1、Lessons Learned Entry: 0626Lesson Info:a71 Lesson Number: 0626a71 Lesson Date: 1999-06-21a71 Submitting Organization: JPLa71 Submitted by: A. AcordSubject: Inadvertent Powering of the Deep Space 2 Mars Microprobe (1998) Abstract: During final assembly of the Deep Space 2 (DS2) Mars Microprobes, each
2、 of the two flight probes was inadvertently powered. The design of the mechanical switches was found to permit inadvertent ground paths during assembly, which could cause loss of mission due to undetected battery depletion prior to launch. System design must address hardware performance during assem
3、bly and test as well as during flight. Safing devices should be operational throughout assembly and test operations. Design analyses such as FMEA, SCA, and FTA must examine the electrical implications of mechanical/packaging design decisions.Description of Driving Event: During final assembly of the
4、 Deep Space 2 (DS2) Mars Microprobes, each of the two flight probes was inadvertently powered.Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-refer to D descriptionD When Mars 98 lander reaches Mars and the DS2 probes are released from the lander cru
5、ise ring, a MOSFET electronic switch will apply battery power to each probe. This switch, whose design heritage is unclear, is to be operated only once during the mission. Two mechanical switches are used to provide hold-off bias voltage to prevent the electronic switch from turning on until the pro
6、bes are released. Both mechanical switches must be activated to power the probes, which then remain powered unless all system power is lost. Although a safing plug keeps the electronic switch biased to the off condition during early phases of assembly, the design required its removal well before the
7、 completion of electrical assembly.The overall system implementation included the following deficiencies and vulnerabilities that were not well understood and were not adequately accounted for in the system design, the Failure Modes and Effects Criticality Analysis (FMECA), and assembly planning:1.
8、The electronic switch design permitted the probes to be powered if any of the wires connected to the mechanical switches were even partially connected to ground. An estimated resistance to ground of 1.5 megohm or less is sufficient to turn on the switch. The anomaly investigation determined that eve
9、n the body resistance of the assemblers connecting the wires was sufficient to cause this very sensitive electronic switch to turn on.Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-2. 3. The design of the mechanical switches allowed an unintentional
10、 ground path to the probe aeroshell. This would inadvertently power the probes during assembly, causing loss of the DS2 mission due to an undetected battery depletion prior to launch.4. 5. The design did not permit the safing plug to remain installed throughout electrical assembly.6. 7. The electron
11、ic switch circuit design required external power while the batteries were being connected.Following completion of the anomaly investigation, design changes were made to electrically isolate the mechanical switches and retain the safing plug in place during electrical installation of these switches.
12、Procedures were changed to require extreme care to avoid stray resistances due to handling following removal of the safing plug.Additional Keyword(s): Power Switch, Design for Testability, Design for Manufacturability, Inherited Design, Sneak Circuit Analysis (SCA), System Integration and Test, Hard
13、ware Fabrication and Test, Hardware Safety, System DevelopmentReference(s): JPL Problem/Failure Report (PFR) No. Z48923, November 8, 1998.Lesson(s) Learned: 1. Design analyses should include (a) Failure Modes and Effects Criticality Analysis (FMECA) and sneak circuit evaluation for potential electri
14、cal issues, and (b) Fault Tree Analysis (FTA) for potential mechanical issues. These analyses must be conducted in an integrated manner at the system level to ensure that the electrical implications of mechanical/packaging design decisions are understood.2. System design planning and processes must
15、address hardware performance during assembly and test as well as during flight (the DS2 electronic switch design was almost impossible to assemble without an anomaly).3. Where the use of safing devices is required, the system design and assembly/test procedures must accommodate their use throughout
16、assembly and test operations.Recommendation(s): See lesson(s) learned.Evidence of Recurrence Control Effectiveness: Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-N/ADocuments Related to Lesson: N/AMission Directorate(s): N/AAdditional Key Phrase(s)
17、: a71 Flight Equipmenta71 Ground Operationsa71 Hardwarea71 Parts Materials & Processesa71 Safety & Mission Assurancea71 Spacecrafta71 Test & VerificationAdditional Info: Approval Info: a71 Approval Date: 1999-07-30a71 Approval Name: Carol Dumaina71 Approval Organization: 125-204a71 Approval Phone Number: 818-354-8242Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
