2

I followed the node.js tutorial to register device throuh Azure DPS(device provisioning service) @ https://learn.microsoft.com/en-us/azure/iot-dps/quick-create-simulated-device-x509-node . For individual device enrollment it succedded, but when I try to register devices through enrollment groups it fails. I used "create_test-cert.js root" to generate my root certificate and 

create_test-cert.js verification --ca {rootcertificate_cert
.pem} --key {rootcertificate_key.pem} --nonce {verificationKey}

to verify . I also used create_test-cert.js device {leafcertificate} {rootcertificate-name} to create the device certificate. Finally I used register_x509.js file to register my device to Azure. Executing this file I have the following error

azure-iot-provisioning-device:X509Registration registrationId: first +0ms
  azure-iot-provisioning-device:PollingStateMachine register called for registrationId "first" +0ms
  azure-iot-provisioning-device:PollingStateMachine completed transition from disconnected to sendingRegistrationRequest +0ms
  azure-iot-provisioning-device-http:Http submitting PUT for first to /0ne00015676/registrations/first/register?api-version=2017-11-15 +0ms
  azure-iot-provisioning-device-http:Http {"registrationId":"first"} +0ms
  azure-iot-provisioning-device-http:Http error executing PUT: UnauthorizedError: Error: {"errorCode":401002,"trackingId":"e6b9c185-64c4-4535-8d23-a7625dd3e011","message":"Unauthorized","timestampUtc":"2018-04-23T12:21:56.1390465Z"} +353ms

Error code "401002 is IotHubUnauthorizedAccess "

thanks

stef
  • 41
  • 5
  • What is "DPS?" It's helpful to define acronyms. Also, it's unclear what tutorial you're referring to, and without much context around this question, it's unclear what, specifically, you're attempting to do, or what the expected outcome is (other than it involves Azure IoT). Please edit your question accordingly. – David Makogon Apr 23 '18 at 14:51
  • Hi Michael, I'm currently on the master branch of azure-iot-sdk-node and yes I have linked my iotHub to DPS. Do you know if I can find some logs in AZure portal explaining the problem. I don't know if the problem is link to my certificate or by something else. – stef Apr 24 '18 at 09:33

3 Answers3

1

I have tested with the latest version SDK. It works. Following are my operation steps.

Update:

  1. Generate the root ca certificate file with the command(testRootCert_cert.pem,testRootCert_fullchain.pem,testRootCert_key.pem would be genetated in tools folder):

node create_test_cert.js root

  1. Add a certificate named "root" in Certificates, and upload the root ca file(testRootCert_cert.pem).

  2. Generate the verification Code and create the verification ca file with this command,upload the verification_cert.pem file, the status "root" will be "Verified":

node create_test_cert.js verification --ca testRootCert_cert.pem --key testRootCert_key.pem --nonce {verification code}

  1. Create the enrollment group following this guide, an enrollment group named "first" will be created:

node create_enrollment_group.js "" "testRootCert_cert.pem"

  1. Generate the certificate file for the device to enroll to the group via following command.

node create_test_cert.js device device01 testRootCert

  1. Copy the device01 _cert.pem,device01 _fullchain.pem, and device01 _key.pem to '\device\samples' folder,and modify provisioning host,id scope, registration id(here as 'first' named),cert filename and key filename. Please refer to this document.

var provisioningHost = '{your provisioning Host}'; var idScope = '{your id scope}'; var registrationId = 'device01'; var deviceCert = { cert: fs.readFileSync('device01_cert.pem').toString(), key: fs.readFileSync('device01_key.pem').toString() };

  1. At last, run node register_x509.js to assign the device. The message will be shown as :
registration succeeded
assigned hub={iothub host}
deviceId=device01

enter image description here

Please node that the Device Provisioning Service should be linked to your IoT Hub.enter image description here

Michael Xu
  • 4,382
  • 1
  • 8
  • 16
  • Hi Mickael, the procedure you describe work also on my side as individual enrollment, my problem is when I try to provision a device on an enrollment group – stef Apr 24 '18 at 09:44
  • I'm currently on the master branch of azure-iot-sdk-node and yes I have linked my iotHub to DPS. Do you know if I can find some logs in AZure portal explaining the problem. I don't know if the problem is link to my certificate or by something else – stef Apr 24 '18 at 09:52
  • @stef, you can set Diagnostics settings in your DPS to monitor and diagnostics logs to make sure everything is working properly. – Michael Xu Apr 25 '18 at 05:48
  • @stef, it also works when i tried to provision a device on a enrollment group.I have updated the reply. – Michael Xu Apr 25 '18 at 06:56
  • thanks Mickael, I activated diagnostic logs yesterday, but I don't find them on Azure do you know where I can find them? Yesterday you tried an individual enrollment but did you try to do the same with group enrollment, this is the case which fails, and I don't find example on Azure docs. – stef Apr 25 '18 at 07:09
  • Thanks Michael, with the help of your info i was able to register my windows laptop with Azure IoT Edge but how do we run $edgeAgent and $edgeHub on my windows laptop? – techipank Jun 10 '22 at 07:38
1

Thanks to Michael I realized that the issue was in the documentation. It was unclear that the registrationid was the registarationid of the leaf and not the registrationid of the parent certificate

"Replace registration id with the Registration Id noted in the previous section. " should be replaced by "Replace registration id with the Registration Id of the leaf previously generated"

stef
  • 41
  • 5
0

the provisioning service sample for .net also does't work, link as itenter link description here.always get a system.argument error, value can't null. then I find the problem is Environment.GetEnvironmentVariable(key) return null. How can I do with this error?

joelin lin
  • 1
  • 1