azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Edge device error while connecting to IotCentral private endpoint

Open vaishnavils97 opened this issue 2 years ago • 1 comments

Hi Team, I am facing issue while connecting an edge device to iotcentral private enpoint. Below are the steps i have followed for the result.

  1. Created virtual network.
  2. Created Iotcentral private endpoint.
  3. Connected the edge devive to iotcentral -- (This time device was able to send data).
  4. Disabled the public access on Iotcentral.
  5. Tried to connect the Edgedevice.

The edge device is connecting to Iotcentral using method "DPS Provisioning with Symmetric key". The 5th step was giving the below error.

aziot-identityd[16779]: 2022-12-02T07:10:14Z [INFO] - Could not reconcile Identities with current device data. Reprovisioning. edgeTestDevice2 aziot-identityd[16779]: 2022-12-02T07:10:14Z [INFO] - Sending DPS registration request. edgeTestDevice2 aziot-identityd[16779]: 2022-12-02T07:10:14Z [ERR!] - Failed to provision with IoT Hub, and no valid device backup was found: DPS client error edgeTestDevice2 aziot-identityd[16779]: 2022-12-02T07:10:14Z [ERR!] - service encountered an error edgeTestDevice2 aziot-identityd[16779]: 2022-12-02T07:10:14Z [ERR!] - caused by: DPS client error edgeTestDevice2 aziot-identityd[16779]: 2022-12-02T07:10:14Z [ERR!] - caused by: Unauthorized edgeTestDevice2 aziot-identityd[16779]: 2022-12-02T07:10:14Z [ERR!] - 0: edgeTestDevice2 aziot-identityd[16779]: 1: edgeTestDevice2 systemd[1]: aziot-identityd.service: Main process exited, code=exited, status=1/FAILURE edgeTestDevice2 systemd[1]: aziot-identityd.service: Failed with result 'exit-code'.

Please help me out to solve this issue.

vaishnavils97 avatar Dec 02 '22 07:12 vaishnavils97

Hi @vaishnavils97

Thank you for bringing this to our attention. It would be great if you could add a link to the documentation you are following for these steps? This would help us redirect the issue to the appropriate team. Thanks!

Naveenommi-MSFT avatar Dec 02 '22 12:12 Naveenommi-MSFT

Hi @Naveenommi-MSFT

This is the link I have followed (https://learn.microsoft.com/en-us/azure/iot-central/core/howto-create-private-endpoint).

vaishnavils97 avatar Dec 05 '22 06:12 vaishnavils97

Hi @vaishnavils97 - did you configure the IoT Edge device to use the private DPS endpoint (https://learn.microsoft.com/en-us/azure/iot-central/core/howto-create-private-endpoint#connect-to-a-private-endpoint)?

For an IoT Edge device, you configure the DPS endpoint in the config.toml file. There's a fully commented version here: https://github.com/Azure/iotedge/blob/main/edgelet/contrib/config/linux/template.toml

The setting you need to change is global_endpoint.

dominicbetts avatar Dec 05 '22 14:12 dominicbetts

Hi @dominicbetts

I have tried to configure the dPS endpoint in config.toml file as "service_endpoint". But while appling changes to the config file using "sudo iotedge config apply" command it is giving error on service_endpoint flag. Can you Please specify exactly how we should configure the flag in config.toml file and the details of this flag is missing from the document too. Thanks

DPS provisioning with symmetric key

[provisioning] source = "dps" global_endpoint = "https://global.azure-devices-provisioning.net" id_scope = "0xxxxxx"

vaishnavils97 avatar Dec 05 '22 17:12 vaishnavils97

Hi @dominicbetts

Please Update .

vaishnavils97 avatar Dec 07 '22 07:12 vaishnavils97

My config.toml looks like the following:

[provisioning]
source = "dps"
global_endpoint = "https://saas-dps-c99........0649.azure-devices-provisioning.net"
id_scope = "0ne00893C92"

[provisioning.attestation]
method = "symmetric_key"
registration_id = "2og1ocxuweo"
symmetric_key = { value = "BJ2.........OMY=" }

[agent]
name = "edgeAgent"
type = "docker"

[agent.config]
image = "mcr.microsoft.com/azureiotedge-agent:1.4"

[connect]
workload_uri = "unix:///var/run/iotedge/workload.sock"
management_uri = "unix:///var/run/iotedge/mgmt.sock"

[listen]
workload_uri = "fd://aziot-edged.workload.socket"
management_uri = "fd://aziot-edged.mgmt.socket"

[moby_runtime]
uri = "unix:///var/run/docker.sock"
network = "azure-iot-edge"

The global_endpoint value comes from the Service endpoint in the device connection group in IoT Central.

dominicbetts avatar Dec 07 '22 13:12 dominicbetts

Hi @dominicbetts

I have tried this approach but while provisioning the Edge device I am facing issue mentioned below.

sudo iotedge system logs Failed to provision with IoT Hub, and no valid device backup was found: DPS client error ... [ERR!] - service encountered an error aziot-identityd[10651] [ERR!] - caused by: DPS client error aziot-identityd[10651]:[ERR!] - caused by: Unauthorized aziot-identityd[10651][ERR!] - 0:

My config file

DPS provisioning with symmetric key [provisioning] source = "dps" global_endpoint = "https://saas-dps-oxxxxxxxxxxxxxxxxxx.azure-devices-provisioning.net" id_scope = "0ne00xxxxx"

[provisioning.attestation] method = "symmetric_key" registration_id = "0xxxx"

symmetric_key = { value = "0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=" } # inline key (base64), or...

vaishnavils97 avatar Dec 08 '22 14:12 vaishnavils97

Hi @vaishnavils97 - your issue looks similar to this one: https://github.com/Azure/iotedge/issues/6638 - although the reported problem related to TPM attestation rather than symmetric key.

Maybe you should open an issue in the iotedge repo?

dominicbetts avatar Dec 09 '22 07:12 dominicbetts

Hi @dominicbetts - Yes Please

vaishnavils97 avatar Dec 09 '22 13:12 vaishnavils97

I'm closing this issue now - you can follow up in the issue you opened in the iotedge repo. Thanks!

dominicbetts avatar Jan 09 '23 11:01 dominicbetts

#please-close

dominicbetts avatar Jan 09 '23 11:01 dominicbetts