• State Not Answered
  • Replies 6 replies
  • Subscribers 87 subscribers
  • Views 294 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 356254
Options

nRF Cloud provisioning stuck - Server Certificate failed, Client Certificate pending

pearcestephen

Device UUID: 50343959-3733-433f-80d9-161fa7776bfc

IMEI: 359404230238199

Hardware: Thingy:91X with nRF9151, modem firmware mfw_nrf91x1_2.0.4

Issue: Device provisioning is stuck in an invalid state. The provisioning sequence shows:

  • Cloud Access Key Generation: Succeeded
  • Server Certificate: Failed
  • Client Certificate: Pending (never completes)

When running the nrf_provisioning sample, we get:

<err> nrf_provisioning_http: Bad request
<err> nrf_provisioning: Invalid exchange

We manually wrote the Amazon Root CA 1 to sec_tag 16842753 via AT command, but the provisioning service still returns "Bad request" and won't proceed.

Request: Please reset the provisioning state for this device on the nRF Cloud backend so we can start fresh.

Parents
  • 0

    Hi,

    I've exhausted all device-side and self-service options. The device does not appear in:

    • Security Services → Claimed Devices
    • Security Services → Provisioning

    Device Identifiers:

    • UUID: 50343959-3733-433f-80d9-161fa7776bfc
    • IMEI: 359404230238199

    What I've tried:

    • Full J-Link recover (west flash --recover)
    • Wiped credentials via AT%CMNG commands on sec_tag 16842753
    • Manually wrote Amazon Root CA 1
    • Ran nrf_provisioning sample (returns "Bad request" / "Invalid exchange")
    • AT%ATTESTTOKEN returns a token, but I have nowhere to use it since the device isn't in Claimed Devices

    Current state:

    • Device boots and runs firmware normally
    • LTE connects successfully (CEREG: 5)
    • MQTT connection to mqtt.nrfcloud.com:45858 fails with error -111 (connection refused)

    The provisioning state for this device appears to be stuck/corrupted on the nRF Cloud backend in a way that isn't exposed through the portal.

    Request: Please manually delete all provisioning records, certificates, and device state associated with UUID 50343959-3733-433f-80d9-161fa7776bfc so I can provision fresh.

    Thank you.

Reply
  • 0

    Hi,

    I've exhausted all device-side and self-service options. The device does not appear in:

    • Security Services → Claimed Devices
    • Security Services → Provisioning

    Device Identifiers:

    • UUID: 50343959-3733-433f-80d9-161fa7776bfc
    • IMEI: 359404230238199

    What I've tried:

    • Full J-Link recover (west flash --recover)
    • Wiped credentials via AT%CMNG commands on sec_tag 16842753
    • Manually wrote Amazon Root CA 1
    • Ran nrf_provisioning sample (returns "Bad request" / "Invalid exchange")
    • AT%ATTESTTOKEN returns a token, but I have nowhere to use it since the device isn't in Claimed Devices

    Current state:

    • Device boots and runs firmware normally
    • LTE connects successfully (CEREG: 5)
    • MQTT connection to mqtt.nrfcloud.com:45858 fails with error -111 (connection refused)

    The provisioning state for this device appears to be stuck/corrupted on the nRF Cloud backend in a way that isn't exposed through the portal.

    Request: Please manually delete all provisioning records, certificates, and device state associated with UUID 50343959-3733-433f-80d9-161fa7776bfc so I can provision fresh.

    Thank you.

Children
  • 0 in reply to pearcestephen
    pearcestephen said:
    AT%ATTESTTOKEN returns a token, but I have nowhere to use it since the device isn't in Claimed Devices

    Hi,

    Attestation token is used to claim the device. Have you tried to claiming from the Security Services → Claimed Devices?
    * Click the Claim Device button.
    * Copy and paste the attestation token into the Claim token text box.

    BR,
    Juha

  • 0 in reply to Juha Y

    I have been unable to get an attestation token. I can load my own app and anything from samples including AT but that command to get the token simply never returns anything. But then I said all this in my e-mail above so please could you look at the last line Request and tell me whether you can actually do that because literally everything else was already tried.  For completeness here is the request again:

    Request: Please manually delete all provisioning records, certificates, and device state associated with UUID 50343959-3733-433f-80d9-161fa7776bfc so I can provision fresh.

  • 0 in reply to pearcestephen

    You can also get attestation token when running nrf_provisioning sample. Just enter command nrf_provisioning token to serial terminal.

    Have you tried to use the REST API to unclaim the device? This will delete all provisioning related states and commands from the server. Below is an example for linux. You need to add the nRFCloud API_KEY from your User Account (Don't expose the key here)

    export API_HOST=https://api.provisioning.nrfcloud.com
export DEV_UUID=50343959-3733-433f-80d9-161fa7776bfc
export API_KEY=

curl -X DELETE $API_HOST/v1/claimed-devices/$DEV_UUID -H "Authorization: Bearer $API_KEY"

    Link to the API document https://api.provisioning.nrfcloud.com/v1/

    BR,

    Juha

Related
Terms of service