How to reset DPS connection to Azure IoT hub?

Question

Hello We have an issue using the Azure DPS in the azure_iot_hub demo. What we did so far - Setup the Azure IoT Hub Device Provisioning Service (DPS) on our Azure portal - Linked this DPS to our (existing) IoT Hub - defined enrollments (everything is based on X.509 certificates) - we configured the DPS settings in prj.conf CONFIG_AZURE_IOT_HUB_DPS=y
CONFIG_AZURE_IOT_HUB_DPS_ID_SCOPE="xxxxxxxxxxx" 
CONFIG_AZURE_IOT_HUB_DPS_REG_ID="myDpsDevice"
CONFIG_AZURE_IOT_HUB_DPS_HOSTNAME="Xyz.azure-devices-provisioning.net" 
 * the "xxxxxxxxxxx" is a place holder for the real ID Scope provided by our DPS on Azure. the same with the "Xyz" preabmle for the host name What happened The first time run the sample, DPS worked and our device was connected to our IoT hub. From now on our device directly connects to the hub after restarting the sample. (But the initial DPS only worked when giving our device the device name of the already existing "old" device ("xyzDevice01") on our IoT Hub. Our understanding was, that our device should get a "new" device name from the IoT hub). Our issue To be able to continue with our tests, we have to be able to reset the DPS connection to our hub. We found that there is a function called azure_iot_hub_dps_reset() to do this job. We placed this function just before calling azure_iot_hub_dps_init() . The azure_iot_hub_dps_reset function runs without error but later calling azure_iot_hub_dps_start() gives err -120 as result ( "Already assigned to an IoT hub, skipping DPS" ). Our first analysis azure_iot_hub_dps_reset() calls azure_iot_hub_dps_hostname_delete() and azure_iot_hub_dps_device_id_delete() . As far as we understand, these functions should delete DPS related entries in the persistent memory. But they do not. Both ( settings_delete() ) function calls are returning with err -2 ( "No hostname/device ID was stored" ). But the azure_iot_hub_dps_init() function loads the persistent data again back to the local dps_reg_ctx structure, even if settings_delete() returned with err -2 . This latert results in err -120. What are we doing wrong? How can we reset an existing DPS "binding" to our Azure IoT hub? Regards Michael

Charlie · Accepted Answer

Hi, 
 
 We found that there is a function called azure_iot_hub_dps_reset() to do this job. We placed this function just before calling azure_iot_hub_dps_init() . 
 This is expected to not have the desired effect because the settings subsystem is initialized by azure_iot_hub_dps_init() . The APIs need to be called in the opposite order, always by initializing first. Our library had a wrong assumption in the azure_iot_hub_dps_reset() code with regards to -ENOENT being returned by settings_delete() and hence returned success in this case. This is fixed (and explained in more detail) in https://github.com/nrfconnect/sdk-nrf/pull/11588 . So in this case, azure_iot_hub_dps_reset() wrongly returned 0 , while it should have returned an error because there was not even made an attempt to delete it from flash. 
 Our understanding was, that our device should get a "new" device name from the IoT hub). 
 This is true, but it is also a bit tricky as the device ID has to match the subject name in the device certificate which is used to make the connection to DPS in the first place. You can enable modem traces and take a look at the TLS connection in Wireshark using the nRF Connect for Desktop application Cellular Monitor and see what happens if you use a random device ID to connect to DPS. Then I would expect the TLS handshake to be successful but the server to close the connection after the device sends the MQTT connect message with an ID that does not match the common name in the device certificate. 
 Best regards, 
 Charlie

How to reset DPS connection to Azure IoT hub?

Top Replies