Asset Tracker MQTT Error -116

Hey,

It looks like a certificate/key issue, as the device attempts to use PSK for TLS, which does not work. You should ensure that the device certificate and key are written to the correct entries in The Certificate manager, according to https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/libraries/networking/azure_iot_hub.html#azure-iot-hub-flash-certs.

You could also delete the PSK entries on the relevant sec tag.

Hey,

It looks like a certificate/key issue, as the device attempts to use PSK for TLS, which does not work. You should ensure that the device certificate and key are written to the correct entries in The Certificate manager, according to https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/libraries/networking/azure_iot_hub.html#azure-iot-hub-flash-certs.

You could also delete the PSK entries on the relevant sec tag.

Hi,

Thanks for the reply. This difference in the timezone is killing me

Does this mean we can use PSK on Azure IoT hub instead a certificate? That would certainly make life much easier for development / testing at least.

 ibiglari No, it's the other way around. PSK can not be used for Azure IoT Hub.
But in the modem trace that you provided, the modem attempts to use PSK for the TLS handshake. The server denies that request, and that is the reason for the error that you see.

When the modem attempts to use PSK, it is an indication that certificates and private key have not been correctly provisioned to the modem. Please make sure that the device certificate and private key are added to the correct fields in the Certificate manager. In addition, you can delete the PSK entries in the sec tag that you use.

You can check which entries exist on a sec tag by sending the AT command AT%CMNG=1.

Note that you can view the trace that you capture in Wireshark, either by using the Trace Collector v2 or the Cellular Monitor Preview application in nRF Connect  for desktop. You can then inspect the TLS handshake and see what's going on. In this case, it's visible in the Client hello message from the device that it requests to use PSK cipher suites, which the server immediately denies.

OK that makes sense.

I made progress by importing both Azure root certificates and device certificate in two tags like this:

This made azure_iot_hub sample work. However, asset tracker v2 seems to ignore CONFIG_AZURE_IOT_HUB_DEVICE_ID and use IMEI instead, which made life a little more difficult as I had to generate a new certificate.

Happy to hear you're making progress with the credentials.

Regaring Asset Tracker v2, the following two configurations can be used to control the device ID at compile time:
CONFIG_CLOUD_CLIENT_ID_USE_CUSTOM=y
CONFIG_CLOUD_CLIENT_ID="<your device ID>"

Last question... What's the structure of the JSON message to change device's configuration? Would this work?

"cfg": {
    "loct": 60,
    "act": true,
    "actwt": 60,
    "mvres": 60,
    "mvt": 3600,
    "accath": 10.5,
    "accith": 5.2,
    "accito": 1.7,
    "nod": []
  }