Dear all ,

after the pan pan event triggered by the failure of the wurth panel, some cold blood reflections and my solution.

the first consideration, is about what's critical and non critical in a boat. I had put quite some thought while waiting for the repair parts, and concluded that everything that puts a crew in distress is critical. Because crews have very different experience (think about a charter boat , or a crew where the captain/owner is incapacitated) everything that puts at risk a low-to-medium training crew should be considered critical.

The next consideration is the following: like in life , most critical situations are created by two (or more) events happening. that's an important  principle in aviation , where single failures should not compromise the safety of a flight.

the Wurth panel: its design is extremely complex, targeting convenience for non expert crews in normal conditions. Not only one processor controls it, but even the buttons pad constitutes another single point of failure. it has an (unused) nmea interface, complexity that is not used. The logic inside the wurth: one button controls via relays multiple circuits, with individual fuses. One individual  relay breaking down , or an individual  fuse breaking down , would also stop the circuits that are controlled by the same button. For example, a failure of the forward nmea2000 network (controlling the sonar and the windvane for example, so not critical) would put off service the autopilot.

Is the autopilot a critical device? not taken by itself: but when you have another failure (in my case , the manual steering) then it becomes critical in order to save the boat and, maybe, the crew itself (in our case , the Italian coastguard came to rescue the people but not the boat).

There are other single point of failure beyond the wurth: for example , we have a single rudder, and a large number of seacocks (I have a polyurethane plug attached to each seacock).

but my conclusion is that the wurth is an UNNECESSARY single point of failure.

Luckily I had developed a knowledge of the system that goes beyond the provided manuals: without that extra piece of information - exchanged here - it's very difficult just to localise a broken relay, or a broken fuse , or recable the necessary elements to restore the autopilot in FU mode.

and not only critical with respect to the autopilot: one critical concern of the coastguard was the absence of navigation lights at night. they correctly considered this a danger to navigation , especially approaching the harbour , that in their respect implied we had to be escorted. And there is no standard backup solution for the lights...we tried with the dinghy navigation lights...

Where you have a backup: anchor windlass that can be released manually (for those who knows how to do it), and stern door manual pump (required for those willing to use an emergency steering to release the dinghy).

Also, no water on board: my solution on a longer trip would have been either cabling the pump to the batteries, or use the boiler water lower tube , hopefully aspirating the water from the tank.

very difficult to extract water from the tank in the bow cabin otherwise!

one comment on the root cause of the failure: 1 liter of water entering from the side hatch above the wurth cabinet that has a grid just above the wurth.

this is simply a bad design/mistake: I temporarily blocked the opening of the hatch, and I will implement a 3d printed conduct allowing the air to go through, but not water to splash the electronics inside ...

so my solution: I removed the damaged wurth, cut the door to host two bep marine panels (901h and 904mn). these panels offer 24 magnetothermic (MT) mechanical switches , precabled. 

in this design , all the negative wires are collected onto bars - that are far away from the panel itself. the panels therefore have only 12V positives, any short circuit won't have any dramatic effect.

then , the MT switches: they are actuated mechanically , and they don't blow (requiring you to have a bag of fuses...).

this design is obviously more fail safe , and the failure of one channel is easier to repair /correct by simply using another MT, or moving the wire somewhere else. no special knowledge needed , the problem is always localized where it happens.

as you can see in the picture below , I decided not to pool different blocks and keep their control separate: for example , I can keep on the forward nmea2000 network when I am in the harbour (to record winds), and separate circuits for freezer and fridge for example.

i will put in the future thrusters here, and my second tricolor light (it was required by the ARC rules...but the independent lights were controlled by the wurth ...).

it's retroilluminated, and there is double feedback about the state of the MT (physical position and actual power at its output).

The cost was the panels (about 1.2keur, including the MT) and about a day of cabling work...

for your information , I already had tanks monitoring and voltage monitoring on a different czone system: this is also a single point of failure , but I only use it for monitoring (not control) and for non-critical components...btw: it kept working despite the water ingress , because the display and its connectors are well protected from water ingress , differently from the wurth that's completely open and with short distance positive and negative power tracks.

As many things in life: I wish I would have done this earlier, before having had the problem....we keep learning , that's why I share these considerations.

Beautiful.

My criticism of the Wurth panel is well known.    After my first failure (1 month after getting the boat) I demanded and got a spare.    A spare might have helped in this situation but certainly it would have taken a lot of time and not kept mission critical systems functioning. 

I guess I have three questions:

1.   How much did it cost?   I'm considering doing something like this and would like to know if I'm getting over-invested in the boat.     If you don't want to post publicly, then send me a private message.

2.   How long did it take?    Days, weeks, a winter?

3.   Specifically,  how is it more protected that what was there?    How would mission critical systems (autohelm, electronics, etc.) stay functioning in an "event" such as you had.

4.  Do the later HANSE control panels (CZONE, SIMARINE, etc.) have the same single point of failure?   It seems so, but I don't have firsthand knowledge.

1200 Euros and one day of recabling. Reconnecting a spare wurth panel is theoretically possible, but it could take hours! i have no idea how much a wurth panel costs, i simply don't want it anymore!

A wurth panel could easily kill the full 12V of a boat by a single short circuit on the pcb: water or anything else. or simply a component failure: a capacitor, a resistor, the processor...Impossible to irreversibly break a block of Magnetothermic switches dealing only with positives... restoring a wurth was a nightmare, restoring an MT (if it would occur) is a <10 minutes intervention without even schematics... 

As Leon knows, i didn't implement a blue sea panel only because delivery times were 6 weeks...with two BPE panels, i have two channels more (i like it!) and i miss the analog meters (i don't need them anyway, because i have the Czone for monitoring...)

I had a blue sea panel on my prior boat.   I mistakenly assumed that Hanse did similar electrical work and a like breaker panel was present.    Not so...   my bad. 

Thanks for this excellent post. Well done. 

Would it be possible for you to post (or send via messenger) a few photos of the back of your new panel as it's presently wired?

I'm thinking about retiring my Wurth panel and a look behind yours might be really helpful. 

Best,

The problem I see is space for the panels.     Your two panels take up far more space than the Wurth Panel did.   I have a plotter on the diagonal surface that also has my radio and fusion system.   So where to put the panels?

I'll have to find out how many switches I need and then figure out how to put that into the available real estate.   Not easy on my boat.

no problem! the disclaimer is : I am still finishing! unfortunately I think my nep-2 went dead , and I am still waiting to clean up some cables...but you can see the idea : follow the black to see where the negatives are distributed, on the side of the cabinet, and the red (few blue) that are connected to the panel...the only black on the panel is required by the retroillumination and the led showing when the output has power. if you think about it, the switch can be on, but if there is a fault this little led won't show up as lit....it's very simple but it's clearly more robust with respect to the wurth design , where everything needs to be guessed.

not a single cable león...but the day I will clean up the arriving wires, it may be necessary in order to make two clean bundles: every cable could arrive , but indeed there wasn't much slack ...For your information, I also have a positive distribution bar for those switches that have more than one cable. I put it on the flat part of the wooden cabinet just facing the door , difficult to take a picture ...

My understanding is the Wurth panel, aside from being an unnecessary risk factor on our boats, is no longer available from Hanse. So many of us will have this upgrade in our future. 

Would love to see other solutions that might be out there. I'd like to get this panel off my boat in the next year or so. 

(FYI, on the 505 from 2016, there is no vent opening above the panel which would allow water direct access from the window. That said, that window now stays closed at sea).