iotedge: My dotnet code fails to run with Unhandled exception. System.Security.Authentication.AuthenticationException: TLS authentication error
I am running the sample DownstreamDevice code following the steps in this article with my custom IoTEdge Device. https://docs.microsoft.com/en-us/learn/modules/set-up-iot-edge-gateway/4-generate-configure-iot-edge-device-certificates
Here’s the terminal output from dotnet run command: PS C:\Users\thakkarp\OneDrive - Intel Corporation\Desktop\Edge Collaterals\AzureSamples\DownstreamDevice> dotnet run IoT Hub C# Simulated Cave Device. Ctrl-C to exit.
User configured CA certificate path: azure-iot-test-only.root.ca.cert.pem
Attempting to install CA certificate: azure-iot-test-only.root.ca.cert.pem
Successfully added certificate: azure-iot-test-only.root.ca.cert.pem
Connection String: HostName=IoTHubSEO.azure-devices.net;DeviceId=DownstreamDevice1;SharedAccessKey=Kr3xWDxIZ4M0WkDM1Uflm9tes9GQ84sJwJp+lPj0mOE=;GatewayHostName=vm1.ceek-7cqcpenlzuuhg.westus2.cloudapp.azure.com
8/9/2021 7:12:51 PM > Sending message before: {“temperature”:25.622381712599836,“humidity”:61.375156464695536} Microsoft.Azure.Devices.Client.DeviceClient
Unhandled exception. System.Security.Authentication.AuthenticationException: TLS authentication error.
—> System.AggregateException: One or more errors occurred. (The remote certificate is invalid according to the validation procedure.)
—> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
— End of stack trace from previous location where exception was thrown —
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_2(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronizatiPS C:\Users\thakkarp\OneDrive - Intel Corporation\Desktop\Edge Collaterals\AzureSamples\DownstreamDevice> dotnet run
IoT Hub C# Simulated Cave Device. Ctrl-C to exit.
User configured CA certificate path: azure-iot-test-only.root.ca.cert.pem
Attempting to install CA certificate: azure-iot-test-only.root.ca.cert.pem
Successfully added certificate: azure-iot-test-only.root.ca.cert.pem
Connection String: HostName=IoTHubSEO.azure-devices.net;DeviceId=DownstreamDevice1;SharedAccessKey=Kr3xWDxIZ4M0WkDM1Uflm9tes9GQ84sJwJp+lPj0mOE=;GatewayHostName=vm1.ceek-7cqcpenlzuuhg.westus2.cloudapp.azure.com
8/9/2021 7:20:44 PM > Sending message before: {“temperature”:28.411910207202617,“humidity”:63.82256410262667} Microsoft.Azure.Devices.Client.DeviceClient
Unhandled exception. System.Security.Authentication.AuthenticationException: TLS authentication error.
—> System.AggregateException: One or more errors occurred. (The remote certificate is invalid according to the validation procedure.)
—> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
— End of stack trace from previous location where exception was thrown —
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_2(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
— End of inner exception stack trace —
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenInternalAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ProtocolRoutingDelegatingHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.<>c__DisplayClass27_0.<<ExecuteWithErrorHandlingAsync>b__0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func1 asyncOperation) at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.WriteMessageAsync(IChannelHandlerContext context, Object message, Func3 exceptionHandler)
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.ConnectAsync(IChannelHandlerContext context)
— End of inner exception stack trace —
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func`1 asyncOperation)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass38_0.<<OpenInternalAsync>b__0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.EnsureOpenedAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass15_0.<<SendEventAsync>b__0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.SendEventAsync(Message message, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.InternalClient.SendEventAsync(Message message)
at CaveDevice.Program.SendDeviceToCloudMessagesAsync() in C:\Users\thakkarp\OneDrive - Intel Corporation\Desktop\Edge Collaterals\AzureSamples\DownstreamDevice\Program.cs:line 96
at System.Threading.Tasks.Task.<>c.<ThrowAsync>b__139_1(Object state)
at System.Threading.QueueUserWorkItemCallbackDefaultContext.Execute()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
PS C:\Users\thakkarp\OneDrive - Intel Corporation\Desktop\Edge Collaterals\AzureSamples\DownstreamDevice> dotnet run
IoT Hub C# Simulated Cave Device. Ctrl-C to exit.
User configured CA certificate path: azure-iot-test-only.root.ca.cert.pem
Attempting to install CA certificate: azure-iot-test-only.root.ca.cert.pem
Successfully added certificate: azure-iot-test-only.root.ca.cert.pem
Connection String: HostName=IoTHubSEO.azure-devices.net;DeviceId=DownstreamDevice1;SharedAccessKey=Kr3xWDxIZ4M0WkDM1Uflm9tes9GQ84sJwJp+lPj0mOE=;GatewayHostName=vm1.ceek-7cqcpenlzuuhg.westus2.cloudapp.azure.com
8/9/2021 7:42:27 PM > Sending message before: {“temperature”:33.75173623848322,“humidity”:68.2361978330818} Microsoft.Azure.Devices.Client.DeviceClient
Unhandled exception. System.Security.Authentication.AuthenticationException: TLS authentication error.
—> System.AggregateException: One or more errors occurred. (The remote certificate is invalid according to the validation procedure.)
—> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
— End of stack trace from previous location where exception was thrown —
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__64_2(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
— End of inner exception stack trace —
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenInternalAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ProtocolRoutingDelegatingHandler.OpenAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.<>c__DisplayClass27_0.<<ExecuteWithErrorHandlingAsync>b__0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func1 asyncOperation) at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.WriteMessageAsync(IChannelHandlerContext context, Object message, Func3 exceptionHandler)
at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.ConnectAsync(IChannelHandlerContext context)
— End of inner exception stack trace —
at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func`1 asyncOperation)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass38_0.<<OpenInternalAsync>b__0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.EnsureOpenedAsync(CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.<>c__DisplayClass15_0.<<SendEventAsync>b__0>d.MoveNext()
— End of stack trace from previous location where exception was thrown —
at Microsoft.Azure.Devices.Client.Transport.RetryDelegatingHandler.SendEventAsync(Message message, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Client.InternalClient.SendEventAsync(Message message)
at CaveDevice.Program.SendDeviceToCloudMessagesAsync() in C:\Users\thakkarp\OneDrive - Intel Corporation\Desktop\Edge Collaterals\AzureSamples\DownstreamDevice\Program.cs:line 96
at System.Threading.Tasks.Task.<>c.<ThrowAsync>b__139_1(Object state)
at System.Threading.QueueUserWorkItemCallbackDefaultContext.Execute()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
PS C:\Users\thakkarp\OneDrive - Intel Corporation\Desktop\Edge Collaterals\AzureSamples\DownstreamDevice>
I have configured the config.toml file with the connection string as well as the certificates. Please let me know if you need any additional info. MQTT ports are enabled.
IOTedge check output is as follows: Configuration checks (aziot-identity-service)
√ keyd configuration is well-formed - OK √ certd configuration is well-formed - OK √ tpmd configuration is well-formed - OK √ identityd configuration is well-formed - OK √ daemon configurations up-to-date with config.toml - OK √ identityd config toml file specifies a valid hostname - OK √ aziot-identity-service package is up-to-date - OK √ host time is close to reference time - OK √ preloaded certificates are valid - OK √ keyd is running - OK √ certd is running - OK √ identityd is running - OK √ read all preloaded certificates from the Certificates Service - OK √ read all preloaded key pairs from the Keys Service - OK √ ensure all preloaded certificates match preloaded private keys with the same ID - OK
Connectivity checks (aziot-identity-service)
√ host can connect to and perform TLS handshake with iothub AMQP port - OK √ host can connect to and perform TLS handshake with iothub HTTPS / WebSockets port - OK √ host can connect to and perform TLS handshake with iothub MQTT port - OK
Configuration checks
√ aziot-edged configuration is well-formed - OK √ configuration up-to-date with config.toml - OK √ container engine is installed and functional - OK √ configuration has correct URIs for daemon mgmt endpoint - OK √ aziot-edge package is up-to-date - OK √ container time is close to host time - OK ‼ DNS server - Warning Container engine is not configured with DNS server setting, which may impact connectivity to IoT Hub. Please see https://aka.ms/iotedge-prod-checklist-dns for best practices. You can ignore this warning if you are setting DNS server per module in the Edge deployment. ‼ production readiness: container engine - Warning Device is not using a production-supported container engine (moby-engine). Please see https://aka.ms/iotedge-prod-checklist-moby for details. ‼ production readiness: logs policy - Warning Container engine is not configured to rotate module logs which may cause it run out of disk space. Please see https://aka.ms/iotedge-prod-checklist-logs for best practices. You can ignore this warning if you are setting log policy per module in the Edge deployment. ‼ production readiness: Edge Agent’s storage directory is persisted on the host filesystem - Warning The edgeAgent module is not configured to persist its /tmp/edgeAgent directory on the host filesystem. Data might be lost if the module is deleted or updated. Please see https://aka.ms/iotedge-storage-host for best practices. ‼ production readiness: Edge Hub’s storage directory is persisted on the host filesystem - Warning The edgeHub module is not configured to persist its /tmp/edgeHub directory on the host filesystem. Data might be lost if the module is deleted or updated. Please see https://aka.ms/iotedge-storage-host for best practices. √ Agent image is valid and can be pulled from upstream - OK
Connectivity checks
√ container on the default network can connect to upstream AMQP port - OK √ container on the default network can connect to upstream HTTPS / WebSockets port - OK √ container on the default network can connect to upstream MQTT port - OK √ container on the IoT Edge module network can connect to upstream AMQP port - OK √ container on the IoT Edge module network can connect to upstream HTTPS / WebSockets port - OK √ container on the IoT Edge module network can connect to upstream MQTT port - OK 31 check(s) succeeded. 5 check(s) raised warnings. Re-run with --verbose for more details.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 49 (18 by maintainers)
@nlcamp - This worked…thank-you so much for the guidance - to both you and Mark Radbourne - who helped me with this. Great Job and team Effort!
@purvit and @darenm - I’ve asked internally about the what exactly the
hostnamevariable is used for and why we’re having to be careful about the GatewayHostName and /etc/hosts file in 1.2 Windows downstream devices, but not in 1.1. I’ll relay any information I receive to you guys.@purvit - regarding the error output from your C module, can you try
ping vm1.ceek-7cqcpenlzuuhg.westus2.cloudapp.azure.comfrom the host where your C module is running?@darenm - Thanks for this extra information. We will look into this some more given this new information.
@purvit - Have you attempted the workaround of editing your /etc/hosts file?
I have made this work with a windows leaf device before with aziot 1.1, however the edge gateway was an Azure ubuntu VM as in the example. Now the edgegate way is a VM running my product…which is an Azure OpenNESS devkit as created using these steps: https://github.com/open-ness/converged-edge-experience-kits/blob/master/cloud/README.md This deploys a two node kubernetes cluster with CentOS. It creates a VM scaleset with vm0 and vm1. I have deployed the aziot libs on vm1 - which is being configured as the edge gateway. Also have an active support tkt - for live debugging.
@purvit - I had a typo in my repro attempt that caused messages from the downstream device to bypass the gateway device and go directly to IoT Hub. Once I fixed it, I was able to repro the issue you’ve reported against iotedge v1.2. Thanks for reporting this. We’ll start working on a fix.