Posts about: "Fuel Cutoff" [Posts: 181 Pages: 10]

If the photo of the flaps deployed at the accident site is actually F1 not F5 or if the flaps were pushed out during impact, then this is certainly plausible. I will look for the photo but it's in the thread somewhere. Others are stating they see a gap between the wing and the flap as an argument for the flaps deployed at F5. This was after the decent started..

However, I think their reaction would likely be to apply more power. I know mine would be. But anything is possible!

This is a very plausible scenario. Above 400 ‘ AGL, memory items.

(Sorry, Airbus here and not familiar with Boeing) Flap 5 to 1 reduction on the Boeing triggers autothrust reduction, is that correct? If so, are there any other conditions that need to be met for this to happen like being in some kind of takeoff mode? Just thinking whether this would have potential otherwise in other regimes to cause issues, discontinued approach perhaps.

Am slightly puzzled as to why if flap reduction triggering climb thrust is part of the standard logic (and presumably clean-up technique) then partial dual thrust loss wouldn\x92t be immediately recognised as the classic symptom of gear / flap retraction handling error? I presume Boeing pilots / air India are just as aware of this it as everyone else, strikes me as odd that one would immediately go into full dual EF mode. My instinctive reaction without knowing the Boeing would be to firewall both TLs, would this have worked in the early flap retraction logic scenario? Many thanks all

Correct. That was the original purpose of the calculation. In addition to the sound itself having the measurable harmonic signature from other rat videos.
What this plot also does however is tell you the speed if you know the height or height if you know the speed.

The iphone used to film this were pictured somewhere, knowing the iphone model, and thus the characteristics of the camera, and the dimensions of the airplane it wouldn't be impossible to calculate height from the video imo.

Just throwing it out there if anyone sees the use and feels the call.

My personal amateur speculation still centers around the cut off switches.
I have spilled coffee and sweet tea over complex electro/mechanical switches/panels before(large format audio consoles with 8000 buttons) and seen unexpected things happen.

I am sure the switches are spectacularly well built, but they are in close proximity and thus prone to the same external factors.
Does anyone know if these two cut-off switches in such close proximity has the exact same installation, or they differentiated in some way that makes a freak failure mode in one not neccesarily affect the other the same way?

This is a regular test during maintenance at my airline (British operator of 787s)
Carried out as part of a 12k check.

Fuel level in the wing tanks made to be between 3100 kg & 3400kg. Engines are started, APU shut down and boost pumps are selected off.
As long as the engines keep running, it\x92s test passed. (Just have to remember to fire the APU back up before shutting the engines down!)

Unless the distance from the phone to the aircraft is known, it is impossible to calculate the height.

I will wager that this is absolute nonsense. The effect of pulling the power levers back to idle at rotate would be readily countered by pushing them back up again. The engines are still delivering thrust, it is a function of N1, not the lever. The lever commands where the thrust level will end up, the N1 gives the thrust output. The acceleration/thrust characteristics of these engines is not like a J52 or JT3D etc.

The proposition that is floated is that the pilot does not pull back on the control column, which he is holding onto with both hands as his seat slides backwards like a caricature of a bad Cessna 180 seat rail, that is plainly obvious from the pitch attitude of the aircraft, yet grabs lustily a double handful of thrust levers and holds onto those until meeting Ganesh in the next life?

Greek papers appear to be as rigorous and incisive in their cognition as the Daily Telegraph. Golly.

Seats: electric.
RAT deployment... presumably the hapless pilot doesn't grab the control column, or the thrust levers, just grabs both fuel control switches instead????

Do any reporters bother to read what they write?

I think it\x92s made up nonsense, but it is at least worth noting that pulling back to idle and pushing back with the wheels still on the ground is a potential TCMA trigger.

To simplify the chicken/egg:

Tdracer earlier confirmed that an airplane electrical power loss would allow engines to keep running , because 1) engines are fully-capable of suction feed operation in takeoff envelope (if boost pumps lost), and 2) the EECs are powered by their own PMAs when running and to substantially below idle (I recall roughly 10% N2). Airplane powers the EEC for ground starts, prior to PMA coming online, and as backup to the PMA after that.

Related:

Engine igniters are powered by the aircraft. So theoretical full loss of aircraft power would disable Autorelight upon a flameout. Ignitors typically don't make the cut for most-essential battery-only loads because it would also take an engine flameout, and the airplane past V1 in ground roll can fly fine on one engine that can achieve takeoff thrust.

Autorelight is relevant - if there was a single-engine failure post V1, autorelight will attempt to relight the engine, so there is no need for a pilot to try to cycle the fuel switch to reset the EEC (potentially grabbing the wrong one), or to otherwise intervene. In such a circumstance, they need to trust their training. I've heard accounts that the most likely pilot instinct in such a situation would be to push the throttle(s) forward.

Finally - there was talk earlier about accidentally cutting the fuel switches - and it was duly noted that they have to be pulled out over the detent, so very unlikely. The same cutoff effect could be achieved with the engine fire handle(s), right behind the fuel switches on the pedestal - though they are an upward pull, so also not subject to inadvertent or accidental engagement.

A loss of lift AND thrust at this critical juncture could have had caused this awful disaster. I think the data recorders have already revealed the cause but If it's this, then I don't think we will hear much anytime soon.

There have been many speculations about latent threats in systems\x92 design. If you can easiliy come up with some possible latent threat, what are the changes that not a one professional person designing, testing and certifying it couldn\x92t figure it out? Or it was ignore if recognised?

Without any 787 knowledge, I would assume two discreet signals from respective Engine Fuel Switch to each FADEC channel, possibly with other redundancies. Or other solution that is at least as robust.

If decrease in thrust not by transition to climb thrust due to early inadvertent flap retraction and pilot action on fuel control switches from accomplishing dual engine failure memory items, then fuel cavitation /fuel fumes lock may be a cause. Just saying.

I was not aware that we have granular ADS-B data from the a/c itself showing airspeed post rotation (rather than speed interpolated from GPS). Apologies if I have missed it. If it does show acceleration after takeoff I tend to agree with you.

In no particular order, here are some more thoughts on TCMA having caught up on the thread:

If you cut the fuel from two big engines at take-off power, there must be some delay before n2 decays below the threshold for generation (below idle n2), the generators disconnect and RAT deploys. GEnx have relatively long spool up/down times as the fan is so large (and would be exposed to 170+kts of ram air). Perhaps someone has a view on how long this would be, but I imagine it could easily be 10s or more between fuel cut off and RAT deployment. On AI171 the RAT appears to be already deployed at the beginning of the bystander video. That starts c. 13s before impact and around 17s after rotation. This does not prove anything except that the supposed shut down must have happened very close to rotation and could have happened just before rotation while the a/c was on the ground.

As a thought experiment, imagine if ANA985 in 2019 had decided to go around. The a/c rotates and is ~50 ft above the runway, suddenly both engines spooling down, very little runway left to land on and no reverse thrust available. I am struck by how similar this scenario is to AI171. This theory would require there to have been unexpected thrust lever movement in the moments before rotation - but plausibly one pilot moving to reject, followed by an overrule or change of heart - or even a simple human error such as the recent BA incident at LGW - could achieve this. This is perhaps more likely that any sensor fault that you would expect to only impact a single engine given the redundancy of systems.

Tdracer writes that a key requirement of TCMA is to identify an engine runaway in the event of an RTO, in order to allow the a/c to stop on the runway. This will have been tested extensively - it is a big leap to imagine a false activation could be triggered. It did happen on ANA985 but through a very unusual set of inputs including application of reverse (albeit this latter point may not be relevant if TCMA logic does not distinguish between the reverser being deployed or not).

Incidentally there is an assumption the TCMA software version in place on the ANA flight had already been patched and fixed on AI171. That probably is the case but I am not sure it is a known fact.

In summary I remain baffled by this tragic accident. I have not yet read anything that explicitly rules out TCMA activation and it remains a possibility due to the vanishingly small number of factors that could shut down two engines at apparently the exact same moment when they have fully redundant systems. Fuel contamination, for example, has typically impacted each engine a few minutes (at least) apart. I am also cautious (as others have pointed out) of a form of confirmation bias about Boeing software systems with four-letter acronyms.

In my mind the cause could equally well be something completely different to anything suggested on this thread, that will only become clear with more evidence. All of the above also incorporates a number of theories, i.e. that there was an engine shutdown - that are not conclusively known.

Thank you to the mods for an excellent job.

This doesn't make any sense. The plane was in the air for approximately 30 seconds, the plane stops climbing around 12 seconds after take off, and the noise of the RAT is heard 11 seconds before the plane crashes - even if we assume the RAT both deploys instantly and deployed the exact moment that video began recording, that only gives the pilots a 7 second window to perform an action that results in it being deployed.

There just isn't enough time for the RAT to be deployed as a result of any action by the crew, IMHO. And to demonstrate how long 7 seconds is - that's enough to say 20 words, assuming no interruptions .

If you read the thread, you would know:

The RAT was almost certainly deployed. 4 different sources.
The Flaps were not retracted. Visible at the accident site plus many other sources agreeing they were indeed down.
APU will autostart when all engine power is lost. Potentially explaining why the inlet door was open or partially open at the accident site. Mentioned in several previous posts
On a 787-8, the main bogies tilt as the 1st action of the gear retract sequence. As stated in previous posts. I don't think this happens unless gear is selected up. So the conclusion was, gear was selected up. One caveat, IIRC, there was some discussion around a failure could have caused the bogies to tilt without Gear up being selected but I don't recall the outcome.
As for the Air France remark, un-necessary IMHO. Let's respect the crews please.

OK, I promised some informed speculation when I got back, so here goes:
Disclaimer: never worked the 787, so my detailed knowledge is a bit lacking.

First off, this is perplexing - especially if the RAT was deployed. There is no 'simple' explanation that I can come up with.

GEnx-1B engines have been exceptionally reliable, and the GE carbon composite fan blades are very robust and resistant to bird strike damage (about 15 years after the GE90 entry into service, I remember a GE boast that no GE90 (carbon composite) fan blades had needed to be scrapped due to damage (birdstrike, FOD, etc. - now that was roughly another 15 years ago, so is probably no longer true, but it shows just how robust the carbon composite blades are - far better than the more conventional titanium fan blades).

Not saying it wasn't somehow birdstrike related, just that is very unlikely (then again, all the other explanations I can come up with are also very unlikely ).

Using improper temp when calculating TO performance - after some near misses, Boeing added logic that cross-compares multiple total temp probes - aircraft TAT (I think the 787 uses a single, dual element probe for aircraft TAT, but stand to be corrected) and the temp measured by the engine inlet probes - and puts up a message if they disagree by more than a few degree tolerance - so very, very unlikely.

N1 power setting is somewhat less prone to measurement and power setting errors than EPR (N1 is a much simpler measurement than Rolls EPR) - although even with EPR, problems on both engines at the same time is almost unheard of.

The Auto Thrust (autothrottle) function 'falls asleep' at 60 knots - and doesn't unlock until one of several things happens - 250 knots, a set altitude AGL is exceeded (I'm thinking 3,000 ft. but the memory is fuzzy), thrust levers are moved more than a couple of degrees, or the mode select is changed (memory says that last one is inhibited below 400 ft. AGL). So an Auto Thrust malfunction is also extremely unlikely. Further, a premature thrust lever retard would not explain a RAT deployment.

TO does seem to be very late in the takeoff role - even with a big derate, you still must accelerate fast enough to reach V1 with enough runway to stop - so there is still considerable margin if both engines are operating normally. That makes me wonder if they had the correct TO power setting - but I'm at a loss to explain how they could have fouled that up with all the protections that the 787 puts on that.

If one engine did fail after V1, it's conceivable that they shut down the wrong engine - but since this happened literally seconds after takeoff, it begs the question why they would be in a big hurry to shut down the engine. Short of an engine fire, there is nothing about an engine failure that requires quick action to shut it down - no evidence of an engine fire, and even with an engine fire, you normally have minutes to take action - not seconds.

The one thing I keep thinking about is someone placing both fuel switches to cutoff immediately after TO. Yes, it's happened before (twice - 767s in the early 1980s), but the root causes of that mistake are understood and have been corrected. Hard to explain how it could happen (unless, God forbid, it was intentional).

Not 757 - it was a 767. Second time it happened in about 12 months.

Determined to be an ergonomics problem with the switch layout in the flightdeck.

Early 767s (JT9D and CF6-80A) had a supervisory "EEC" (Electronic Engine Control - Boeing still uses "EEC" to identify what most people call the FADEC on modern engines). The procedure if an EEC 'failed' was to switch both EECs off (to prevent excessive throttle stagger - unlike FADEC, the engine could operate just fine with a supervisory EEC failed).

Problem was that the EEC ON/OFF switch was located on the aisle stand - right above the fuel cutoff switches. Turned out 'muscle memory' was when the pilot reached down there, it was usually to turn the fuel ON or OFF - which is what they did. Fortunately realizing what he'd done wrong, the pilot quickly restored the switches to RUN and both engines recovered. And yes, they continued on to their destination (RAT was still deployed since there is no way to retract it in-flight).

Previous event was with JT9D engines (United IIRC). In that case, only one engine recovered (second engine went into an unrecoverable stall), they simply came back around and did a single engine landing.

Realizing the ergonomic issue, the EECs were relocated to the pilot's overhead (retrofit by AD).

To the best of my knowledge, there hasn't been a repeat of an inadvertent dual engine shutdown since the EEC switches were relocated. It's also very difficult to 'accidentally' move the switches as there is a locking detent - the switch must be pulled out slightly before it can be moved to CUTOFF.

On item 1, the TCMA issue should have been fixed, it does fit the sort of issue that occurred here. TDRACER can talk to that, and has done in 2019 and again in post 792. As to flap auto retraction, the B787 like all Boeings has a gated flap lever, and the flaps are only able to move independent of the lever by flap load relief. That would not have caused a loss of thrust, and in this case it is evident that the event is a thrust loss not a CL loss.

On item 2, the video shows no asymmetry at any time, so there is only a symmetric failure of the engines possible. Back on a B747 classic, you could chop all 4 engines at the same time with one hand, on a B737, also, not so much on a B777 or B787. I would doubt that anyone used two hands to cut the fuel at screen height. Note, there was a B744 that lost one engine in cruise when a clip board fell off the coaming. Didn't happen twice, and it only happened to one engine.


​​​​​
Neila83 is correct, the gear tilt pre retraction is rear wheels low, and at the commencement of the selection of the retraction cycle (generally), the first thing that happens is the inboard MLG doors start to open below the wheel well and then the bogie is driven to front wheels low. (There is also an option that the inboard gear doors start to open early as a result of WOW sensing to improve the SSL climb limit). [my bad, for the B788 Capt Bloggs informs us the gear door sequence is after the tilt, not before, the B789 has the before tilt, the option for the door open at rotate is separate]

The inboard doors do not appear to have opened in this case, yet, the gear is forward wheels down. This appears to be out of sequence. TD may have better knowledge on the options that exist with the B788, but this is not looking good at this time.

There is enough in the way of anomalies here to end up with regulatory action, and airlines themselves should/will be starting to pore over their systems and decide if they are comfortable with the airworthiness of the aircraft at this moment. A latent single point of failure is not a comfortable place to be. Inhibiting TCMA might be a good interim option, that system could have been negated by having the ATR ARM switches....(Both)... ARM deferred to the before takeoff checks. The EAFR recovery should result in action within the next 24-48 hours. Boeing needs to be getting their tiger teams warmed up, they can ill afford to have a latent system fault discovered that is not immediately responded to, and the general corporate response of "blame the pilots" is not likely to win any future orders.

I think we are about to have some really busy days for the OEM.


Not sure that Neila83 is that far off the mark at all.

I have seen your previous posts about this, and I happen to agree. Visually, as a lay man non visuals expert, I am in your \xabcamp.\xbb

However, the rat is small, and the artifacts are plentiful. Small sensor, compressed video, compressed upload, zoom, it is in short an awful source.

However, the RAT is a much better noisemaker, and the audio signature is much more obvious than it’s visual appearance in this case, and though the recording isn’t fantastic quality, there was more than enough information there to objectively conclude the RAT is out. And that is my professional, on the weekend, opinion.

I want to ask a pretty frank question for all of you, and I hope it is ok, from an audio specialist non-pilot:
Provided the engines spooled down. Provided the RAT is out. (There are no explosions, no bird strikes.)
Isn’t software and previous electrical failures a red herring too?Would anything but a complete fuel shut off lead to this result? That still leaves everything from the Fate is the Hunter plot, to Airbus A350 center consoles and Alaska 2059 open as root causes.

Another hour spent sifting through the stuff since last night (my sympathies to the mods ). A few more comments:

"Real time engine monitoring" is typically not 'real time' - it's recorded and sent in periodic bursts. Very unlikely anything was sent from the event aircraft on this flight.

Commanded engine cutoff - the aisle stand fuel switch sends electrical signals to the spar valve and the "High Pressure Shutoff Valve" (HPSOV) in the Fuel Metering Unit, commanding them to open/close using aircraft power. The HPSOV is solenoid controlled, and near instantaneous. The solenoid is of a 'locking' type that needs to be powered both ways (for obvious reasons, you wouldn't want a loss of electrical power to shut down the engine). The fire handle does the same thing, via different electrical paths (i.e. separate wiring).

As I've noted previously, a complete loss of aircraft electrical power would not cause the engines to flameout (or even lose meaningful thrust) during takeoff. In the takeoff altitude envelope, 'suction feed' (I think Airbus calls it 'gravity feed') is more than sufficient to supply the engine driven fuel pumps. It's only when you get up to ~20k ft. that suction feed can become an issue - and this event happened near sea level.

Not matter what's happening on the aircraft side - pushing the thrust levers to the forward stop will give you (at least) rated takeoff power since the only thing required from the aircraft is fuel and thrust lever position (and the thrust lever position resolver is powered by the FADEC).

The TCMA logic is designed and scrubbed so as to be quite robust - flight test data of the engine response to throttle slams is reviewed to insure there is adequate margin between the TCMA limits and the actual engine responses to prevent improper TCMA activation. Again, never say never, but a whole lot would have had to go wrong in the TCMA logic for it to have activated on this flight.

Now, if I assume the speculation that the RAT deployed is correct, I keep coming up with two potential scenarios that could explain what's known regarding this accident:
1) TCMA activation shutdown the engines
or
2) The fuel cutoff switches were activated.
I literally can come up with no other plausible scenarios.

In all due respect to all the pilots on this forum, I really hope it wasn't TCMA. It wouldn't be the first time a mandated 'safety system' has caused an accident (it wouldn't just be Boeing and GE - TCMA was forced by the FAA and EASA to prevent a scenario that had never caused a fatal accident) - and there would be a lot embarrassing questions for all involved. But I personally know many of the people who created, validated, and certified the GEnx-1B TCMA logic - and can't imagine what they would be going through if they missed something (coincidentally, one of them was at my birthday party last weekend and inevitably we ended up talking about what we used to do at Boeing (he's also retired)). Worse, similar TCMA logic is on the GEnx-2B (747-8) - which I was personally responsible for certifying - as well as the GE90-115B and the 737 MAX Leap engine - the consequences of that logic causing this accident would be massive.