Azure IoT Central and ESP32

Anonymous
2023-04-14T22:17:57.81+00:00

I am having an issue with connecting my ESP32 to my Azure IoT Central. Here are the steps that I followed. Please note that any names, device ids, etc are changed in this post:

  1. created an Azure IoT Central App using the following Guides: https://learn.microsoft.com/en-us/azure/iot-develop/quickstart-send-telemetry-central?pivots=programming-language-ansi-c
  2. Then under Devices, I clicked new and created a new device. I then made the device name ESP32_IOT, the device ID is mydevice1, I created a template called esp-template and assigned that device to that template.
  3. I then clicked the device to bring up the device menu and clicked connect so that I could retrieve the scope ID (myScopeID), set the device ID (mydevice1), and retrieve the SAS primary Key (G9uCt7k=).
  4. I then went under setting->application and set the certification authority to DigiCert Global G2 Root (based on the article at the following url: https://techcommunity.microsoft.com/t5/internet-of-things-blog/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169
  5. after all of this was set, I then began to work on the esp32 code. I followed the guide at this url: https://github.com/Azure-Samples/iot-middleware-freertos-samples/tree/main/demos/projects/ESPRESSIF/esp32
  6. basically, i cloned the project, initialized the repo, opened the esp sample folder in Visual Studio code, set the WiFi SSID and password, and then set the rest of the configuration parameters:
   # Azure IoT middleware for FreeRTOS Main Task Configuration
   #
   CONFIG_AZURE_SAMPLE_USE_PLUG_AND_PLAY=y
   CONFIG_AZURE_IOT_HUB_FQDN=""
   CONFIG_AZURE_IOT_DEVICE_ID="mydevice1"
   CONFIG_AZURE_IOT_AUTH_METHOD_SYMMETRIC_KEY=y
   # CONFIG_AZURE_IOT_AUTH_METHOD_X509 is not set
   CONFIG_AZURE_IOT_DEVICE_SYMMETRIC_KEY="G9uCt7k="
   CONFIG_AZURE_IOT_MODULE_ID=""
   CONFIG_ENABLE_DPS_SAMPLE=y
   CONFIG_AZURE_DPS_ID_SCOPE="myScopeID"
   CONFIG_AZURE_DPS_REGISTRATION_ID=""
   CONFIG_AZURE_TASK_STACKSIZE=4096
   CONFIG_NETWORK_BUFFER_SIZE=5120
   # end of Azure IoT middleware for FreeRTOS Main Task Configuration
  1. After all of this, I then cleaned, built, and flashed the project. However, I got the following error:
    I (10258) sample_azureiot: Notification of a time synchronization event I (10478) AZ IOT: Creating a TLS connection to global.azure-devices-provisioning.net:8883. E (10698) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700 I (10698) esp-tls-mbedtls: Failed to verify peer certificate! E (10698) esp-tls: Failed to open new connection E (10698) transport_base: Failed to open a new connection E (10718) tls_freertos: Failed establishing TLS connection (esp_transport_connect failed) W (10718) AZ IOT: Connection to the IoT Hub failed [6]. Retrying connection with backoff and jitter [0]ms.

Based on the rest of the terminal output, the device connects to the internet just fine, but has an issue with the provisioning. I have tried adding the device ID to the CONFIG_AZURE_DPS_REGISTRATION_ID parameter in the configuration, verifying that the time sync was correct, I have tried creating my own IoT Hub and IoT provisioning service (instead of connecting to a central), and I have tried other central apps to connect to, and I always get the same error. However, in the article at https://techcommunity.microsoft.com/t5/internet-of-things-blog/azure-iot-tls-critical-changes-are-almost-here-and-why-you/ba-p/2393169 under the section Valdation, they offer a testing environment to test devices that have to be updated for the new TLS changes.

IoT Hub endpoint: g2cert.azure-devices.net

  • Connection String: HostName=g2cert.azure-devices.net;DeviceId=TestDevice1;SharedAccessKey=iNULmN6ja++HvY6wXvYW9RQyby0nQYZB+0IUiUPpfec=
  • Device Provisioning Service (DPS):
    • Global Service Endpoint: g2-cert-dps.azure-devices-provisioning.net
    • ID SCOPE:  0ne002B1DF7
    • Registration ID: abc When I enter these parameters into my esp32 configuration, the device connects just fine (I also have to update the democonfigENDPOINT in demo_config.h to "g2-cert-dps.azure-devices-provisioning.net").

I have been at this for days and cannot seem to gain any traction outside of being able to connect it to the test environment. I don't know if the issue is with the esp32 code, or the Central. All of the guides that I have been finding online make this seem very easy and straight forward, so there doesn't seem to be an answer that I have been able to find. I will admit, I am just learning about Azure, so I am sure that I have missed something, but for the life of me I cannot find it. I also gave the condensed version of my troubleshooting above, but wanted to give the most concise information that I thought would be helpful to finding a solution. Thank you for any help that you can provide.

Azure IoT Central
Azure IoT Central
An Azure hosted internet of things (IoT) application platform.
342 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. LeelaRajeshSayana-MSFT 13,456 Reputation points
    2023-04-14T23:29:52.88+00:00

    Hi @Anonymous , Greetings! Welcome to Microsoft Q&A forum. Thank you for posting the question here. I apologize for the inconvenience this has caused you.

    I would like to point that the GitHub repository you are looking at is used to connect ESP32 device with IoT Hub, but not IoT central.

    There is another GitHub repository you would need to use to connect ESP32 with your Azure IoT Central. Please find the steps outlined in the GitHub repository Getting started with the ESPRESSIF ESP32 and Azure IoT Central with Azure SDK for C Arduino library which outlines the exact steps you would need to follow to connect ESP32 with Azure IoT central.

    After you install the Azure SDK for C library, load the sample code that comes with library. Please refer the below image to find the sample. Screenshot_132

    Once you load the code sample into your Arduino device, configure the following parameters in the iotconfigs.h file User's image

    User's image

    Note that using certificates is optional and you can connect your ESP32 to Azure IoT central just by using SAS keys in test and dev environments.

    Once you save the solution and flash the code against the ESP32 from Arduino IDE, you could view from the serial monitor that the device should connect without any issues.

    Hope this helps resolve your connectivity issues. Please let us know if you have any issues or further questions in the comments below.

    Update

    The Azure RTOS SDK sample from the reference Git Hub repository is hardcoded to talk to the DPS instance that is using the Baltimore root and not Digicert root that is required for connecting to the IoT Central application. Modifying the hardcoded URL to use the Digicert DPS endpoint made it to connect successfully. 

     

    Furthermore, the registration identity was missing from the SDK settings. Setting it to the device identity resolved the connectivity and could successfully send telemetry.

    If the response helped, please do click Accept Answer and Yes. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.

    1 person found this answer helpful.