Azure Device Update loses connection when using Azure Identity Service and EST Server

Question

Background: I am using the Azure Device Update Agent on a Linux device to connect to Azure Device Update. The Device Update Agent utilizes Azure Identity Service (AIS) for credentials to authenticate to IoT Hub. Azure Identity Service is configured to use an EST Server to rotate it's certificates. The device identity authentication method is self-signed x509 certificates. The device update agent uses a module identity with symmetric keys - I have not altered the default behavior of the ADU agent interaction with AIS, I have only configured AIS to use x509 certificates and an EST Server.

Question: When the certificate is rotated by AIS, the device update agent loses it's connection to ADU. What is the advised way to refresh the ADU connection after certificate rotation? I can manually restart the device update agent service. Is restarting the advised method?

Thanks in advance for any assistance.

Answer 1

Hi @Abby Greentree apologies for the delayed update on this. I have feedback on this from the team.

Generally, it is recommended to restart the agent any time the connection information is altered, or certificates get rotated.

A new version of Device Update Agent 1.0.1 is also released yesterday. Starting from version 1.0.1, the DU Agent will automatically re-authenticate when the SAS token has expired or invalid. Here is the link to the updates on the new version IoT Hub Device Update Agent 1.0.1 I appreciate it if you can test the Device update with the latest release and let us know if you run into any issues.

Hope this answers your question. Please let us know if you need further clarification on this.

---

• Kindly mark the answer as useful if the response is helpful so that it would benefit other community members facing the same issue. 
• Original posters help the community find answers faster by identifying the correct answer. Here is how 
• I highly appreciate your contribution to the community.