0

The call to register a device to IoTCentral returns an exception, but the device does become visible in the web app (under Unassociated Devices).

Googled, couldn't find anything. Ran with DEBUG=*, saw

azure-iot-provisioning-device-http:Http {"operationId":"4.dd5e9d546d057f12.8a2a1010-281f-4ac1-a29f-591800934ecc","status":"failed","registrationState":{"registrationId":"jeffsdeskjune","createdDateTimeUtc":"2019-06-17T14:25:14.7183582Z","status":"failed","errorCode":400209,"errorMessage":"Custom allocation failed with
status code: 401","lastUpdatedDateTimeUtc":"2019-06-17T14:25:14.8832611Z","etag":"IjZkMDBmY2MwLTAwMDAtMDEwMC0wMDAwLTVkMDdhMmNhMDAwMCI="}}

401 would be Unauthorized, but what is this "Custom allocation"? Is the missing authorization something which is expected to be provided by this virgin device which is trying to register itself, or is it some service-to-service thing?

The code (Javascript/Node):

var transport = new Transport();
var securityClient = new X509Security(registrationId, deviceCert);
    deviceClient = ProvisioningDeviceClient.create(provisioningHost, idScope, transport, securityClient);

// Register the device.  Do not force a re-registration.
deviceClient.register(function (err, result) {
    if (err) {
      console.log("error registering device: " + err);

The code is copied from register_x509.js in azure-iot-sdk-node. The error thrown is "error registering device: ProvisioningRegistrationFailedError: registration failed". Yet if I go to xxx.azureiotcentral.com Device Explorer / Unassociated devices, the device DOES appear there. The error is thrown whether the device was already in that list or whether I delete it first. The cert which signed this device cert has been uploaded and verified and is still valid. What is happening / what should I do about it?

lordbah
  • 313
  • 1
  • 2
  • 12
  • Once the device is manually associated with a device template, the register call no longer returns an error. I have to figure out how it does automatic association. What an odd error message for this case. – lordbah Jun 17 '19 at 22:24

1 Answers1

1

I believe this is the normal behavior though the error message can definitely be improved. The flow is as follows:

  • In order to connect a device to an IoT Central application without first being registered you need to generate suitable credentials, and configure the devices. When a device turns on for the first time, it connects automatically to an IoT Central application. An IoT Central operator must approve the device before it can stat sending data.

When a device wasn't registered manually on the Device Explorer page, but connected with valid credentials and is visible as an Unassociated device on the Device Explorer page, the provisioning status should be showing as registered. When you associate the device to the appropriate device template and approve the device to connect to your IoT Central application the provisioning status should be showing as provisioned.

Therefore, the root of trust in your case (so that you know if the device was registered already or not) should be the provisioning status showing on your iot central application.

asergaz
  • 996
  • 5
  • 17
  • Thanks. We don't want _any_ manual steps. If a device presents an x509 signed by the cert we uploaded, we want it to automatically associate (there would need to be a way to figure out which device template to associate with if there is more than one). Merely having the cert is good enough to start. – lordbah Jun 21 '19 at 14:32
  • Gotcha. CRUD functions are planned. You should vote for that in [UserVoice](https://feedback.azure.com/forums/911455-azure-iot-central/suggestions/35920993-crud-iot-devices-via-interface-api). – asergaz Jun 24 '19 at 14:39