I am using the Azure IoT SDK for C to try and provision a device on my hub on the Azure IoT Portal.
I have followed the instructions in order to generate signed certificates and add them to the portal as stated here https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md
and also here in this tutorial https://kevinsaye.wordpress.com/2020/04/14/using-a-real-certificate-with-the-azure-iot-client-c-sdk-and-the-provisioning-service/ .
When I run the sample code prov_dev_client_ll_sample.c with all my changes, I am continuously getting the below authorization error. I have built and run code this for an X86-64 chip running Debian, and also cross-compiled for an ARM chip, both yielding the same error.
On the Azure Portal, I have tried to create an enrollment group associating the certificates, and also tried to create an individual enrollment, explicitly adding the certificates. Nothing works. People have suggested that my clock might be out of date. However, it looks fine when I run date .
Any help would be greatly appreciated. I am more than two days trying to solve this issue now.
Running provisioning appplication..
Provisioning API Version : 1.3.8
Iothub API Version: 1.3.8
Device Certificate Name File: Device_identity.txt
Device Certificate PEM File : Device_cert.pem
Device Private Key PEM File : Device_key.pem
Error: Time:Fri Jun 19 12:02:42 2020 File:/home/azure-iot-sdk-
c/provisioning_client/src/prov_transport_mqtt_common.c Func:mqtt_operation_complete_callback Line:208
Connection Not Accepted: 0x5: Not Authorized
Error: Time:Fri Jun 19 12:02:42 2020 File:/home/azure-iot-sdk-
c/provisioning_client/src/prov_transport_mqtt_common.c Func:mqtt_error_callback Line:139 MQTT
communication error
Error: Time:Fri Jun 19 12:02:42 2020 File:/home/azure-iot-sdk-
c/provisioning_client/src/prov_device_ll_client.c Func:on_transport_registration_data Line:771
Failure
retrieving data from the provisioning service
Failure encountered on registration PROV_DEVICE_RESULT_DEV_AUTH_ERROR
registration failed!
Press any enter to continue:
There are two distinct scenarios for using an X.509 cert to connect a device to an Azure IoT hub:
Register and connect the device directly with your IoT hub
Use the Device Provisioning Service to assign and register your device to an IoT hub so that it can connect.
This sample shows you how to connect a device directly to IoT Hub without using DPS: https://github.com/Azure/azure-iot-sdk-c/tree/master/iothub_client/samples/iothub_ll_client_x509_sample. The sample assumes you're using the scripts described in https://github.com/Azure/azure-iot-sdk-c/blob/master/tools/CACertificates/CACertificateOverview.md to generate your keys and certs. For more information, see: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-x509ca-overview.
This sample (the one you're trying to run) shows you how to use DPS to register your device with IoT Hub: https://github.com/Azure/azure-iot-sdk-c/tree/master/provisioning_client/samples/prov_dev_client_sample. The sample uses a simulated Hardware Security Module (HSM) to generate the keys and certs (not the scripts). For more information about how to run this sample, see https://learn.microsoft.com/azure/iot-dps/quick-create-simulated-device-x509.
Related
Hello I'm trying to run the MT3620 AzureIot sample to send data from my azure sphere MT3620 (Mini-devboard) to my Azure Iot Central.
I followed all the steps of the tutorial: https://github.com/Azure/azure-sphere-samples/tree/master/Samples/AzureIoT#run-the-sample-with-iot-central
But after sending the data I got (in the output window):
IOTHUB_CLIENT_CONNECTION_NO_NETWORK
and I don't get anything on my IotCentral :(
I executed the dev wifi show-status and the device is connected to my mobile hotspot
What does that mean? Thanks!
IoT Hub Authenticated: IOTHUB_CLIENT_CONNECTION_NO_NETWORK
INFO: Message received by IoT Hub. Result is: 1
IoTHubDeviceClient_LL_CreateWithAzureSphereDeviceAuthProvisioning returned 'AZURE_SPHERE_PROV_RESULT_OK'.
Solved, it was a network problem.
I changed network and run ShowIotCentral and got the right connection string to use in allowedConnections
I have a problem about forward historian.
I install volttron_central on PC called A, and then instlal volttron_sub on Raspberry pi.
I entered the command 'vctl auth keypair' on volttron_central, and then I got the serverkey and secretkey.
and I install forward historian on volttron-sub, and running volttron-sub & volttron-central.
but I saw that 'CURVE I : cannot open client INITIATE vouch' on VOLTTRON_Central terminal.
I want to install forward historian on volttron-sub and send device(Philips-Hue) information to volttron-central machine.
Do you know how to solve this problem?
Thank you.
Sure...
Login to PC called A. From a volttron enabled console volttron-ctl auth serverkey. This will give you the serverkey that you will use in any remote connection to PC called A.
Login to volttron_sub and get the publickey from the forwarder and voltron central platform agents by running vctl auth publickey
`
(Back on PC called A) add the credentials from the forwarder and volttron central platform using vctl auth add --credential <publickey> for each agent.
NOTE: These instructions are assuming you are using releases 5.0 rc branch.
I am trying to understand the specific connection and error states of the Azure IoT C SDK.
I can register with IoTHubClient_SetConnectionStatusCallback for the callback in order to receive the IOTHUB_CLIENT_CONNECTION_STATUS and the IOTHUB_CLIENT_CONNECTION_STATUS_REASON.
The value for the first one are IOTHUB_CLIENT_CONNECTION_AUTHENTICATED and IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED, which I assume simply means "connected" and "not connected". The reason is more interesting however:
IOTHUB_CLIENT_CONNECTION_EXPIRED_SAS_TOKEN
IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED
IOTHUB_CLIENT_CONNECTION_BAD_CREDENTIAL
IOTHUB_CLIENT_CONNECTION_RETRY_EXPIRED
IOTHUB_CLIENT_CONNECTION_NO_NETWORK
IOTHUB_CLIENT_CONNECTION_COMMUNICATION_ERROR
IOTHUB_CLIENT_CONNECTION_OK
So my first question is: What are the semantics for the respective reasons? When do they occur? What does the communication error entail? The error is so generic it could simply mean "any error we didn't want to specify explicitely".
My second question goes beyond that. I am trying to use X.509 certificates. However, due to certain requirements I may have certificates that are no longer valid or deleted device ids. Can I somehow distinguish those cases by using the available reasons? When I tried to connect with a non-existing Id I simply got IOTHUB_CLIENT_CONNECTION_COMMUNICATION_ERROR. From my point of view, I no longer need to try to connect to the IoT Hub, since my device doesn't exist. But a communication error may be anything at all. The same issue appeared when I tried to connect with an invalid certificate or private key.
Every time I try I simply get the errors:
Error: Time:Thu May 25 12:04:00 2017 File:~/azure-iot-sdk-c/iothub_client/src/iothubtransport_amqp_messenger.c Func:process_state_changes Line:1563 messagesender reported unexpected state 4 while messenger is starting
Error: Time:Thu May 25 12:04:00 2017 File:~/azure-iot-sdk-c/iothub_client/src/iothubtransport_amqp_device.c Func:device_do_work Line:848 Device 'MyDevice' messenger failed to be started (messenger got into error state)
From those information I cannot determine when to connect or reconnect.
thanks for your questions.
The reasons you listed above are triggered by the following conditions:
IOTHUB_CLIENT_CONNECTION_EXPIRED_SAS_TOKEN
The SAS token (provided by the user) expired, and no longer can be used to authenticate a device against the Azure IoT Hub. Solution: provide a new valid SAS token.
IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED
Device could not be authenticated because it is disabled by the user on the Azure IoT Hub (see field State in Device Explorer)
IOTHUB_CLIENT_CONNECTION_BAD_CREDENTIAL
Device key provided by the user was considered invalid based on response from Azure IoT Hub upon attempt to authenticate
IOTHUB_CLIENT_CONNECTION_RETRY_EXPIRED
The Azure IoT Hub Client has a feature called RetryPolicy (which can be set using IotHubClient_SetRetryPolicy). It has a property that limits the maximum time the client can attempt to reconnect when failures occur. If that maximum time is reached, the Connection Status is invoked with status UNAUTHENTICATED and reason RETRY_EXPIRED.
IOTHUB_CLIENT_CONNECTION_NO_NETWORK
IOTHUB_CLIENT_CONNECTION_COMMUNICATION_ERROR
If retry policy is disabled, these error reasons might be provided to indicate there is a network connection issue.
IOTHUB_CLIENT_CONNECTION_OK
Provided with status AUTHENTICATED.
I am working in a raspberry pi 3, raspbian OS, and I am using the azure-iot-sdk-c
I followed the github instructions in here: https://github.com/Azure/azure-iot-sdk-c, I downloaded and correctly built all the samples in the iothub_client/samples folder
The error is, when I put the connection string in the iothub_client_sample_http.c
Here:
static const char* connectionString = "[device connection string]";
and run it, I get many errors like this:
Error: Time:Mon Dec 19 14:23:36 2016
File:/home/pi/Desktop/azure-iot-sdk-c/c-utility/adapters/httpapi_curl.c
Func:HTTPAPI_ExecuteRequest Line:576 Failure in HTTP communication:
server reply code is 401 Info: HTTP
Response:{"Message":"ErrorCode:IotHubUnauthorizedAccess;Unauthorized","ExceptionMessage":"Tracking
ID:13262df6828d469e9b29e2176a86fad3-G:9-TimeStamp:12/19/2016
22:23:37"} Error: Time:Mon Dec 19 14:23:36 2016
File:/home/pi/Desktop/azure-iot-sdk-c/iothub_client/src/iothubtransporthttp.c
Func:DoEvent Line:1626 unexpected HTTP status code (401)
This is my conection structure:
static const char* connectionString = "HostName=<myiothub>;DeviceId=<mydevice>;SharedAccessKey=<myaccesskey>";
Why is it giving me a 401 if I am directly using the strings provided from the azure portal?
I have tried every connection string (hubowner, service & device) and still gives me 401 :C
I generated and used a SAS key as connection string and it all worked fine.
static const char* connectionString ="HostName=<myiothub>;CredentialType=SharedAccessSignature;DeviceId=<mydevice>;SharedAccessSignature=SharedAccessSignature sr=<iothub>&sig=<saskey>&se=<time>&skn=device"
I generated the SAS from a prebuilt version of Device explorer
This worked because, as explained in Control access to IoT Hub:
The only way that IoT Hub authenticates a specific device is using the
device identity symmetric key. In cases when a shared access policy is
used to access device functionality, the solution must consider the
component issuing the security token as a trusted subcomponent.
I'm quite confused :S
scenario:
I m trying to add a certificate to my domain serverName. com.
I create a active directory sercer (DC) with ad.servername. com and cms.servername. com for Alfresco page.
and as far as I know, because it's alfresco bundle, it already has a tomcat with java and a Alfresco certificate configured (expire 2112).
then i generated my own .cer with microsoft certificate services with "servername. com" and imported to my java keystore (alfresco/java/jre/lib/security/cacert) expires 2014
later I decide to try a free trial third-party CA startssl. com and I generated for "servername. com" but they asked me to put an alternative, so I put cms.servername.com and I also imported to my alfresco/java key store (expire 2013)
now, whenever I put https://servername:8443/myApp or https://cms.servername:8443 browser shows using Alfresco certificate. did I mess up with certificates or java or something is just selecting the older expiring date certificate to use?
Hi did you put the right certificates and keys etc. in the right directory?
Like alf_data/keystore and in the tomcat config the 8443 points to the alfresco keys.