June 14, 2025, 23:45:00 GMT
permalink Post: 11901966
Several hundred posts ago, a link to a PPrune thread re 787 RAT deployment was posted. I am sure everyone posting has at least seen if they have read the thread....
I apologise, if my thoughts have already been posted - please delete if this is the case, I cannot find them in the main thread though
None of us know if there was no engine failure, single engine failure or double engine failure.
If RAT was deployed, we do not yet know whether it was automatic or manually deployed by a very experienced captain because "We have no power. What harm can it do now?" (Electrical power, not thrust) Would the Captain also elect to start the APU in the few seconds he had?
In the thread re 787 RAT deployment, some one states that a single engine failure, due to the small rudder size on 787-8, automatically throttles back the remaining engine as the rudder will not be able to correct the course. I am not clear about the guards around this - be they height restrictions, speed restrictions or % of power delivery. If there are any guards in the software. It may have been stated and I missed it or didn't understand.
However, as someone involved with critical software design & development, if the generators were "playing up", which is highly possible given passenger observations on previous flights, could there be a window, if the aircraft experienced a problem with say no 1 engine ( suggested in video "analysis" despite the aircraft tracking right ) whereby the loss of electrical power triggered the software to "throttle back" No 2, and that again limiting any recovery of No 1, if the generators on 2 didn't perform/react as planned. Software always has holes.
The primary flight deck screens have battery backup - but do they lose power when the main buses go offline - and/or again when the RAT delivers? Or is it seemless? Previous posts mention both scenarios but with no answer. Are there flickers, resets, reboots? All distracting at best and time limiting at worst.
I think a pertinent point posted earlier, was that the problems seems to have begun with "gear up", a lot of load on the electrically driven, hydraulic pumps.
Seemingly started, but obviously not completed.
I believe the 2 guys sitting in row 0 dealing with this, were just passengers from the moment it left the gate - for whatever reason. The mayday call, by whichever pilot - although no transcript officially published - was probably a last ditch attempt to alert ATC asap to a situation with a clear outcome. Very sad. It is bad form to point the finger before any useful facts are confirmed.
So, I suspect generator problems & a hole in the software and/or logic due to timing issues caused by generators appearing to be on/offline -maybe rapidly - restricting thrust by design..
I apologise, if my thoughts have already been posted - please delete if this is the case, I cannot find them in the main thread though
None of us know if there was no engine failure, single engine failure or double engine failure.
If RAT was deployed, we do not yet know whether it was automatic or manually deployed by a very experienced captain because "We have no power. What harm can it do now?" (Electrical power, not thrust) Would the Captain also elect to start the APU in the few seconds he had?
In the thread re 787 RAT deployment, some one states that a single engine failure, due to the small rudder size on 787-8, automatically throttles back the remaining engine as the rudder will not be able to correct the course. I am not clear about the guards around this - be they height restrictions, speed restrictions or % of power delivery. If there are any guards in the software. It may have been stated and I missed it or didn't understand.
However, as someone involved with critical software design & development, if the generators were "playing up", which is highly possible given passenger observations on previous flights, could there be a window, if the aircraft experienced a problem with say no 1 engine ( suggested in video "analysis" despite the aircraft tracking right ) whereby the loss of electrical power triggered the software to "throttle back" No 2, and that again limiting any recovery of No 1, if the generators on 2 didn't perform/react as planned. Software always has holes.
The primary flight deck screens have battery backup - but do they lose power when the main buses go offline - and/or again when the RAT delivers? Or is it seemless? Previous posts mention both scenarios but with no answer. Are there flickers, resets, reboots? All distracting at best and time limiting at worst.
I think a pertinent point posted earlier, was that the problems seems to have begun with "gear up", a lot of load on the electrically driven, hydraulic pumps.
Seemingly started, but obviously not completed.
I believe the 2 guys sitting in row 0 dealing with this, were just passengers from the moment it left the gate - for whatever reason. The mayday call, by whichever pilot - although no transcript officially published - was probably a last ditch attempt to alert ATC asap to a situation with a clear outcome. Very sad. It is bad form to point the finger before any useful facts are confirmed.
So, I suspect generator problems & a hole in the software and/or logic due to timing issues caused by generators appearing to be on/offline -maybe rapidly - restricting thrust by design..
June 15, 2025, 00:08:00 GMT
permalink Post: 11901978
Lull
Consider losing one engine on the Dream. If it is a generator that's failed let's say #2 . Do the electric fuel pumps lose power? Only in #2? Does the mechanical pump start feeding right away? If so, is there a lull? Are both engines fuel pumps supplied off one Gen?
See I think there was no simultaneous loss of both 1, 2.
The odds give me a migraine. I still wonder if TCMA knows the difference between parked, rolling, rotated brakes and stowed. Only parenthetically, it didn't do this
See I think there was no simultaneous loss of both 1, 2.
The odds give me a migraine. I still wonder if TCMA knows the difference between parked, rolling, rotated brakes and stowed. Only parenthetically, it didn't do this
June 15, 2025, 00:53:00 GMT
permalink Post: 11902007
June 15, 2025, 00:54:00 GMT
permalink Post: 11902008
I think it needs to be said again that pretty much anything can happen to the aircraft systems and the engines will carry on running - this is by design as they have independent FADEC and power supplies and at sea level fuel will get through without boost pumps. You could almost saw the wing off the fuselage and the engine would still produce thrust, TCMA notwithstanding.
Anyway, the thing I'm looking at is how the fuel cutoff switch function could have been activated in some other way. To me, it seems obvious that there are wires that run between the engine fuel shutoff valves and the cockpit / flight control panel (no doubt with relays etc in between). I don't know where those shutoff valves are located, but logic says they should be located in the fuselage, not out at the engines. I also don't know how those valves operate - are they solenoid valves or electro-mechanically driven? Nor do I know where the power to activate those valves comes from, but using my logic, if those valves close when powered off, such as solenoid valves typically do, then the power cannot exclusively come from the engine-dedicated generators. If it did, you'd never be able to start the engines so they could supply their own power to hold those valves open. So, there must be some power (appropriately) fed from the main aircraft control bus to activate those valves - if the rest of what I'm assuming is correct. Anyway, like I say, I don't know enough about the details at this point, but there are many more ways to activate or deactivate a circuit than by flicking a switch. Killing the relevant power supply, for example. A screwdriver across some contacts (for example), another. Shorting a wire to Chassis, maybe. Just trying to contribute what I can.
You raise another interesting point: "TCMA notwithstanding". Could you elaborate, please? What will happen if the TCMA system, which apparently also has some degree of engine control, loses power? The problem with interlinked circuits and systems is that sometimes, unexpected things can happen when events that were not considered actually happen. If one module, reporting to another, loses power or fails, sometimes it can "tell" the surviving module something that isn't true... My concern is where does the power to the Fuel Cutoff switches come from? Are there relays or solid-state switches (or what?) between the Panel Switches and the valves? If so, is the valve power derived from a different source, and if so, where? Are the valves solenoids, open when power applied, or something else? What is the logic involved, between switch and valve?
Would you mind answering these questions so I can ponder it all further, please? If I'm wrong, I'll happily say so.
We don\x92t know yet what actually triggered the RAT from the relatively short list but every item on it means there is a serious/critical failure(s). The flight path suggests that it was a double engine failure or shutdown (commanded or uncommanded) as anything else should have left the aeroplane in a poor state but able to climb away.
June 15, 2025, 02:24:00 GMT
permalink Post: 11902058
Consider losing one engine on the Dream. If it is a generator that's failed let's say #2 . Do the electric fuel pumps lose power? Only in #2? Does the mechanical pump start feeding right away? If so, is there a lull? Are both engines fuel pumps supplied off one Gen?
See I think there was no simultaneous loss of both 1, 2.
The odds give me a migraine. I still wonder if TCMA knows the difference between parked, rolling, rotated brakes and stowed. Only parenthetically, it didn't do this
See I think there was no simultaneous loss of both 1, 2.
The odds give me a migraine. I still wonder if TCMA knows the difference between parked, rolling, rotated brakes and stowed. Only parenthetically, it didn't do this
The Thrust Control Malfunction Accommodation TCMA shuts down an engine when an idle asymmetry is detected . On the ground . With thrust levers at idle . The engine in question triggers the condition when it is above idle and not decelerating normally . That is multiple failure conditions that need to have occurred in the system to allow that to occur. It is nearly as wild a circumstance as the QFA 072 suspected cosmic bit flip, except that these are supposed to be independent systems. This does have the authority when the conditions exist to turn off the noise. That is the only reason it is a subject of interest.
The Thrust Asymmetry Protection gives a limited authority to reduce thrust on the surviving engine to maintain control. It would not trigger the conditions that the engines have gone silent, and hydraulics/electrics have been mussed up. That puts a spotlight on what has to go wrong on TCMA to get it to trigger outside of the conditions that it is intended to.
No yaw input, no roll input, no asymmetry. That leaves either both engines running at normal TO thrust or both having a simultaneous bad day out. Giving car keys to HAL 9000 can have some issues, and cosmic radiation is around a lot.
June 15, 2025, 02:36:00 GMT
permalink Post: 11902060
Difficult!? Maybe not. If very late the flaps were tagged stowed, and there was a simultaneous gear up command, with FlapDown command, the overload could have failed a GCS. Then it becomes a switching exercise. (Automatics).
Alarms Warnings Impacted EICAS, ETC. it happened long ago, but we know what happens when an engine driven generator quits ..first it bangs for awhile, then it burns itself up, then ...
Alarms Warnings Impacted EICAS, ETC. it happened long ago, but we know what happens when an engine driven generator quits ..first it bangs for awhile, then it burns itself up, then ...
Thanks for answering the question I hadn't yet asked but wanted to confirm!
I'm still sticking with "Major Electrical Fault" as my most likely cause, and this adds to my suspicions.
As I understand it, the landing gear is raised / retracted by electric motor-driven hydraulic pump (pumps?). This/these would create a significant electrical load.
If the plane's multi-redundant electrical system has a fault which is intermittent (the worst kind of electrical issue to diagnose), and which causes the redundancy controls to go haywire (as there are, of course, electronic controls to detect failures and drive the switching over of primary and backup electrical supplies), then this fault could to triggered by a large load coming on-line. It could even be as simple as a high current cable lug not having been tightened when a part was being replaced at some stage. The relevant bolt might be only finger-tight. Enough to work 99.99% of the time between then and now... But a little bit more oxidation, and particularly, a bit more heat (it was a hot day), and suddenly, a fault.
Having worked in electronics for years, I know that semi-conductors (and lots of other components, especially capacitors [and batteries]) can also degrade instead of failing completely. Electro-static discharges are great for causing computer chips to die, or go meta-stable - meaning they can get all knotted up and cease working correctly - until they are powered off for a while. They can also degrade in a way that means they work normally a low temperatures, but don't above a certain temperature.
Anyway, there MUST be ways that the redundant power supplies can be brought down, simply because, to have a critical bus powered from a number of independent sources, there must be "controls" of some sort. I don't know how it's done in the 787, but that's where I'd be looking.
As there is a lot of discussion already about how the bogies are hanging the wrong way suggesting a started but failed retraction operation, and it's now confirmed that the retraction would normally have taken place at about the point where the flight went "pear shaped", I'm going to suggest that the two things are connected. More than that: I'll suggest that the Gear Up command triggered the fault that caused both engines to shut down in very short succession. Nothing the pilots did wrong, and no way they could have known and prevented it.
It's going to be difficult to prove though.
I'm still sticking with "Major Electrical Fault" as my most likely cause, and this adds to my suspicions.
As I understand it, the landing gear is raised / retracted by electric motor-driven hydraulic pump (pumps?). This/these would create a significant electrical load.
If the plane's multi-redundant electrical system has a fault which is intermittent (the worst kind of electrical issue to diagnose), and which causes the redundancy controls to go haywire (as there are, of course, electronic controls to detect failures and drive the switching over of primary and backup electrical supplies), then this fault could to triggered by a large load coming on-line. It could even be as simple as a high current cable lug not having been tightened when a part was being replaced at some stage. The relevant bolt might be only finger-tight. Enough to work 99.99% of the time between then and now... But a little bit more oxidation, and particularly, a bit more heat (it was a hot day), and suddenly, a fault.
Having worked in electronics for years, I know that semi-conductors (and lots of other components, especially capacitors [and batteries]) can also degrade instead of failing completely. Electro-static discharges are great for causing computer chips to die, or go meta-stable - meaning they can get all knotted up and cease working correctly - until they are powered off for a while. They can also degrade in a way that means they work normally a low temperatures, but don't above a certain temperature.
Anyway, there MUST be ways that the redundant power supplies can be brought down, simply because, to have a critical bus powered from a number of independent sources, there must be "controls" of some sort. I don't know how it's done in the 787, but that's where I'd be looking.
As there is a lot of discussion already about how the bogies are hanging the wrong way suggesting a started but failed retraction operation, and it's now confirmed that the retraction would normally have taken place at about the point where the flight went "pear shaped", I'm going to suggest that the two things are connected. More than that: I'll suggest that the Gear Up command triggered the fault that caused both engines to shut down in very short succession. Nothing the pilots did wrong, and no way they could have known and prevented it.
It's going to be difficult to prove though.
In addition, the 787 has four main generators and I believe the switching is segregated into at least two controllers, on top of the four separate generator control units.
And again, electrical failure should not cause engine failure - consider QF32 where the wiring to the engine was mostly severed and they had to drown it with a fire truck.
Best post until now in my view. We will find out very soon I think. Gear up command triggered the instant lack of fuel to both engines. I'm not sure on how the fuel flow is dependant on the power supplies on the 787 but I genuinely believe you are very very close to what might have happened here.
Yes, thanks, I've seen a few comments to this effect, and I have to accept most of what you say. I understand that they have their own dedicated generators and local independent FADECs (or EECs), but I'm trying to use what I do know to attempt to figure this out. I know that there are Fuel Cutoff switches in the cockpit. Somehow, if switched to Off, these will cut off the fuel to the engines, "no matter what". Of course, even that's not true, as the Qantas A380 engine burst apparently (comment in this thread) showed.
Anyway, the thing I'm looking at is how the fuel cutoff switch function could have been activated in some other way. To me, it seems obvious that there are wires that run between the engine fuel shutoff valves and the cockpit / flight control panel (no doubt with relays etc in between). I don't know where those shutoff valves are located, but logic says they should be located in the fuselage, not out at the engines. I also don't know how those valves operate - are they solenoid valves or electro-mechanically driven? Nor do I know where the power to activate those valves comes from, but using my logic, if those valves close when powered off, such as solenoid valves typically do, then the power cannot exclusively come from the engine-dedicated generators. If it did, you'd never be able to start the engines so they could supply their own power to hold those valves open. So, there must be some power (appropriately) fed from the main aircraft control bus to activate those valves - if the rest of what I'm assuming is correct. Anyway, like I say, I don't know enough about the details at this point, but there are many more ways to activate or deactivate a circuit than by flicking a switch. Killing the relevant power supply, for example. A screwdriver across some contacts (for example), another. Shorting a wire to Chassis, maybe. Just trying to contribute what I can.
You raise another interesting point: "TCMA notwithstanding". Could you elaborate, please? What will happen if the TCMA system, which apparently also has some degree of engine control, loses power? The problem with interlinked circuits and systems is that sometimes, unexpected things can happen when events that were not considered actually happen. If one module, reporting to another, loses power or fails, sometimes it can "tell" the surviving module something that isn't true... My concern is where does the power to the Fuel Cutoff switches come from? Are there relays or solid-state switches (or what?) between the Panel Switches and the valves? If so, is the valve power derived from a different source, and if so, where? Are the valves solenoids, open when power applied, or something else? What is the logic involved, between switch and valve?
Would you mind answering these questions so I can ponder it all further, please? If I'm wrong, I'll happily say so.
Anyway, the thing I'm looking at is how the fuel cutoff switch function could have been activated in some other way. To me, it seems obvious that there are wires that run between the engine fuel shutoff valves and the cockpit / flight control panel (no doubt with relays etc in between). I don't know where those shutoff valves are located, but logic says they should be located in the fuselage, not out at the engines. I also don't know how those valves operate - are they solenoid valves or electro-mechanically driven? Nor do I know where the power to activate those valves comes from, but using my logic, if those valves close when powered off, such as solenoid valves typically do, then the power cannot exclusively come from the engine-dedicated generators. If it did, you'd never be able to start the engines so they could supply their own power to hold those valves open. So, there must be some power (appropriately) fed from the main aircraft control bus to activate those valves - if the rest of what I'm assuming is correct. Anyway, like I say, I don't know enough about the details at this point, but there are many more ways to activate or deactivate a circuit than by flicking a switch. Killing the relevant power supply, for example. A screwdriver across some contacts (for example), another. Shorting a wire to Chassis, maybe. Just trying to contribute what I can.
You raise another interesting point: "TCMA notwithstanding". Could you elaborate, please? What will happen if the TCMA system, which apparently also has some degree of engine control, loses power? The problem with interlinked circuits and systems is that sometimes, unexpected things can happen when events that were not considered actually happen. If one module, reporting to another, loses power or fails, sometimes it can "tell" the surviving module something that isn't true... My concern is where does the power to the Fuel Cutoff switches come from? Are there relays or solid-state switches (or what?) between the Panel Switches and the valves? If so, is the valve power derived from a different source, and if so, where? Are the valves solenoids, open when power applied, or something else? What is the logic involved, between switch and valve?
Would you mind answering these questions so I can ponder it all further, please? If I'm wrong, I'll happily say so.
The valves are located in the spar (hence being called 'spar valves'. The fuel tank is immediately above the engine so it is a very short pipe for suction feeding. Tail mount engines are potentially a different story...
What\x92s the usual time frame for the release of preliminary data and report from the FDR and CVR? Is it around 6 months?
I guess if no directives come from Boeing or the FAA in the next 2 weeks, it can be presumed that a systems failure from which recovery was impossible was unlikely.
I guess if no directives come from Boeing or the FAA in the next 2 weeks, it can be presumed that a systems failure from which recovery was impossible was unlikely.
June 15, 2025, 04:00:00 GMT
permalink Post: 11902086
I accept it as a fact.
I believe the valves are almost all bi-stable power-open power-close. When not powered, they remain in the last commanded position.
The valves are located in the spar (hence being called 'spar valves'. The fuel tank is immediately above the engine so it is a very short pipe for suction feeding. Tail mount engines are potentially a different story...
The valves are located in the spar (hence being called 'spar valves'. The fuel tank is immediately above the engine so it is a very short pipe for suction feeding. Tail mount engines are potentially a different story...
June 15, 2025, 04:19:00 GMT
permalink Post: 11902094
Okay! Many thanks for that! Of course, it very much complicates the picture, and I'm very puzzled as to how the Fuel Cutoff Switches and Valves operate. Apparently, the TCAM system shuts off an errant engine on the ground at least, but my concern is not with the software but the hardware. It obviously has an Output going into the Fuel Shutoff system. If the TCAM unit loses power, can that output cause the Cutoff process (powered by the engine-dedicated generator) to be activated? I guess that's the $64 billion question, but if MCAS is any example, then: Probably!
TCMA (not TCAM) - Thrust Control Malfunction Accommodation - is a FADEC based system. It's resident in the engine FADEC (aka EEC) - the ONLY inputs from the aircraft that go into the TCMA is air/ground (to enable) and thrust lever position (to determine if the engine is doing what it's being commanded to do. The FADEC has the ability to shutdown the engine via the N2 overspeed protection system - this is separate from the aircraft run/cutoff signal, although it uses the same HPSOV to effect the shutdown. That same system is used by TCMA to shutoff fuel if it determines the engine is 'running away'.
Hint, you might try going back a few pages and reading where all this has been posted previously.
June 15, 2025, 04:53:00 GMT
permalink Post: 11902102
Ok, thanks for clarifying. Of course, an overload will simply cause the hydraulic pressure relief valves to activate. There will be a moderate increase in motor current when bypassing, but the electrical side should be fully able to cope with that. Should be! I'm suggesting here that there was a fault somewhere in the electrical supplies that effectively derated some part of it, and that maybe the GearUp load was too much for it on this occasion.
It uses a variable displacement pump to maintain 5000PSI constant pressure. The swashplate angle is varied to adjust pump output flow: more devices consuming fluid, more flow to keep the pressure up. If the pumps cannot deliver enough fluid, the swashplate reaches the full flow position and the output pressure decreases until flow consumed equals flow produced. Very much like a constant-current constant-voltage power supply.
Running in that area of maximum flow is 100% expected under some conditions, especially if an engine or EDP fails and the electric demand pump is supplying a whole hydraulic system sized for the larger EDP (although I think this would be less of an issue on the 787 as the L/R systems don't do much, but the same variable-displacement pump design has been around for a LONG time including on the 737).
And again, there's a VFD between the aircraft electrical bus and the pump motor, because the pump is 400Hz and the aircraft is wild-frequency. VFDs are very very good at isolating faults unless you are actually looking at a sustained overload on one of four generators .
Thanks for confirming the 4 gens. So there's probably quite a bit of switching required. Not sure how that's done, but I guess robust contactors are required. And even these can fail. Systems usually cannot tell that a contactor has failed on the open side until it's switched. So, a switchover may have been done, but a failed contact meant the backup generator wasn't connected. Who knows, so many possibilities.
No bus is essential on a modern aircraft.
Boeing treats everything electric as a black box but the A380 has this beautifully overkill drawing - given both have 4x generators, 2x APU generators, and a RAT, it should not be entirely dissimilar levels of redundancy:
Note that the reason for some links having two contactors in series (e.g. BTC5/6 or BTC7) is because this is spread across two separate units, so that a fire and total loss of one leaves ~half the aircraft powered and totally flyable.
Okay! Many thanks for that! Of course, it very much complicates the picture, and I'm very puzzled as to how the Fuel Cutoff Switches and Valves operate. Apparently, the TCAM system shuts off an errant engine on the ground at least, but my concern is not with the software but the hardware. It obviously has an Output going into the Fuel Shutoff system. If the TCAM unit loses power, can that output cause the Cutoff process (powered by the engine-dedicated generator) to be activated? I guess that's the $64 billion question, but if MCAS is any example, then: Probably!
Power-open power-close is very common in commercial/situations where you don't want to be wasting energy 24/7 and don't have a defined position for the valve/damper in case of power loss. Done a bunch of them in ductwork and electrically operated windows - your car likely has them, for example.
Last edited by Someone Somewhere; 15th June 2025 at 05:08 .
June 15, 2025, 08:04:00 GMT
permalink Post: 11902210
My understanding is that the left engine VFSGs are not synchronized in frequency or phase with the right engine VFSGs. Cross-connecting them, electrically, could be quite violent from both an electrical and mechanical perspective.
Is it realistically possible that the torque shock from cross-connected VFSGs could damage their associated accessory drive trains to the extent that the associated FADEC alternators would no longer make power? In this situation, there would be a loss of aircraft electrical power due to the BPCU fault, no FADEC alternator power due to damage to the accessory drive train, and, therefore, no engine thrust.
I presume each VFSG has a frangible link to protect the accessory drive train in the event the VFSG seizes up, which ought to make this loss-of-engine-thrust scenario impossible, but presumption is not knowledge, and this is a possible failure chain that doesn't involve stacking up multiple 10e-9 events.
June 15, 2025, 08:58:00 GMT
permalink Post: 11902261
So one thing to keep in mind, the RAT can be deployed manually, but also comes automatically when certain conditions arise, everybody here is assuming it\x92s only on dual engine failure but there are 4 more conditions that trigger the RAT,
- all three hydraulic system pressures are low
- loss of all electrical power to the captain and first officers flight instruments
- loss of all four EMP\x92s (electro motor driven pump) and faults in the flight controls system occur during arrival
- loss of all four EMP\x92s and an engine fails during take off.
This all comes directly from B787 FCOM,
If we assume that what our survivor saw is correct, maybe it was an electrical failure, the aircraft had electrical issues in Delhi during departure and I checked the crash video again, I don\x92t see the strobe lights (neither wing or tail) and also no Anti collision light either. this might also explain the self starting APU on loss of the electrics (engine driven generators). That could also result in a loss of situational awareness with the speed, because of no indication, even the HUD would not work. The mayday call would still be doable because the radios work from the battery.
- all three hydraulic system pressures are low
- loss of all electrical power to the captain and first officers flight instruments
- loss of all four EMP\x92s (electro motor driven pump) and faults in the flight controls system occur during arrival
- loss of all four EMP\x92s and an engine fails during take off.
This all comes directly from B787 FCOM,
If we assume that what our survivor saw is correct, maybe it was an electrical failure, the aircraft had electrical issues in Delhi during departure and I checked the crash video again, I don\x92t see the strobe lights (neither wing or tail) and also no Anti collision light either. this might also explain the self starting APU on loss of the electrics (engine driven generators). That could also result in a loss of situational awareness with the speed, because of no indication, even the HUD would not work. The mayday call would still be doable because the radios work from the battery.
June 15, 2025, 09:59:00 GMT
permalink Post: 11902310
In less than a month we'll have a preliminary report.
Last edited by T28B; 15th June 2025 at 13:00 . Reason: brackets completed
June 15, 2025, 10:12:00 GMT
permalink Post: 11902322
This is probably a very stupid question, but what would happen if a BPCU fault (or other cause) led to VFSGs on opposite sides of the aircraft being connected to the same 230 VAC bus?
My understanding is that the left engine VFSGs are not synchronized in frequency or phase with the right engine VFSGs. Cross-connecting them, electrically, could be quite violent from both an electrical and mechanical perspective.
Is it realistically possible that the torque shock from cross-connected VFSGs could damage their associated accessory drive trains to the extent that the associated FADEC alternators would no longer make power? In this situation, there would be a loss of aircraft electrical power due to the BPCU fault, no FADEC alternator power due to damage to the accessory drive train, and, therefore, no engine thrust.
I presume each VFSG has a frangible link to protect the accessory drive train in the event the VFSG seizes up, which ought to make this loss-of-engine-thrust scenario impossible, but presumption is not knowledge, and this is a possible failure chain that doesn't involve stacking up multiple 10e-9 events.
My understanding is that the left engine VFSGs are not synchronized in frequency or phase with the right engine VFSGs. Cross-connecting them, electrically, could be quite violent from both an electrical and mechanical perspective.
Is it realistically possible that the torque shock from cross-connected VFSGs could damage their associated accessory drive trains to the extent that the associated FADEC alternators would no longer make power? In this situation, there would be a loss of aircraft electrical power due to the BPCU fault, no FADEC alternator power due to damage to the accessory drive train, and, therefore, no engine thrust.
I presume each VFSG has a frangible link to protect the accessory drive train in the event the VFSG seizes up, which ought to make this loss-of-engine-thrust scenario impossible, but presumption is not knowledge, and this is a possible failure chain that doesn't involve stacking up multiple 10e-9 events.
In fact, I have inadvertently "done" such a thing - all I did was switch the generator room light from one genset to the other. But whoever installed that cheap and nasty two way light changeover switch didn't realise that it sometimes did a make-before-break transfer. There was a BANG and everything instantly went dark. Every single circuit breaker on the switchboard tripped. To this day, I still don't understand why all the Load Circuit Breakers tripped as well as the generator output breakers, and no one has really supplied a clear answer. Of course, any inductive loads connected at the time would cause that, but simple incandescent light circuits? Would a couple of hundred meters of underground power cable have enough inductance to cause a breaker trip?
Anyway, Yes, the results were very dramatic, and these were only a pair of 10-15kVA Single Phase 230V gensets. If this happened on that plane with 225KVA(?) generators at a couple of hundred feet in the air, I'd imagine they had no chance of recovery. Could it happen? If something had been wired up incorrectly in the transfer circuits, I'd say Yes. When a fault-related transfer occurred.
Still doesn't explain what could have stopped the engines, but sheared shafts would have done it, as you say. That would be pretty strong evidence.
Now, if it's true that this plane had been scavenged for parts at some stage, all the couldn't happens probably evaporate. I'd guess...
June 15, 2025, 10:43:00 GMT
permalink Post: 11902342
This is probably a very stupid question, but what would happen if a BPCU fault (or other cause) led to VFSGs on opposite sides of the aircraft being connected to the same 230 VAC bus?
My understanding is that the left engine VFSGs are not synchronized in frequency or phase with the right engine VFSGs. Cross-connecting them, electrically, could be quite violent from both an electrical and mechanical perspective.
Is it realistically possible that the torque shock from cross-connected VFSGs could damage their associated accessory drive trains to the extent that the associated FADEC alternators would no longer make power? In this situation, there would be a loss of aircraft electrical power due to the BPCU fault, no FADEC alternator power due to damage to the accessory drive train, and, therefore, no engine thrust.
I presume each VFSG has a frangible link to protect the accessory drive train in the event the VFSG seizes up, which ought to make this loss-of-engine-thrust scenario impossible, but presumption is not knowledge, and this is a possible failure chain that doesn't involve stacking up multiple 10e-9 events.
My understanding is that the left engine VFSGs are not synchronized in frequency or phase with the right engine VFSGs. Cross-connecting them, electrically, could be quite violent from both an electrical and mechanical perspective.
Is it realistically possible that the torque shock from cross-connected VFSGs could damage their associated accessory drive trains to the extent that the associated FADEC alternators would no longer make power? In this situation, there would be a loss of aircraft electrical power due to the BPCU fault, no FADEC alternator power due to damage to the accessory drive train, and, therefore, no engine thrust.
I presume each VFSG has a frangible link to protect the accessory drive train in the event the VFSG seizes up, which ought to make this loss-of-engine-thrust scenario impossible, but presumption is not knowledge, and this is a possible failure chain that doesn't involve stacking up multiple 10e-9 events.
In fact, I have inadvertently "done" such a thing - all I did was switch the generator room light from one genset to the other. But whoever installed that cheap and nasty two way light changeover switch didn't realise that it sometimes did a make-before-break transfer. There was a BANG and everything instantly went dark. Every single circuit breaker on the switchboard tripped. To this day, I still don't understand why all the Load Circuit Breakers tripped as well as the generator output breakers, and no one has really supplied a clear answer. Of course, any inductive loads connected at the time would cause that, but simple incandescent light circuits? Would a couple of hundred meters of underground power cable have enough inductance to cause a breaker trip?
Anyway, Yes, the results were very dramatic, and these were only a pair of 10-15kVA Single Phase 230V gensets. If this happened on that plane with 225KVA(?) generators at a couple of hundred feet in the air, I'd imagine they had no chance of recovery. Could it happen? If something had been wired up incorrectly in the transfer circuits, I'd say Yes. When a fault-related transfer occurred.
Still doesn't explain what could have stopped the engines, but sheared shafts would have done it, as you say. That would be pretty strong evidence.
Now, if it's true that this plane had been scavenged for parts at some stage, all the couldn't happens probably evaporate. I'd guess...
I expect the VFSG shafts would be designed to fuse/slip long before the main radial shaft feeding the gearbox, as noted.
But if it occurred, it would knock out not just your FADEC alternator but also the high pressure fuel pumps. Engine would stop dead near instantly.
It would partly be a question of how much interlocking is present. I guess bypassing/mis-adjusting mechanical interlocks is something poor maintenance could & would do.
June 15, 2025, 10:58:00 GMT
permalink Post: 11902355
This is probably a very stupid question, but what would happen if a BPCU fault (or other cause) led to VFSGs on opposite sides of the aircraft being connected to the same 230 VAC bus?
My understanding is that the left engine VFSGs are not synchronized in frequency or phase with the right engine VFSGs. Cross-connecting them, electrically, could be quite violent from both an electrical and mechanical perspective.
Is it realistically possible that the torque shock from cross-connected VFSGs could damage their associated accessory drive trains to the extent that the associated FADEC alternators would no longer make power? In this situation, there would be a loss of aircraft electrical power due to the BPCU fault, no FADEC alternator power due to damage to the accessory drive train, and, therefore, no engine thrust.
I presume each VFSG has a frangible link to protect the accessory drive train in the event the VFSG seizes up, which ought to make this loss-of-engine-thrust scenario impossible, but presumption is not knowledge, and this is a possible failure chain that doesn't involve stacking up multiple 10e-9 events.
My understanding is that the left engine VFSGs are not synchronized in frequency or phase with the right engine VFSGs. Cross-connecting them, electrically, could be quite violent from both an electrical and mechanical perspective.
Is it realistically possible that the torque shock from cross-connected VFSGs could damage their associated accessory drive trains to the extent that the associated FADEC alternators would no longer make power? In this situation, there would be a loss of aircraft electrical power due to the BPCU fault, no FADEC alternator power due to damage to the accessory drive train, and, therefore, no engine thrust.
I presume each VFSG has a frangible link to protect the accessory drive train in the event the VFSG seizes up, which ought to make this loss-of-engine-thrust scenario impossible, but presumption is not knowledge, and this is a possible failure chain that doesn't involve stacking up multiple 10e-9 events.
June 15, 2025, 11:24:00 GMT
permalink Post: 11902378
I wonder if the APU and its 2 x 225 Kva generators was serviceable…….
June 15, 2025, 11:54:00 GMT
permalink Post: 11902404
It could do it, assuming fuses/contactors didn't vapourise first.
I expect the VFSG shafts would be designed to fuse/slip long before the main radial shaft feeding the gearbox, as noted.
But if it occurred, it would knock out not just your FADEC alternator but also the high pressure fuel pumps. Engine would stop dead near instantly.
It would partly be a question of how much interlocking is present. I guess bypassing/mis-adjusting mechanical interlocks is something poor maintenance could & would do.
I expect the VFSG shafts would be designed to fuse/slip long before the main radial shaft feeding the gearbox, as noted.
But if it occurred, it would knock out not just your FADEC alternator but also the high pressure fuel pumps. Engine would stop dead near instantly.
It would partly be a question of how much interlocking is present. I guess bypassing/mis-adjusting mechanical interlocks is something poor maintenance could & would do.
Online/running generators connected together by accident/fault will cause a HUGE load on everything, electric connections, generator itself and the shafts and gears driving the generators. Heck, I wouldnt be surprised if the generator could disintegrate due to such an electromagnetic shock load.
So, the question is if there is something between the generators that could limit the electric current. A VFD possibly would as the VFD maybe would not be able to pass the current required for shearing the drive shaft for example. But then again, electronic switches like IGBT/MOSFET and such are able to pass an incredibly large over current for some milliseconds before exploding. Possibly 50 to 100 times the nominal current. So I am not sure if a VFD really would save the rest of the system in a situation with two generators connected together in error.
So, where is the VFD part installed, directly on each generator or somewhere else in the system? Are there physical interlocks on the contactors or only electric interlocks?
June 15, 2025, 12:59:00 GMT
permalink Post: 11902444
No system would be designed to parallel two frequency wild generators. The output from each would be rectified to dc and conditioned before application to the load, but could be paralleled at dc level if required for redundancy. These are quarter megawatt generators, where an out of phase connection could shear drive shafts, destroy the drive train, or worse.
June 15, 2025, 13:24:00 GMT
permalink Post: 11902470
Maybe a dumb question - A DA-42 went in with double engine failure when the gear was retracted, the additional load of the gear pump was enough to drop the bus voltages low enough to shut down both FADECs. They took off with a very low battery and no one had tested this scenario previously. Obviously a very different airplane, but still raising the gear probably is a significant load and may have caused an electrical problem to get worse.
* or Boeing thought of that, DA-42s got rewired and won't do that now.
* or Boeing thought of that, DA-42s got rewired and won't do that now.
June 15, 2025, 13:43:00 GMT
permalink Post: 11902481
Sorry I am not a pilot but I did spend three years filming a TV series at Boeing for pBS/Channel 4 about the design and construction of the 777, and my response is not a technical one anyway. Do airfields have high definition video coverage of all takeoffs and landings? If so, they should be public domain and there would not be hundreds of posts about grainy over-magnified smartphone footage. If they don't, a 6-cam setup on each runway (3 either side of runway, one back, one across and one forward) could record continuously to hard disk or cloud. If airfields don't have this, shouldn't it be made mandatory?
I have been really wondering what single point of failure could take out both engines simultaneously as seems to be the case here. One single main bus contactor closing in error seems to possibly be such a single point fault.
Online/running generators connected together by accident/fault will cause a HUGE load on everything, electric connections, generator itself and the shafts and gears driving the generators. Heck, I wouldnt be surprised if the generator could disintegrate due to such an electromagnetic shock load.
So, the question is if there is something between the generators that could limit the electric current. A VFD possibly would as the VFD maybe would not be able to pass the current required for shearing the drive shaft for example. But then again, electronic switches like IGBT/MOSFET and such are able to pass an incredibly large over current for some milliseconds before exploding. Possibly 50 to 100 times the nominal current. So I am not sure if a VFD really would save the rest of the system in a situation with two generators connected together in error.
So, where is the VFD part installed, directly on each generator or somewhere else in the system? Are there physical interlocks on the contactors or only electric interlocks?
Online/running generators connected together by accident/fault will cause a HUGE load on everything, electric connections, generator itself and the shafts and gears driving the generators. Heck, I wouldnt be surprised if the generator could disintegrate due to such an electromagnetic shock load.
So, the question is if there is something between the generators that could limit the electric current. A VFD possibly would as the VFD maybe would not be able to pass the current required for shearing the drive shaft for example. But then again, electronic switches like IGBT/MOSFET and such are able to pass an incredibly large over current for some milliseconds before exploding. Possibly 50 to 100 times the nominal current. So I am not sure if a VFD really would save the rest of the system in a situation with two generators connected together in error.
So, where is the VFD part installed, directly on each generator or somewhere else in the system? Are there physical interlocks on the contactors or only electric interlocks?
VFDs are for frequency conversion to drive the motors (CAC/pumps/engine start). They won't be carrying the full generator load for galleys and anti-ice; that will be handled by cross-ties, which is a big black box on the 787.
Fast fuses can be faster acting than circuit breakers, but are one-shot. I'm not sure how fast-acting and effective the generator contactors/controllers are; conventional ACBs/MCCBs will blow open magnetically under sufficient fault current regardless of what the trip unit or close coil commands.
I wouldn't really expect electrical reconfiguration to happen on climbout, and I wouldn't expect it to be the first time this contactor gets used since maintenance - everything should get a good workout during sequential APU/engine starts.
No system would be designed to parallel two frequency wild generators. The output from each would be rectified to dc and conditioned before application to the load, but could be paralleled at dc level if required for redundancy. These are quarter megawatt generators, where an out of phase connection could shear drive shafts, destroy the drive train, or worse.
In a very simple main-tie-main arrangement you can close any two of three breakers and still keep the sources separate. It gets much more complicated when you have ten different sources.
I suspect the 'large motor power centre' might parallel the rectified output of some generators.
I no longer believe in the no flaps / flaps raised early theory.
I think this was a major electrical failure most likely due to the engines quitting.
The 787 is far more heavily dependent on electrical power to run it's systems than previous Boeing planes.
It requires about 1.5 megawatts of power according to Wiki. 5X more than previous designs.
Things that were done by engine driven pumps/compressors and engine bleed air are all done electrically on the 787.
Flight controls that were moved hydraulically or pneumatically are moved by electric actuators. Etc.
I think this was a major electrical failure most likely due to the engines quitting.
The 787 is far more heavily dependent on electrical power to run it's systems than previous Boeing planes.
It requires about 1.5 megawatts of power according to Wiki. 5X more than previous designs.
Things that were done by engine driven pumps/compressors and engine bleed air are all done electrically on the 787.
Flight controls that were moved hydraulically or pneumatically are moved by electric actuators. Etc.
1.5MW is the figure for all six generators; only four can be used at once.
There's no indication they had any flight control issues.
Seems to be funny that no-one has mentioned the Battery, which because of its age could have failed either Short-circuit or Open-circuit.
Maybe some Boeing Electro Techs, could explain what role the battery has in this circumstance.
The simultaneous failure of both engines points towards an electrical problem, unless the high temperature had adversely affected the fuel flow.
Maybe some Boeing Electro Techs, could explain what role the battery has in this circumstance.
The simultaneous failure of both engines points towards an electrical problem, unless the high temperature had adversely affected the fuel flow.