Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
595 questions
Unable to bring the edgehub and edge agent modules as recently IOT hub got updated with DigiCert G2 root from Baltimore root
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 43%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Manasa
0
Reputation points
Hi Team,
Recently IOT hub got updated with DigiCert G2 root from Baltimore root. After the device is not coming up if I try to install new machine also. The ssl certificates which we are generating it was working fine with Baltimore root.
Not sure if any modifications are required.
How i am generating certificates?
Configuration checks
--------------------
√ config.yaml is well-formed - OK
‼ config.yaml has well-formed connection string - Warning
Device not configured with manual provisioning, in this configuration 'iotedge check' is not able to discover the device's backing IoT Hub.
To run connectivity checks in this configuration please specify the backing IoT Hub name using --iothub-hostname switch if you have that information.
If no hostname is provided, all hub connectivity tests will be skipped.
√ container engine is installed and functional - OK
√ config.yaml has correct hostname - OK
× config.yaml has correct URIs for daemon mgmt endpoint - Error
Unable to find image 'mcr.microsoft.com/azureiotedge-diagnostics:1.0.9.3' locally
1.0.9.3: Pulling from azureiotedge-diagnostics
31603596830f: Pulling fs layer
6e51d6ed8c58: Pulling fs layer
31603596830f: Verifying Checksum
31603596830f: Download complete
31603596830f: Pull complete
6e51d6ed8c58: Download complete
6e51d6ed8c58: Pull complete
Digest: sha256:770251145e61afd6f1bca701a585eb5c79f9b400ad0702956f0219b0bb5cb539
Status: Downloaded newer image for mcr.microsoft.com/azureiotedge-diagnostics:1.0.9.3
Error: could not execute list-modules request: an error occurred trying to connect: Connection refused (os error 111)
‼ latest security daemon - Warning
Installed IoT Edge daemon has version 1.0.9.3 but 1.1.15 is the latest stable version available.
Please see https://aka.ms/iotedge-update-runtime for update instructions.
√ host time is close to real time - OK
√ container time is close to host time - OK
‼ DNS server - Warning
Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub.
Please see https://aka.ms/iotedge-prod-checklist-dns for best practices.
You can ignore this warning if you are setting DNS server per module in the Edge deployment.
√ production readiness: identity certificates expiry - OK
‼ production readiness: certificates - Warning
The Edge device is using self-signed automatically-generated development certificates.
They will expire in 89 days (at 2023-09-12 08:32:54 UTC) causing module-to-module and downstream device communication to fail on an active deployment.
After the certs have expired, restarting the IoT Edge daemon will trigger it to generate new development certs.
Please consider using production certificates instead. See https://aka.ms/iotedge-prod-checklist-certs for best practices.
√ production readiness: container engine - OK
‼ production readiness: logs policy - Warning
Container engine is not configured to rotate module logs which may cause it run out of disk space.
Please see https://aka.ms/iotedge-prod-checklist-logs for best practices.
You can ignore this warning if you are setting log policy per module in the Edge deployment.
× production readiness: Edge Agent's storage directory is persisted on the host filesystem - Error
Could not check current state of edgeAgent container
× production readiness: Edge Hub's storage directory is persisted on the host filesystem - Error
Could not check current state of edgeHub container
Connectivity checks
sudo iotedge list
[centosjunetest@centosjunetest centosInstall_3c13de2f-0436-4171-89eb-b91667289358-centosjunetest]$ sudo iotedge list
A module runtime error occurred
caused by: Could not list modules
caused by: an error occurred trying to connect: Connection refused (os error 111)
[centosjunetest@centosjunetest centosInstall_3c13de2f-0436-4171-89eb-b91667289358-centosjunetest]$
[centosjunetest@centosjunetest centosInstall_3c13de2f-0436-4171-89eb-b91667289358-centosjunetest]$
[centosjunetest@centosjunetest centosInstall_3c13de2f-0436-4171-89eb-b91667289358-centosjunetest]$
[centosjunetest@centosjunetest centosInstall_3c13de2f-0436-4171-89eb-b91667289358-centosjunetest]$ sudo iotedge list
A module runtime error occurred
caused by: Could not list modules
caused by: an error occurred trying to connect: Connection refused (os error 111)
[centosjunetest@centosjunetest centosInstall_3c13de2f-0436-4171-89eb-b91667289358-centosjunetest]$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[centosjunetest@centosjunetest centosInstall_3c13de2f-0436-4171-89eb-b91667289358-centosjunetest]$
Let me know if i am missing anything here?
Thanks,
Narendra
{count} votes
-
LeelaRajeshSayana-MSFT 17,331 Reputation points2023-06-14T20:46:01.23+00:00 Hi @Manasa Greetings! Welcome to Microsoft Q&A forum. Thank you for reporting the issue to us. We are trying to test this behavior from our end. We will update this thread with more details as soon as we can.
-
Manasa 0 Reputation points
2023-06-15T04:29:17.5333333+00:00 Hi LeelaRajeshSayana-MSFT,
Thank you, once you get some lead on above issue, please provide the details. Faster solution really helps us.Waiting for your response.
Thanks.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 74%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AshokPeddakotla-MSFT 35,941 Reputation points2023-06-15T10:50:44.1933333+00:00 Manasa How exactly you did the migration? Did you follow any steps or documentation?
What is the migration status of an IoT hub ? Check migration status of an IoT hub
-
Manasa 0 Reputation points
2023-06-15T15:07:55.1633333+00:00 It says updated to DigiCert Global G2 root. But we didn't do this migration. It is updated automatically.
Thanks,
Manasa -
Manasa 0 Reputation points
2023-06-15T15:20:14.88+00:00 Current status: DigiCert Global G2 root (Updated Tue, 06 Jun 2023 18:40:49 GMT)
We didn't do this update or migration, it happened by itself or from azure side.
Thanks,
Manasa -
AshokPeddakotla-MSFT 35,941 Reputation points
2023-06-15T16:40:15.3833333+00:00 Manasa Thanks for the confirmation.
I reverted back to Baltimore root on my IoT Hub to reproduce the issue but not able to see the issue which you are experiencing.
Have you checked the Troubleshoot device reconnection guide?
If nothing helps. For a deeper investigation and immediate assistance on this issue, please file a support request @ https://aka.ms/azsupt?
If you do not have access to a support plan, do let us know. -
Manasa 0 Reputation points
2023-06-16T06:24:34.9033333+00:00 I don't have paid support subscription, I am facing issue with new certificates(DigiCert Global G2 root), not with Baltimore.
Can you please help here?
Thanks,
Manasa -
AshokPeddakotla-MSFT 35,941 Reputation points
2023-06-19T15:46:27.9366667+00:00 Manasa If you do not have access to a support plan, could you please send an email to azcommunity@microsoft.com with the below details, so that we can work closely on this matter.
Thread URL: Link to this thread.
Azure Subscription ID:
Email Subject : Attn Ashok
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 39%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
Vishal Patel 0 Reputation points2023-09-20T10:14:44.6733333+00:00 @AshokPeddakotla-MSFT
I am also facing same issue ,could you please explain how you fixed this
Sign in to comment
Sign in to answer