I've got a small edge module, written in python using the azure-iot-sdk-python, that sends events back to the IoT hub using Mqtt. This works nicely.
The events are no longer delivered when I switch to using Mqtt over websockets (IoTHubTransportProvider.MQTT_WS).
In the edgeHub logs i can see:
2018-06-14 07:33:33.599 +00:00 [ERR] [Microsoft.AspNetCore.Server.Kestrel] - Uncaught exception from the OnConnectionAsync method of an IConnectionAdapter.
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
When I manually update the injected EdgeHubConnectionString (export EdgeHubConnectionString=...) to the one taken from the Device Details page on the IoT hub blade in the Azure portal, then Mqtt over websockets starts working.
How can I get Mqtt over websockets working with the injected EdgeHubConnectionString module connection string, instead of the one take from the Device Details page?
Related
I have an instance of Azure Hybrid Connections running on a server where SQL Server is installed.
I hosted an WebApp on azure, set up the hybrid connection and I'm consistently getting the same SSPI Handshake error
SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. The logon attempt failed [CLIENT: 1x.xx.xx.xxx]
As described here I added the clients ip in the local security policy.
I also tried adding the DisableLoopbackCheck=1 in HKLM\System\CurrentControlSet\Control\LSA, but it didn't help either.
Do I have to fix it on a database level perhaps?
As per https://github.com/Huachao/azure-content/blob/master/articles/app-service-web/web-sites-hybrid-connection-connect-on-premises-sql-server.md
[AZURE.NOTE] To ensure that your application uses the database that you created in SQL Server Express, and not the one in Visual Studio's default LocalDB, it is important that you complete this step before running your project.
Edit the connectionStrings section to point to the SQL Server database on your local machine, following the syntax in the following example:
I added user credentials to my connection string in appsettings.json and it now works.
Protocol: mqtt
Version: 3.1.1
Gateway model: CloudGate Ethernet CG0102
I'm publishing json message from my gateway which is connected to an open source Emqx broker (broker.emqx.io) port 1883 for a test. I tried to consume the messages by connecting to it with MQTTX by giving the following informations: Name, Client_ID, Host, Port, Username and Password, and then giving my topic which is my_topic.
The problem is nothing appear in my MQTTX while the given broker informations are good and similar to those in my gateway. Why ?
Also I would like in the future to use my own mqtt broker mounted on my laptop ? Any simple references where I could start to make such thing ? I already use mqtt to consume messages with python from remote broker but never try to build one to receive messages from my remote gateway.
I'm working on a ubuntu bionic VM
Client_ID needs to be unique for every client, so you can not reuse Client_ID between clients.
The MQTT spec says that the broker should kick the oldest client off when a new client connects with the same Client_ID. This normally leads to a fight between the 2 clients as they both try and reconnect kicking each other off.
I'm using a u-Blox SARA-R422M8S cellular module trying to connect to Azure Iot Hub with the MQTT AT commands. The module supports MQTT 3.1.1. The login request fails with Broker connection refused, not authorized. Using the same credentials in the python example at Microsoft Azure documentation, the login succeeds and I can publish. I've uploaded the Baltimore root cert and activated the TLS for the socket, so this seems ok as well as I get another error code elsewise.
Anyone experienced similar?
PS, here are the AT commands used:
AT+USECPRF=0
AT+USECPRF=0,0,1
AT+USECPRF=0,3,"root_ca"
AT+UPSD=0,0,0
AT+UPSD=0,100,1
AT+UMQTT=11,1,0
AT+UMQTT=2,".azure-devices.net",8883
AT+UMQTT=4,"myhub.azure-devices.net/mydev/?api-version=2018-06-30","mysas""
As per the docs:
For the ClientId field, use the deviceId.
So you need to set the Client ID with something like:
AT+UMQTT=0,"mydev"
Read an event from a device in Watson IoTPlatform using node-red and occur following error missing broker configuration
Request Data
[{"id":"e045d0f1.7d3b6","type":"mqtt in","z":"128ab415.c6150c","name":"DHT22_001","topic":"iot-2/type/DHT22/id/DTH22001/evt/data/fmt/json","qos":"2","broker":"3a8caa38.c01576","x":162,"y":99,"wires":[["dd729941.33d4e8"]]},{"id":"dd729941.33d4e8","type":"debug","z":"128ab415.c6150c","name":"","active":true,"console":"false","complete":"false","x":421,"y":99,"wires":[]},{"id":"3a8caa38.c01576","type":"mqtt-broker","z":"","broker":"s16hxe.messaging.internetofthings.ibmcloud.com","port":"1883","clientid":"d:s16hxe:DHT22:DHT22_001","usetls":false,"compatmode":true,"keepalive":"60","cleansession":true,"willTopic":"","willQos":"0","willPayload":"","birthTopic":"","birthQos":"0","birthPayload":""}]
I am trying to deploy a data flow server on Cloud foundry and create a simple app.
Only https end point could be exposed. I cannot enable https using this :
http://docs.spring.io/spring-cloud-dataflow/docs/current-SNAPSHOT/reference/htmlsingle/#configuration-security-enabling-https
As ssl is managed by cf. How do I make data flow server using https?
I have this error:
dataflow:>app list
Command failed org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://dataflow-server.run.aws-usw02-pr.ice.predix.io/apps": Connect to dataflow-server.run.aws-usw02-pr.ice.predix.io:80 [dataflow-server.run.aws-usw02-pr.ice.predix.io/54.201.89.124, dataflow-server.run.aws-usw02-pr.ice.predix.io/52.88.128.224] failed: Connection refused (Connection refused); nested exception is org.apache.http.conn.HttpHostConnectException: Connect to dataflow-server.run.aws-usw02-pr.ice.predix.io:80 [dataflow-server.run.aws-usw02-pr.ice.predix.io/54.201.89.124, dataflow-server.run.aws-usw02-pr.ice.predix.io/52.88.128.224] failed: Connection refused (Connection refused)
Thanks in advance.
Best Regards
as you already mentioned, you can not enable https at the container level inside cloudfoundry today. The traffic between the router and diego cell is not encrypted (unless you are using IPSEC).
So your dataflow server would not be configured with https, just deploy the server as it is. You should rely on your cloudfoundry install to have an open port at 443 on it's loadbalancer that forwards traffic to the router. Later CF incarnations support certificate placement at the router level.
Now, at the client (dataflow-shell) if you are using a valid certificate you don't need to do anything, but if you have a selfsigned certificate, you need to tell it to accept self-signed certificates, or skip validation all together.