locked
Unable to connect using MQTT from Arduino Nano RRS feed

  • Question

  • Trying to connect to Hub from Arduino Nano, unfortunately the board is not supported by the Azure/azure-iot-arduino SDK so using TinyGSM and the example they have for MQTT (tweaked for SSL).

    As per the example, I tested this against test.mosquitto.org:8883 and it was successful so I presume the SSL side of things is working, however, can't seem to get a connection to the Azure Hub.

    I've followed the docs on this to the letter, confident I'm using all the relevant settings, used the iothub-explorer to generate the SAS token etc. tried every possible variation of this now so at a bit of a loss. The only thing that's documented, and can't do due to lack of support in the TinyGSM library, is provide the client certificate from the device - the docs state:

    "In order to establish a TLS connection, you may need to download and reference the DigiCert Baltimore Root Certificate. This is the certificate that Azure uses to secure the connection..."

    Is this the issue? If so, the docs need updated to must... Regardless, if this is the case, any ideas of another way of getting this to work on an Arduino Nano?

    FWIW I've enabled the Operations Monitoring on the Hub to log connect events and monitor them via the iothub-explorer but I don't see anything coming through.

    Thanks

    P.S. had links in here but won't let me add them until my account is verified....and I don't have any sort of verification email.


    Sunday, December 24, 2017 2:24 PM

All replies

  • Hello jameshowe1,

    Have you followed this document: "Using the MQTT protocol directly" ?

    You can use SAS token instead of Certificate.

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, December 25, 2017 8:25 AM
  • Hi,

    Yes followed that document, as per my question, I am using a SAS token using the azure-iot-explorer tool. My settings are as follows:

    ClientId: <deviceName>
    Username: <hubName>.azure-devices.net/<deviceName>
    Password: SharedAccessSignature sr=<hubName>.azure-devices.net%2Fdevices%2F<deviceName>&sig=<sig>&se=<expiry>

    I presume the issue is the SSL side of things if that is the case, what's the best approach for debugging? I've enabled monitoring for Error events on the hub and then using the iothub-explorer tool to monitor via monitor-ops,however, I don't see anything?

    Thanks

    Tuesday, December 26, 2017 10:40 AM
  • Thanks for the good question. 
    Tuesday, December 26, 2017 10:45 AM
  • Hello jameshowe1,

    Based on "http://test.mosquitto.org/", encrypted ports need x509 certificates to support to connect. If you have added a certificate when connected test.mosquitto.org:8883 then you can change to the certificate that Azure needs. You can find this certificate on azure-iot-sdk-c repository.

    Copy DigiCert Baltimore Root certificate and save as a .cer file like this:

    If you use mosquitto library you can use mosquitto_tls_set() API to set the certificate.

    For debugging you can try to use WireShark to capture the communication packets.

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, December 28, 2017 3:30 AM
  • Hi,

    When I connected to test.mosquitto.org:8883 I did not supply a certficate, as I mentioned previously the libraries I am using i.e.

    - TinyGSM (GSM client)
    - PubSubClient (MQTT client)

    do not support this. Regardless, you mentioned previously that use of a SAS token means I shouldn't need to provide a certificate?

    WireShark would be useful, however not sure how I can use this in conjunction with a GPRS connection? The network isn't local and the device is an Arduino Nano so not sure how this would work. Is there anything on the Azure server side I could look at? Again I tried enabling the Operations Monitoring and the Network Diagnostics but I still see nothing via monitor-ops.

    Thursday, December 28, 2017 11:53 AM
  • So some more progress on this, decided to try narrow this down...

    I was able to connect to MQTT directly using Node on a Mac via https://www.npmjs.com/package/mqtt using a SAS token, so we can rule out the client cert being the issue. Attempting to connect using the exact same credentials fail using PubSubClient library on the Arduino.

    Given I can connect to test.mosquitto.org over SSL I think we can rule out TinyGSM / SSL issues being the problem therefore it's looking like PubSubClient might be the culprit.

    Next step is to dig into the PubSubClient and find out what type of CONNECT request it's sending vs what one the Node package that works sends. I will update with my findings...

    Friday, December 29, 2017 2:19 AM
  • Further investigation, and some debugging on the device, has shown that this fails at the first step of connection over the GPRS connection. For example, here's the log for when I connect to the test.mosquitto.org site:

    AT+CIPSSL=1
    OK
    AT+CIPSTART=1,"TCP","test.mosquitto.org",8883
    OK
    1, CONNECT OK


    vs the log when I attempt to connect to Azure:

    AT+CIPSSL=1
    OK
    AT+CIPSTART=1,"TCP","<hubname>.azure-devices.net",8883
    OK
    1, CONNECT FAIL


    Any ideas why this would fail? There's obviously something about the connection the Azure server doesn't like, I've more or less exhausted all the options on the client. I think I may need an engineer to investigate the server-side to get to the bottom of this.


    • Edited by jameshowe1 Friday, December 29, 2017 3:09 AM
    Friday, December 29, 2017 3:08 AM
  • Hello jameshowe1,

    >>>Regardless, you mentioned previously that use of a SAS token means I shouldn't need to provide a certificate?

    Yes. I use M2Mqtt C# library connect Azure IoT Hub successfully using SAS token. Here is my code sample.

                string MQTT_TOPIC = "devices/device1/messages/events/";
                string MQTT_MSG = "Hello from C# MQTT directly connection.";
    
                MqttClient client = new MqttClient(host, 8883, true, MqttSslProtocols.TLSv1_0);
                client.Connect("device1", "[HUB NAME].azure-devices.net/device1/api-version=2016-11-14", sas_token);
                client.Publish(MQTT_TOPIC, Encoding.UTF8.GetBytes(MQTT_MSG), 1, false);

    Your operation looks correct but there seems some issue with GSM module to connect to Azure IoT Hub.

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, December 29, 2017 6:57 AM