Azure IoT Middleware for Freertos - Failed to establish MQTT connection, error 0x00000006

afcec 21

Hi, I have a project based on ESP32 and ESP-AZURE that has been working succesfully during the last three years. We are using X.509 certificates (self signed). Now I am facing the challenge of migrating the project from ESP-AZURE to Azure Iot Middleware for Freertos and I took this repo as my reference.

The device certificates are stored in a specific partition but in order to simplify the process at the beginning, I am initially using hardcoded variables as single line strings with the corresponding \n characters. In my original project I store and load the certificate and private key in PEM format but here due to the warning I saw here, I am using those single line strings without the carriage return characters:

const char client_cert[] = "-----BEGIN CERTIFICATE-----\n"

"MIIFmDCCA4CgAwIBAgICAO4wDQYJKoZIhvcNAQELBQAwEDEOMAwGA1UEAwwFb3Zl\n"

"bnMwIBcNMjIxMDEwMDgxODMzWhgPMjA1MjExMjEwODE4MzNaMBsxGTAXBgNVBAMM\n"

"EDEwMDIyMDIxMDAwMDAxNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\n"

"AQDciLWDxuxawrAHfG67osNVjg3csFO4gda4pcDv2FWVrrqZqibC0mZBC+3zCaQC\n"

etc

I was able to make a good progress but I am now receiving an error in the call to 'AzureIoTHubClient_Connect', this is the log:

MQTT: Connection refused: not authorized.

MQTT: CONNACK recv failed with status = MQTTServerRefused.

MQTT: MQTT connection failed with status = MQTTServerRefused.

AZ IOT: Failed to establish MQTT connection: Server=XXXX.azure-devices.net, MQTT error=0x00000006

All the calls to previous functions complete successfully so I guess the certificate is correct after being used to connect with the DPS:

DPS:

prvConnectToServerWithBackoffRetries --> OK

AzureIoTProvisioningClient_Init --> OK

AzureIoTProvisioningClient_Register --> OK

AzureIoTProvisioningClient_GetDeviceAndHub --> OK

IoT Hub:

prvConnectToServerWithBackoffRetries --> OK

AzureIoTHubClient_OptionsInit --> OK

AzureIoTHubClient_Init --> OK

But it fails in the call to AzureIoTHubClient_Connect with the previous log messages. AzureIoTResult_t value is 1.

Can you please help me?

QuantumCache 20,271 Reputation points

2023-01-19T10:40:57.38+00:00

Hello @afcec,

Could you please add info on the steps used for migrating the project from ESP-AZURE to Azure Iot Middleware for Freertos?

Did you try other alternatives to get MCU-based devices connected to Azure. See Other Azure IoT SDKs? We are checking with our SME meanwhile on this issue...
afcec 21 Reputation points

2023-01-19T10:41:13.2333333+00:00

Just FYI, if I load the certificates from the corresponding partition in the flash memory, stored in PEM format with the \r characters included, I am not able to connect to the DPS, so once again I understand that the variables containing the device certificate and private key are correct
afcec 21 Reputation points

2023-01-19T11:49:20.94+00:00

Hello, I have not tried any other alternatives apart from Azure IoT Middleware for Freertos as I considered it the best approach for our application.

With respect to the migration, it was indeed quite simple because all the core functionalities (DPS registration, IoT Hub connection, telemetry update, direct methods) had been included in our previous project following a similar structure to the one implemented in the samples for Azure Iot Middleware for Freertos. Therefore I "just" needed to replace the calls to the different functions while obviously creating/modifiying the required variables.

Therefore I face this process as a nested procedure: 1. DPS registration, 2. IoT Hub connection 3. Bidirectional communication with the hub (telemetry, desired properties and direct methods). According to the tests done so far, the problem comes calling AzureIoTHubClient_Connect but, as far as I understand, in case there was any kind of issue with the certificate itself (after the manipulation to convert it to a single line string) this error would have appeared first during the communication with the DPS...
QuantumCache 20,271 Reputation points

2023-01-23T21:42:59.3466667+00:00

Hello @afcec,

Thanks for your patience on this issue!

Please send an email to us with the below details, so that we can work closely on this matter.
afcec 21 Reputation points

2023-01-24T07:16:42.3933333+00:00

Done, thanks
QuantumCache 20,271 Reputation points

2023-01-24T07:19:06.29+00:00

Thank you, I got your email!
afcec 21 Reputation points

2023-01-26T14:27:08.82+00:00

Could anyone help me? I have lost here a lot of time and I do not know what else I can do...

If the connection to the DPS is correct and the device is created and registered in the IoT Hub, why is the MQTT connection refused?
afcec 21 Reputation points

2023-01-26T14:27:33.1+00:00

And this is the log entry for a connection attempt from the IoT Hub in case it helps:

{ "time": "2023-01-20T09:11:32Z", "resourceId": "/SUBSCRIPTIONS/XXXXXXXXXX/RESOURCEGROUPS/RG_IOTDEV/PROVIDERS/MICROSOFT.DEVICES/IOTHUBS/IOT-HUB-XXXXXX", "operationName": "deviceConnect", "category": "Connections", "level": "Error", "resultType": "401003", "resultDescription": "IotHubUnauthorized", "properties": "{"deviceId":"1901202300000001","moduleId":"1901202300000001","sdkVersion":"c/1.2.0-beta.1(FreeRTOS)","protocol":"Mqtt","authType":null,"maskedIpAddress":"31.4.247.XXX","statusCode":"401","errorMessage":""}", "location": "northeurope"}

Error message is empty...

3 answers

afcec 21 Reputation points

2023-01-20T06:37:15.4+00:00

According to the support I received by Dane Walton from the Azure IoT Middleware for Freertos repository on Github, the only reason to use the certificate and private key as a single line string was for the samples provided so the certificate can be configured through Kconfig. Therefore, I tried again with the original certificates in PEM format and the result was just the same...
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
afcec 21 Reputation points

2023-01-20T10:24:39.84+00:00
With respect to the certificates we are using, please see below some information:

DPS is configured with the Root CA certificate and we have three enrollment groups with the corresponding intermediate certificates (Everything configured and working fine for three years now)

Device certificates are self signed and created witn OpenSSL

All the certificates generated are valid for 30 years

The signature algorithm is sha256WithRSAEncryption
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
QuantumCache 20,271 Reputation points

2023-02-22T21:10:06.96+00:00

hello @afcec Just checking on this.

I was looking into the latest Support ticket interaction and was not able to find any further communication on the case/

Was the below mentioned statement helped in narrowing down the issue?

successfully resolved error by removing the module Id from the config file.
Please sign in to rate this answer.
afcec 21 Reputation points

2023-02-22T21:10:35.13+00:00

Hello, yes once I removed the module id I could connect to the IoT Hub. However, now that the connection is stablished there is a meditation error everytime I make any call to AzureIoTHubClient_ProcessLoop or AzureIoTHubClient_SendPropertiesReported.

When I decode the backtrace, it points to:

AzureIoTHubClient_ProcessLoop --> transport_tls_esp32.c, line 414: tlsStatus = esp_transport_read( pxEspTlsTransport->xTransport, pBuffer, xBytesToRecv, pxEspTlsTransport->ulReceiveTimeoutMs );

AzureIoTHubClient_SendPropertiesReported --> to transport_tls_esp32.c, line 448: EspTlsTransportParams_t * pxEspTlsTransport = (EspTlsTransportParams_t *)pxTlsParams->xSSLContext;

If I comment out the calls to those functions, the connection to the IoT Hub remains active until the keep alive timeout expires.

QuantumCache 20,271 Reputation points

2023-02-22T21:11:37.5066667+00:00

hello @afcec Just checking on this.

Do you see any resolution for your issue?

Ramon Bezanilla 41 Reputation points

2023-02-23T07:23:08.2133333+00:00

Hello, yes, this particular issue was solved after removing the module id so now I can connect to the Hub, although I am still experiencing some problems with the data exchange once the connection is stablish. However, that is a different issue and we are working on it. Thanks!

leo lee 20 Reputation points

2024-04-16T08:09:21.3033333+00:00

hello afcec,

Now I have the same problem as you, can i ask you how you solve the problem? For example, how to remove the module id and how to successfully connect to azure IoT. I did not configure the module id in the configuration center of idf.py menuconfig, but the problem still exists. At the same time, the module id is configured to be empty in the code, and the problem is still not solved.

I am looking forward to your reply. Thank you
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure IoT Middleware for Freertos - Failed to establish MQTT connection, error 0x00000006

3 answers

Your answer