In an unfortunate confluence of events, the FAA has just issued an ironic NPRM. Diamond Aircraft Industries GmbH Model DA 42 airplanes have wing stub safety walkways with a drag equivalent to sandpaper grit 40, that adversely affects the aircraft’s single-engine climb performance. The irony is attached to the other reason why that same airplane is in the news. Apparently if you have a flat battery in a DA42 Twinstar, you should only use external power to start one engine, remove the external power unit and wait until the other engine can be started internally. If you start both engines off external power, the lack of battery charge will cause the engine control units (ECU) to shut both engines down after takeoff, autofeather and cause you to land gear up -as happened in March. The incident, in Speyer, south-west Germany, is being investigated by Germany’s BFU. The pilot of D-GOAL had a flat battery and started both engines using an external power unit. Unfortunately, both TAE Centurion 1.7 diesel engines died upon gear retraction after takeoff. There were no injuries.
Diamond has advised DA42 operators of this annoying quirk and the Pilot Operating Handbook (POH) has been amended. However, all that had been originally spelled out was a procedure with no cautions about why. Adding bland documentation procedures is not a human factors solution; it’s a recipe for more accidents. The underlying principle is that no major system should rely upon another major system. They should be stand alone – most certainly the engines. The single, flat-battery issue had been a cause of failure on some of the earlier Thielert diesel conversions. What it comes down to in the DA42 is that both alternators together are not strong enough to provide the current required to retract the gear. So when you retract the gear, the battery chips in and gets recharged later unless the battery is flat, in which case the voltage suddenly sags too low for the digital engine control units to keep on running. Remember that, although items like starter motors, gear motors and such draw a lot of current, they only run for a few seconds allowing you to use the battery as a buffer unless it’s flat. The lesson is that if your gear retracts electrically (and not hydraulically) or if you have other transient loads that are too much for your alternators alone, don’t take off with a near-flat battery.
On the single-engine, fixed gear DA-40 there is a testable ECU backup battery which gets switched to automatically if the engine master is on, and suddenly no current from either the main battery or the alternators is getting to the ECU. This ECU backup battery is on charge and protected by a reverse current diode and relays in such a way that only ECU B can use it, and only if there is no voltage on the ECU bus. Therefore you cannot run this backup battery down. Switch to the alternate ECU B on a DA-40 TDI, while the engine is running, the ECU alternate power relay flops rapidly and the diesel continues running. Apparently the DA42’s dual ECU’s don’t sport a similar system. But if you switch off the DA40’s Electric Master while the engine is running at idle (on the ground) the engine may stop, despite the fact that it should continue running on the ECU B Backup Battery. The switch to ECU B does happen as designed, however the DA40’s Thielert diesel is a high-compression engine and at idle power only runs at 890 RPM. At this low rotation speed it’s always been assumed that there is insufficient impulse-moment to maintain rotation while ECU B is taking over so the engine halts. Apparently, the engine needs 1300 RPM to maintain its momentum throughout the process of ECU B taking over. If you switch on the Electric Master again while the engine is running at idle, the reboot of ECU A plus its takeover from ECU B takes even more time. Experiments showed that at least 1300 RPM was required for a smooth takeover. However, on the DA40 merely switching to ECU B then back to AUTO with the power at idle is part of the pre-takeoff check. It evidently all depends upon how the electrics are switched and how quickly relays operate. There may be a capacitor hiding in the DA40’s (but not the DA42’s) ECU switching system (that can soak up any transients). That solution only works reliably for the DA40 because the backup battery is there – and the gear is fixed. Although the DA42 has dual alternators and dual buses, it’s unclear how independent the two buses actually are, since they’re connected through a battery isolation relay.
Of course you could also get a single engine failure on takeoff in a DA42 Twin – in a marginal electrical power fade situation, i.e. one ECU might reset but not the other one. FADEC systems usually fail to a fixed power. A FADEC failure that shuts down a serviceable engine in flight sounds like an appalling design. However the Thielert engine simply cannot run without a FADEC. It’s surprising that ECU’s don’t have independent power supplies. It seems a bit of a retrograde step from a reciprocating engine’s magnetos which are self-powering. So the certification question arises as to why the power supply is not sufficiently robust and reliable to ensure power to at least one FADEC of each engine’s twin- set in case of a near-flat battery combined with a transient load that exceeds the power output rating of the two alternators. The alternators are 28V DC 60 Amp, and should be enough. In normal flight the load is about 10 amps each side. Cycling the gear increases it to about 28 amps each, therefore the gear motor draws 36 amps. The bus voltage drops from 28.5V to about 28.3V upon moving the gear lever. Why wouldn’t plugging in a GPU for start-up recharge the battery? The GPU plug is wired to bypass the battery and the pilot in question didn’t allow enough time for the alternators to charge up the battery, even with both engines running.
In fact an ECU backup battery is the solution now proposed, although Thielert (TAE) doesn’t seem enthusiastic. EASA said the two firms should work out a service bulletin or it will issue a directive. The argument then becomes whether it is aircraft or engine manufacturer’s responsibility to pay.
If undercarriage retraction via electric motors places a load on the electrical supply from the engine-driven alternators that causes a temporary voltage drop that cannot be covered by a flat battery, then the engine control unit has been shown to be intolerant of transitory electrical fluctuations. The DA42’s ECU should have been able to accept a 50 millisecond transient, but in the Speyer accident it started its reset after 1.7 milliseconds. During the engine control units’ reset, the propeller systems sensed the power loss and auto-feathered. It would therefore seem to be a TAE responsibility, an expensive proposition. Looking back on the aircraft certification process, it seems to be a glaring oversight. Even if the procedure to start the second engine on ship power is followed, this would probably not prevent a FADEC shutdown during gear operation in other cases (e.g. single engine go-around with a weak battery or high current draw on the gear motor due to a mechanical gear fault – this has resulted in complete loss of electrics on other recip- powered light aircraft in the past). It’s believed that when the battery goes flat the gear extends by default, resulting in no engines and massive drag. In fact the gear does not automatically drop down with an electrical failure; it sags over time as the electric hydraulic pump can’t keep the pressure @ 1600psi.
Consider another scenario, of dual alternator failure in flight; if you shut down half the G1000 avionics system and all the exterior lights, you would only have approximately 45 minutes to find an airport since the ECU’s need that battery power to run the engines. In sight of the airport, perhaps it would not be wise to lower the gear using the normal system in favor of the emergency gear extension (free fall). Considering the Speyer case, that could apparently lead to instantaneous dual engine shut down and prop-feathering. Even though the gear extension would be gravity-assisted, the voltage drop is associated with kicking the electro-hydraulic pump into action.
For GA airplanes it’s always wise to design for “dumb and dumber”. If I were to find out that, after starting the first engine and disconnecting the GPU, the second engine wouldn’t start, in ignorance I would naturally hook up the GPU again and start #2. This is where the POH should be clearer and more precise. The glow plug (remember, it’s a diesel) takes approximately 35 amps for 20 sec. The starter motor takes another 30 amps, so the battery needs to be sufficiently charged before you attempt to start #2. The POH indicates “you may need to run the first engine for 5-10 min to charge the battery”. DA-42 idle is set at 900 rpm and the alternators are charging at this setting. However if the battery master has been left on overnight, and a fully flat battery is being charged conventionally, you would need hours for it to be voltage-stable under load. Probably the best solution for a completely flat battery, is to replace with a new one or remove and completely bench-charge. Both time-consuming measures,.
Www.aeroelectric.com has battery husbandry advice such as charging a flat battery for four to six hours before relying on it to be voltage stable under load. This does not change no matter what rating the alternators!
The problem with even an almost-idiot-proof standard operating procedure is that there is always an SOP-proof idiot out there somewhere.