Azure IoT Device Offline Commands Issue - azure-iot-central

I have an Azure IoT Device in an IoT Central application.
We don't want it to execute offline commands. Is there any way to switch off this offline commands execution capability.

Based on my test (sync command), the behavior of executing "offline command" is working well. In the case, when the device is disconnected from Azure IoT Central App, the error Not Found is returned back after 30 seconds, see my example:
{
"error": {
"code": "NotFound",
"message": "Could not connect to device in order to send command. You can contact support at https://aka.ms/iotcentral-support. Please include the following information. Request ID: cic9xs38, Time: Sun, 09 Aug 2020 05:08:00 GMT.",
"requestId": "cic9xs38",
"time": "Sun, 09 Aug 2020 05:08:00 GMT"
}
}
and the following screen snippet shows a command history in the IoT Central App:
Note, that in the present version there is no feature such as re-executing (retrying) a sync or async command on the re-connected device. If the device is not connected, the command is completed with a failed status = NotFound, in other words, the command is invoking in the sync manner, see more details here.

Related

Azure IoT Central - Query for device group failing on creation

I'm trying to create device groups to eventually create a Job with this particular device group to send a reboot command to all the devices in it. I'm using the IoT Central API REST for this with the URL looking like this (which is how it is on their documentation): PUT https://{subdomain}.{baseDomain}/api/deviceGroups/{uuidCreatedByMe}?api-version=2022-07-31
The body on the request looks something like this:
{
description: `Pulses' group to be rebooted, created at ${DateTime.now().toISO()}`,
displayName: `Reboot group ${deviceGroupId}`,
filter: query,
}
And the query is very similar to this
SELECT * FROM devices WHERE $template = "templateId" AND $id IN ["deviceId1", "deviceId2"]
But for some reason, when I send the request, it responds with an error:
Request failed with status 500 and error: {
"code": "InternalServerError",
"message": "Something went wrong on our end. Please try again. You can contact support at https://aka.ms/iotcentral-support. Please include the following information. Request ID: requestId, Time: Tue, 06 Sep 2015 477:10:01 GMT.",
"requestId": "requestId",
"time": "Tue, 06 Sep 2022 16:10:01 GMT"
}
However, when I try to create a Job and get the list of device groups, this brings me all the device groups I have been attempting to create, but it doesn't let me see the number of devices and doesn't allow me to continue creating the Job. And then, I request through the REST API to delete such device group with one of the ids, and it deletes it just fine.
My question would be...
Is this related to the query or what exactly?...
Because according to their documentation this is a valid query
I can confirm that it is not supported yet, try to use ($id= '' OR $id = '') to work around now.

ECONNREFUSED when attempting to POST to emulator from within local Docker container

TLDR:
Can't post to local Cosmos Emulator. Can post to Azure Cosmos, but not with #azure/cosmos-sign, only with #azure/cosmos (which seems utterly bizare as the latter is supposedly built upon the former.) This is not ideal (as the message signing portion alone is very lightweight with REST API directly). Bug, or user error? Why do the instructions for enabling networking/https not seem to work?
Details:
I have a Node.js based app, and am using the Azure/cosmos-sign package to generate the correct headers via the generateHeaders method to save a JSON object in the local Cosmos Emulator.
Upon trying to post from the Node app to the URI provided in the Emulator Quickstart (https://localhost:8081), the error returned is...
Error: connect ECONNREFUSED 127.0.0.1:8081 : https://localhost:8081
As per these instructions...
Enable access to emulator on a local network
If you have multiple machines using a single network, and if you set
up the emulator on one machine and want to access it from other
machine. In such case, you need to enable access to the emulator on a
local network.
You can run the emulator on a local network. To enable network access,
specify the /AllowNetworkAccess option at the command-line, which
also requires that you specify /Key=key_string or
/KeyFile=file_name. You can use /GenKeyFile=file_name to generate
a file with a random key upfront. Then you can pass that to
/KeyFile=file_name or /Key=contents_of_file.
To enable network access for the first time, the user should shut down
the emulator and delete the emulator's data directory
%LOCALAPPDATA%\CosmosDBEmulator.
-https://learn.microsoft.com/en-us/azure/cosmos-db/local-emulator?tabs=cli%2Cssl-netstd21#enable-access-to-emulator-on-a-local-network
...I thought perhaps I needed to enable the networking functionality. It is all on the same (Windows) host (with the Node.js application running in Docker on the same host as the Emulator is installed). But this caused more problems with no benefit. With the generated key, I can load the included UI for managing the local emulator instance, but I then can't create Databases or Containers (without resetting the emulator and starting it again normally, eg: without the AllowNetworkAccess and related settings).
Attempting to use the included Explorer to create a Database returns...
Error while creating database SampleDb:
{
"code": 401,
"body": {
"code": "Unauthorized",
"message": "The input authorization token can't serve the request. Please check that the expected payload is built as per the protocol, and check the key being used. Server used the following payload to sign: 'post\ndbs\n\nmon, 29 mar 2021 23:33:45 gmt\n\n'\r\nActivityId: 29e4e700-d1b7-4d59-bdea-5931e4d6622d, Microsoft.Azure.Documents.Common/2.11.0"
},
"headers": {
"access-control-allow-credentials": "true",
"access-control-allow-origin": "https://localhost:8081",
"access-control-expose-headers": "Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Content-Type,x-ms-activity-id,x-ms-gatewayversion",
"content-type": "application/json",
"date": "Mon, 29 Mar 2021 23:33:45 GMT",
"server": "Microsoft-HTTPAPI/2.0",
"x-firefox-spdy": "h2",
"x-ms-activity-id": "29e4e700-d1b7-4d59-bdea-5931e4d6622d",
"x-ms-gatewayversion": "version=2.11.0",
"x-ms-throttle-retry-count": 0,
"x-ms-throttle-retry-wait-time-ms": 0
},
"activityId": "29e4e700-d1b7-4d59-bdea-5931e4d6622d"
}
I did see this somewhat similar SO question, but it was abandoned.
This one, however seems to imply they simply reverted the KeyFile steps mentioned in the MS Docs. It seems odd that I am getting the same error from the Node.js POST regardless of if I use the AllowNetworkAccess switch or not.
Using the /NoFirewall switch as recommended here didnt resolve POSTs but did allow the Explorer UI to still work properly. The upvoted answer for that question is what I have already tried (/AllowNetworkAccess /KeyFile=...., and is not working, as explained above).
The docs here indicate that TLS (https) is in fact required...
"The Azure Cosmos DB Emulator supports only secure communication via TLS"
However, here they seem to indicate that, in the Node SDK (which relies on the same cosmos-sign library I am using)...
"TLS verification is disabled. By default the Node.js SDK(version 1.10.1 or higher) for the SQL API will not try to use the TLS/SSL certificate when connecting to the local emulator."
I tried adjusting the start script for my Node Docker image as suggested here...
If connecting to the Cosmos DB Emulator, disable TLS verification
for your node process:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
const client = new CosmosClient({ endpoint, key });
...and changed the start script in my package.json from...
"start": "node $NODE_OPTIONS node_modules...."
...to...
"start": "NODE_TLS_REJECT_UNAUTHORIZED=0 node $NODE_OPTIONS node_modules...."
...and rebuilt my images, but still receive the same ECONNREFUSED error from the Node client/app.
As I was reading the documentation for the REST API I was reminded that, as opposed to using the CosmosClient (which just needs the base URL), to do a post to the API the url needs to be fully formed as indicated here...
Method: POST
Request URI: https://{databaseaccount}.documents.azure.com/dbs/{db-id}/colls/{coll-id}/docs
Description: The {databaseaccount} is the name of the Azure Cosmos DB account created under your subscription. The {db-id} value is the
user generated name/ID of the database, not the system generated ID
(rid). The {coll-id} value is the name of the collection that contains
the document.
After appending /dbs/SampleDB/colls/SampleCollection/docs (yes, my entities are CamelCase) to the base url offered by the Emulator UI's Quickstart URI (https://localhost:8081)... I am still getting the ECONNREFUSED error to http posts.
Hmm... retargeted the Node app to point to a collection in my Azure Cosmos DB, and I am still having no luck.
400: Invalid API version. Ensure a valid x-ms-version header value is
passed. Please update to the latest version of Azure Cosmos DB
SDK.ActivityId: bfdeb339-8fef-4ba9-a03d-444a8664c02b,
Microsoft.Azure.Documents.Common/2.11.0
Added x-ms-version and set it to 2018-12-31 (latest, as per here).
Now I am getting (after trying both my secondary, and primary keys... just in case)...
401: The input authorization token can't serve the request. Please
check that the expected payload is built as per the protocol, and
check the key being used. Server used the following payload to sign:
'postdocsdbs/TopHand/colls/SampleTbltue, 30 mar 2021 02:54:25
gmt'ActivityId: bb258bb4-f5a8-4495-b0b5-b54fa8b7c46f,
Microsoft.Azure.Documents.Common/2.11.0
I verified that the required headers are all present. What can possibly be left?!
Base URI for Azure Cosmos had a trailing /, which ended up duplicated when the rest of the path was appended. Fixing the url string, still getting the 401.
A github issue pointed me to what may have been an error in the URL/REST path I was posting to. Rather than posting to (what I had previously)...
dbs/SampleDb/colls/SampleTbl/docs
...I changed it to...
dbs/SampleDb/colls/SampleTbl
...and am now getting error 405, MethodNotAllowed, RequestHandler.Post. 405 isn't listed as code returned by the Cosmos REST service.
This example in the MS docs definitely uses the /docs string at the end of the url/REST path.
Example
POST https://querydemo.documents.azure.com/dbs/1KtjAA==/colls/1KtjAImkcgw=/docs HTTP/1.1
x-ms-documentdb-partitionkey: ["Andersen"]
x-ms-date: Tue, 29 Mar 2016 02:28:29 GMT
authorization: type%3dmaster%26ver%3d1.0%26sig%3d92WMAkQv0Zu35zpKZD%2bcGSH%2b2SXd8HGxHIvJgxhO6%2fs%3d
Cache-Control: no-cache
User-Agent: Microsoft.Azure.Documents.Client/1.6.0.0
x-ms-version: 2015-12-16
Accept: application/json
Host: querydemo.documents.azure.com
Cookie: x-ms-session-token#0=602; x-ms-session-token=602
Content-Length: 344
Expect: 100-continue
{
"id": "AndersenFamily",
"LastName": "Andersen",
}
I contacted MS support and was giving some info that unblocked me (but doesn't entirely address the issues noted above).
For my own use-case, simply setting a key and allowing network access to the emulator was sufficient.
Note: This doesn't address the issues of the Emulator's Data Explorer becoming nonfunctional.
The feedback I received from the support personnel in regard to using the command line switches disabling the UI was...
By changing the key to something other than default one, you also
protect your emulator data from being seen via the Data Explorer.
Apparently the key alone isn't enough to protect the data, and disabling the UI is a "feature".
Solution: Simply executing...
.\Microsoft.Azure.Cosmos.Emulator.exe /AllowNetworkAccess /Key={insert your base64 encoded 64+ character string}
...allowed network access to systems on the same host as the emulator. This avoided all the certificate/key generation/importing/etc headache.
You must connect to the non-loopback IP of the host the emulator is running on to connect to it (writes/reads/etc).

Problem with DocuSign Signature appliances DSA Rest Examples

I want to integrate automatic digital signature capabilities in my application. I signed-up for DocuSign sandbox account and tried to build and run example code from https://github.com/docusign/docusign-signature-appliance-api-recipes/tree/master/dsa-rest/Hello-World-examples
While running java hello-world example I am getting error as
Feb 09, 2021 9:01:00 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (java.net.SocketException) caught when processing request to {s}->https://prime-dsa-devctr.docusign.net:8081: Connection reset by peer: socket write error
Feb 09, 2021 9:01:00 AM org.apache.http.impl.execchain.RetryExec execute
I tried running C# code also , but get similar error in calling REST Endpoint "https://prime-dsa-devctr.docusign.net:8081/sapiws/v1/digital_signature"
The underlying connection was closed: An unexpected error occurred on a receive
am I missing something here? I tried changing user credential used in code, but still error does not change.
Update: the issue should be resolved now.
The DSA team is working on this, this is not your issue. It's down at least when I'm typing this answer. I'll update it as soon as it's back up.

Azure IoT SDK C: Error 401 when connecting to Blob Storage

OS and version used: Ubuntu 18.04
SDK version used: Release Dec. 13, 2018
Target: ESP32.
Description of the issue:
I am trying to connect the ESP32 to my Blob storage. I am getting an HTTP error 401 (unauthorized access).
I am using the example: iothub_client_sample_upload_to_blob_mb.
I tried connecting using just the Shared Access Key in my connection string, but this did not work (no connection). After that I generated an SAS token in Azure (Storage Accounts -> -> Shared Access Signature) and plugged that in into my connection string.
My connection string looks like this:
static const char* connectionString = "HostName=<Host name>;DeviceId=<Device ID>;SharedAccessSignature=<inserted here without the "?" at the beginning>";
Q1: Why is there a "?" in front of the token? When I look at the connection string, at SharedAccessSignature=.. I don't see the "?".
I also set up the Endpoint in Azure under IoT Hub -> Upload files.
In the example, I am using the option SET_TRUSTED_CERT_IN_SAMPLES.
Q2: What does that mean? I am not so familiar with basic encryption and should probably read up on that.
Q3: Why am I getting an 401 error? What could be a possible solution?
Log:
Initializing SNTP
ESP platform sntp inited!
Time is not set yet. Connecting to WiFi and getting time over NTP. timeinfo.tm_year:70
Waiting for system time to be set... tm_year:0[times:1]
Starting the IoTHub client sample upload to blob with multiple blocks...
Info: Waiting for TLS connection
Info: Waiting for TLS connection
Info: Waiting for TLS connection
Info: Waiting for TLS connection
Error: Time:Thu Jan 17 22:06:00 2019 File:/home/julian/eclipse-workspace/chaze-esp32/components/esp-azure/azure-iot-sdk-c/iothub_client/src/iothub_client_ll_uploadtoblob.c Func:send_http_request Line:142 HTTP code was 401
Error: Time:Thu Jan 17 22:06:00 2019 File:/home/julian/eclipse-workspace/chaze-esp32/components/esp-azure/azure-iot-sdk-c/iothub_client/src/iothub_client_ll_uploadtoblob.c Func:IoTHubClient_LL_UploadToBlob_step1and2 Line:494 unable to HTTPAPIEX_ExecuteRequest
Error: Time:Thu Jan 17 22:06:00 2019 File:/home/julian/eclipse-workspace/chaze-esp32/components/esp-azure/azure-iot-sdk-c/iothub_client/src/iothub_client_ll_uploadtoblob.c Func:IoTHubClient_LL_UploadMultipleBlocksToBlob_Impl Line:768 error in IoTHubClient_LL_UploadToBlob_step1
Received unexpected result FILE_UPLOAD_ERROR
hello world failed to upload
Press any key to continue
Here is the link to the GitHub Repo.
The example can be found here.
I generated an SAS token in Azure (Storage Accounts -> -> Shared Access Signature) and plugged that in into my connection string. My connection string looks like this:
static const char* connectionString = "HostName=<Host name>;DeviceId=<DeviceID>;SharedAccessSignature=<inserted here without the "?" at the beginning>";
Q1: Why is there a "?" in front of the token? When I look at the connection string, at SharedAccessSignature=.. I don't see the "?".
After registering a device on IoTHub you will need to retrieve it's connection string to use on this example. See here an example on how to register and retrieve the connection string from a device on IoTHub.
I also set up the Endpoint in Azure under IoT Hub -> Upload files. In the example, I am using the option SET_TRUSTED_CERT_IN_SAMPLES.
Q2: What does that mean? I am not so familiar with basic encryption and should probably read up on that.
That Flag is used when compiling the SDK for your device. See the CMake File:
#Conditionally use the SDK trusted certs in the samples
if(${use_sample_trusted_cert})
add_definitions(-DSET_TRUSTED_CERT_IN_SAMPLES)
include_directories(${PROJECT_SOURCE_DIR}/certs)
set(iothub_client_sample_upload_to_blob_mb_c_files ${iothub_client_sample_upload_to_blob_mb_c_files} ${PROJECT_SOURCE_DIR}/certs/certs.c)
endif()
Q3: Why am I getting an 401 error? What could be a possible solution?
Make sure you configure file upload on Azure IoTHub correctly - https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-file-upload and use the correct connection string on the sample. Also leverage the ESP8266 sample that should have similar steps as the ESP32 configuration.
To get rid of the 401 error: Use MSFT Baltimore certificate in the code.
To get rid of the panic on the ESP: Look at this GitHub issue.

Azure Machine Learning Workbench hangs while creating new project

I was trying Azure Machine Learning Services following this tutorial (Link). After successfully creating the Azure Machine Learning services accounts, I successfully installed the Workbench on my Windows 10 Laptop (Behind Proxy; Proxy has been configured at the WorkBench). Next, I was trying to create project following this section (Link). Once I click on the Create button, it goes to "Creating" state and stays there for ever. The errors displayed at Errors.log is the following. Any suggestion will be appreciated.
[2018-07-09 09:47:08.437] [ERROR] HttpService - {"event":"HttpService","task":"Failed","data":{"url":"http://localhost:54240/projects/v1.0/create/template","status":500,"statusText":"INKApi Error","jsonError":null,"requestId":null,"sessionType":"Workbench"},"sid":"365395c0-832b-11e8-b4ce-e5d7046c6143"}
[2018-07-09 09:47:08.960] [ERROR] CreateProjectForm - {"event":"CreateProject","task":"Error","data":{"_body":null,"status":500,"ok":false,"statusText":"INKApi Error","headers":{"Date":["Mon"," 09 Jul 2018 04:17:06 GMT"],"Via":["1.1 localhost.localdomain"],"Proxy-Connection":["close"],"Content-Length":["0"],"Content-Type":["text/html"]},"type":2,"url":"http://localhost:54240/projects/v1.0/create/template"},"sid":"365395c0-832b-11e8-b4ce-e5d7046c6143"}
[2018-07-09 09:47:08.963] [FATAL] ExceptionLogger - {"event":"exception","task":"","data":{"message":"Cannot read property 'error' of null","name":"TypeError","stack":"TypeError: Cannot read property 'error' of null\n at SafeSubscriber._error (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:61476:58)\n at SafeSubscriber.__tryOrUnsub (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:212279:20)\n at SafeSubscriber.error (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:212241:30)\n at Subscriber._error (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:212172:30)\n at Subscriber.error (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:212146:22)\n at MergeMapSubscriber.OuterSubscriber.notifyError (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:210968:30)\n at InnerSubscriber._error (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:211072:25)\n at InnerSubscriber.Subscriber.error (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:212146:22)\n at DeferSubscriber.OuterSubscriber.notifyError (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:210968:30)\n at InnerSubscriber._error (file:///C:/Users/MyUser/AppData/Local/AmlWorkbench/resources/app.asar/src/App/main.bundle.js:211072:25)"},"sid":"365395c0-832b-11e8-b4ce-e5d7046c6143"}
It was happening because of the Proxy (although I have configured the Proxy on the Workbench). When I am connected to internet directly, everything works fine (Able to create project, train, compare models etc). However the Workbench should return meaningful error instead of hanging or simply waiting while creating the project.

Resources