to prevent this happening again, and I'm confident that it will come. In the meantime, if crews follow the SOP and POH then this accident will not recur. However, as sure as the sun coming up each day, someone, somewhere today will be breaking an aeroplane because he did not follow the correct drills - either in normal or non-normal circumstances.

As crew, you are there as the last line of defence against the failings of the designers. No train, plane or automobile is 100% perfect, and most of us know that. The dangerous people are those who believe that a) the aeroplanes ARE perfect and that they will be safe no matter how little they know or b) that they know better than the designers/manufacturers who have flight tested and certified the aeroplane.

Probably the best solution on a completely flat battery, replace with a new one or remove and completely charge.
Same solution as with "normal" airplanes.
It's a sod to get out, though. We did that a while back when we had a flat battery, ensuring that it was charged before re-installation.

“Having decent alternators means that the battery charges quickly - unlike those on some conventional aeroplanes where there is insufficient alternator output at idle to prevent battery depletion.”

When I designed my electrical system I had to read a lot of text books. I will look it up tonight, but the rate a lead acid battery will charge, using standard charging circuitry, is very slow. I think, from flat, you would need hours, not minutes. An interesting point to note here is that when a power load is drawing a high current from the battery, the voltage will drop. This may mean that the battery needs to be somewhere near 50% charged to avoid a low voltage situation.

You have no reliable way to know the charge state of the battery you are about to rely on to avoid a nasty surprise.

Rod1

I think there may be a point that is being overlooked and this applies to all aircraft.

If a battery is too discharged to make a start by a short term drain like leaving the master on while briefing, it will usually still have adequate capacity to power anciallaries once the engine is started. It also will often make a re-start immediately, but this is because the battery still has substantial capacity left and the engine is hot, not because it has re-charged in a few minutes.

If a battery has become completely discharged, by leaving the master on all night for instance, then it is a different issue. The battery (with a resistive load) will have no capacity left at all and may also be damaged. No amount of ground running in this situation will make the battery 'safe' from the point of view of capacity after an alternator failure or any load exceeding the alternator output because the charge rate is so low that hours of flying would be required first.

In my view a battery that is completely flat also presents a hazard to the alternator because the current limiting regulator designer may not have envisaged the battery being a short circuit with an unknown restore time. Outcomes could include the one described in this thread, total electrical failure and in flight fire in almost any aircraft.

A lead acid battery will often be designed for a 12-hour charge and while a shorter time (say 1-2 hours) will prove that the battery is still serviceable, it is cavalier to just jump start and hope for the best in my view. I'd think twice about doing that in a Land Rover, let alone a glass cockpit IFR twin!

If you want to know everything about aircraft electrical systems have a look at;

http://www.aeroelectric.com/

Lots of battery stuff. Advice is charge a flat battery for 4 – 6 hours before relying on it to be voltage stable under load. This does not change no mater how good the alternators! You will also find a very good article on the difficulties of testing the “capacity” of a partly discharged battery, including some practical ways of doing this (in VMC).

Rod1

Fuji,

The POH Supplement "A13 - Autopilot" clearly states that the Autopilot can not be used for single engined operations.

It is also written on the very poorly placed placard on, by the door catch on the P1 side.

TY

3Y

Thanks for that - and I dont know how I missed that supp! At least all now read and digested.

I am told the KAP140 operates fine on one engine - but clearly outside the POH so I will be avoiding that particular route should the need ever arise :) .

That is why you need to refer to it when something occurs that is not covered by the abbreviated checklist. That is why the POH needs to be in the cockpit area within reach.
Being facetious, not sure having the PoH to hand during a double engine failure on gear retraction after take off would be much help!
I have no knowledge of the electrical system or the type of battery used, but you cannot put 60 amps into a conventional battery without a very big bang!
The problem here is not the need to power all the aircraft electrical systems, it's to prevent a transient voltage drop of the order of milliseconds from essentially rebooting all four ECU's at once ie v low current requirement.

You can add procedures as much as you want to the PoH for liability reasons, but it will never prevent accidents. On a conventional aircraft a PoH for morons may say reduce power with the throttle, but the the mixture will still be big, red and knobbly because it's a cheap and effective design solution preventing a proven mode of accidental user induced engine shutdown...

This failure mode unaddressed will dent confidence in any electronically controlled a/c engine, which is a shame as diesel and FADEC are quite obviously the future and 30yrs overdue....

on avweb:

Diamond DA42 Engine Fix: Engine AD in the Works?

Diamond Aircraft said on Friday that it’s continuing its investigation into the dual engine failure of a diesel-powered DA42 Twin Star last month in Germany, and the fix might be a backup battery for the engine’s electronic control units (ECUs). In meantime, AVweb has learned that an Airworthiness Directive for the airplane’s two Thielert 1.7 Centurion engines is pending. Diamond North American president Peter Maurer told AVweb on Friday that Thielert -- the engine supplier -- and Diamond aren’t working at cross purposes, since the problem obviously needs to be corrected. Maurer said that both of the Twin Star’s engines quit immediately after the pilot retracted the landing gear. Activation of the gear retraction system caved the electrical system voltage and knocked both ECUs offline. When the engines quit, the props immediately feathered and the airplane’s dual alternators, which are supposed to provide failsafe power to the ECUs, also died. The airplane landed with the gear partially retracted and was significantly damaged. Fortunately, the crew survived.

According to Diamond, the pilot found the aircraft with a dead battery, then took off immediately after starting it with ground power, without completely charging the battery. Although the airplane has dual alternators and dual buses, it’s unclear how independent the two buses actually are, since they’re connected through a battery isolation relay. In any case, neither alternator was delivering power because the offline ECUs stopped both engines. The ECUs are designed to reset after a failure, but will do so only if provided with sufficient operating voltage. One fix -- although it hasn’t been decided yet -- is to provide each ECU with its own independent backup battery or to isolate the dual buses more effectively, as some all-electric aircraft do. Diamond’s single-engine diesel, the DA40tdi, has a backup battery and Diamond has also discrete batteries for improved starting and for instruments in its two-seat DA20 C1 model. Another approach, says Maurer, is to use capacitors to bridge momentary voltage transients. Diamond and Thielert have yet to decide whether the proposed fix will be an engine or an airframe mod. Either way, says Maurer, airplanes will be retrofitted in the field, once the fix is developed

A capacitor, IMHO, would only help to bring the time an ECU can sustain a power transient, from 1.7 to 50 ms. I don't know what the switching time for a relay is, but this sounds about right for that. But 50 ms would not be enough to sustain a too-low bus voltage due to gear retraction - unless the DA-42 has some of the fastest retracting gear in the industry.

Backup battery sounds like the way to go.

Isnt there also a problem with backup batteries.

The batteries fitted on the 40 are very small and I gather have been found in a state of very low charge. Their life would also seem to be poor. I guess there is a positive check however in that I think the red button on the ECU panel on the 40 switches the ECUs to run on the backup battery and so presumably proves it is functional. However I am not certain this exists on all versions of the 40 ? In any event if a backup battery was the solution presumably some form of proving the backup would be required on the 42 ?

In response to ‘sternone’ report:

It is reassuring to hear that the three principles in the affair are working together towards a proper solution to this alarming failure. I have little doubt that between then a satisfactory fix will be arrived at.

Let us hope it ensures the engines keep running after a transitory voltage drop as well as after a total busbar collapse. Let us also hope they keep running for more than the time it takes to decide which God your going to put your money on!

As for who is to blame and who pays, let the lawyers get fat on that, God bless them!

I like to think this is probably an end to the matter in the real world. Lets hope so.

Was there ever a final report on this accident?

Julian, just to be pedantic.... quote.. your point of no return is suddenly several miles behind you....
The Point of No-Return will not change, no matter what happens to your aircraft.
Also if it is behind you, then just continue....
.

My business designs and manufactures battery monitors for the specialist vehicles and defence applications - we own the IP for the worlds most accurate state of charge and state of health technology. Unless you have a state of health monitor there is no way to check if that battery is flat or f****d. Many batteries are damaged (permanently) with excessive discharge - a jump start being an obvious symptom of excessive discharge. If the DA42 systems are indeed as described here, there’s no way you should attempt to reuse a flattened battery. Accident waiting to happen. What a stupid system - why didn’t they employ a proper electrical engineer to design a sensible fail-safe system?

Most modern batteries are pure lead AGM types - they’ll accept as much current as you can throw at them as long as the voltage is properly regulated.

The only way to accurately monitor battery state of health is to monitor the charge and recharge trend and compare that against the stated capacity of the battery over time. Battery testers (even expensive ohmic ones) don’t work (Enersys the worlds largest battery manufacturer states that battery testers cannot and will not work with their batteries).

FWIW Id only ever fit the Concorde AGM or EnerSys Pure Lead battery in my aircraft..

Accident waiting to happen. What a stupid system - why didn’t they employ a proper electrical engineer to design a sensible fail-safe system?

Keep in mind that what the pilots did was completely against procedures published in the POH.
You can’t engineer ‘stupid’ out of a system.
I worked for a flightschool where we ended up having 4 of these.
MX kept a set of batteries on a trickle charger and we averaged about 1 jumpstart per month as inevitably Master Switches are left on during preflight or postflight inspections.
Never a problem if you follow the instructions

Keep in mind that what the pilots did was completely against procedures published in the POH.
You can’t engineer ‘stupid’ out of a system.
I worked for a flightschool where we ended up having 4 of these.
MX kept a set of batteries on a trickle charger and we averaged about 1 jumpstart per month as inevitably Master Switches are left on during preflight or postflight inspections.
Never a problem if you follow the instructions

But what if the battery health is low due to excessive discharge? After charging there maybe just enough amp hours available to start the engines up etc but a short period of discharge could cause the voltage to sag.. starting engines use very very few amp hours so this scenario is possible. Just seems like a strange setup with the DA42 which could be avoided for not a lot of work and cost..

I have been flying a DA-42 recently and am interested in a bit of a follow-up in the intervening years since this accident.

It appears that that this happened in the early days when only Thielert engines were available and it appears that there were no ECU back-up batteries.

Was the solution a retrofit to the Thielert models with ECU back-up batteries or were there other changes?

I fly the Austro-engine versions but they used to be Thielerts. Did the factory-built Austro-engine versions get produced with ECU back-up batteries?

The Austro DA62s have:

Main Battery
2 x Alternators, each capable of supporting the entire electrical system.
Back up batteries for each ECU system (ie one left and one right).

The wiring schematic is rather busy (page 516 at http://support.diamond-air.at/fileadmin/uploads/files/after_sales_support/DA62/Airplane_Maintenance_Manual/Basic_Manual/70225-r1-complete.pdf) but clearly there is loads of redundancy. I think the Austro 42s are similar.

Dont use standard trickle chargers on sealed AGM aircraft batteries (i.e. a standard automotive charger).. The ripple voltage and fixed voltage output will damage the battery... needs to be a 3 stage output charger with a Gel/AGM battery setting..

Hi All,
So looking at the POH for DA42 with TAE-125-02-99 engines, there are ECU backup batteries. I can't seem to determine whether these are something that was added after the double engine failure crash or something that was in place before the crash.

Does anyone know? Was OAM 42-129 in response to the issues that caused the crash?

Thanks
Matt

Hi All,
So looking at the POH for DA42 with TAE-125-02-99 engines, there are ECU backup batteries. I can't seem to determine whether these are something that was added after the double engine failure crash or something that was in place before the crash.

Does anyone know? Was OAM 42-129 in response to the issues that caused the crash?

Thanks
Matt

The issue was resolved by an AD to fit back up battery’s to ensure the FADEC has power even if electrical power is lost on the rest of the aircraft.

These batterys are are time critical items and re-newed as part of the aircraft maintenance program.

They were added as a result of a crash, if I remember correctly the aircraft involved had a flat battery, they used external power to start an engine, then started the other, there was something in the flight manual re charging the battery etc that was missed by the crew, the aircraft was running ok and they departed, however the battery was in essence still nearly flat but was supplying sufficient power for the instruments and FADEC, upon take off the electric gear was selected up, this drew the available power resulting in the FADEC failing and both engines shutting down resulting in a crash landing, hence the independent power source being added.

Thank you chaps!