• State Not Answered
  • Replies 4 replies
  • Subscribers 85 subscribers
  • Views 2447 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 222569
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Can't connect to third-party peripheral - BLE_HCI_CONN_FAILED_TO_BE_ESTABLISHED

Andy

Hello,

I'm having issues trying to connect to a third-party peripheral (called iTag from now on).

I have an NRF52832-based device running as a central. My device is running on SDK15, SD 6.0.0.

I can connect to several other third-party peripherals without issues, it's just this one that's giving me problems.

My device scans for the iTag and "connects" successfully to it (i.e. I get the GAP_EVT_CONNECTED). I know that this event just means that the connection request has been sent and that the connection is not necessarily established until the iTag replies. Since apparently this does not happen, I get a disconnection with reason BLE_HCI_CONN_FAILED_TO_BE_ESTABLISHED after a while.

I sniffed the connection and I can see my device sending CONNECT_REQ once and then 5 empty PDUs. After that, the iTag starts advertising again.

Both Android and iOS devices can connect to this iTag without any issues. I tested on phones that support BLE 5.0 just to be sure.

The only difference I see in the sniffed packets is that the CONNECT_REQ of my device has the ChSel bit set to 1. Both the Android phone's and the iPhone X's CONNECT_REQs have it set to 0, even though they support BLE 5.0.

Every thread I've read so far explains that this behavior is attributed to noisy environments, clock issues or filter policies, but I don't think any of those things are the issue. I think the iTag does receive the CONNECT_REQ, since it stops advertising.

Any ideas why this could be happening? My guess is that the iTag doesn't handle the ChSel stuff properly. Is it possible to disable that in the SoftDevice somehow? I know that setting it to 1 is part of the spec, but it's giving me compatibility issues.

I attached the sniffed logs below:

Fullscreen Connection request NRF52.txt Download 
No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     16 11.984   ff:ff:c0:18:01:83     LE 1M      LE LL    20         640                                                            0             ADV_IND

Frame 16: 46 bytes on wire (368 bits), 46 bytes captured (368 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x8e89bed6
    Packet Header: 0x1400 (PDU Type: ADV_IND, ChSel: #1, TxAdd: Public)
        .... 0000 = PDU Type: ADV_IND (0x0)
        ...0 .... = RFU: 0
        ..0. .... = Channel Selection Algorithm: #1
        .0.. .... = Tx Address: Public
        0... .... = Reserved: False
        Length: 20
    Advertising Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)
    Advertising Data
    CRC: 0xdd16e2

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     17 11.984   c4:af:a8:f2:1a:8f     LE 1M      LE LL    34         150                                                            0             CONNECT_REQ

Frame 17: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x8e89bed6
    Packet Header: 0x2265 (PDU Type: CONNECT_REQ, ChSel: #2, TxAdd: Random, RxAdd: Public)
        .... 0101 = PDU Type: CONNECT_REQ (0x5)
        ...0 .... = RFU: 0
        ..1. .... = Channel Selection Algorithm: #2
        .1.. .... = Tx Address: Random
        0... .... = Rx Address: Public
        Length: 34
    Initator Address: c4:af:a8:f2:1a:8f (c4:af:a8:f2:1a:8f)
    Advertising Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)
    Link Layer Data
        Access Address: 0x1b67ed37
        CRC Init: 0x2a1b2a
        Window Size: 5 (6.25 msec)
        Window Offset: 2400 (3000 msec)
        Interval: 2400 (3000 msec)
        Latency: 2
        Timeout: 2000 (20000 msec)
        Channel Map: ffffffff1f
            .... ...1 = RF Channel 1 (2404 MHz - Data - 0): True
            .... ..1. = RF Channel 2 (2406 MHz - Data - 1): True
            .... .1.. = RF Channel 3 (2408 MHz - Data - 2): True
            .... 1... = RF Channel 4 (2410 MHz - Data - 3): True
            ...1 .... = RF Channel 5 (2412 MHz - Data - 4): True
            ..1. .... = RF Channel 6 (2414 MHz - Data - 5): True
            .1.. .... = RF Channel 7 (2416 MHz - Data - 6): True
            1... .... = RF Channel 8 (2418 MHz - Data - 7): True
            .... ...1 = RF Channel 9 (2420 MHz - Data - 8): True
            .... ..1. = RF Channel 10 (2422 MHz - Data - 9): True
            .... .1.. = RF Channel 11 (2424 MHz - Data - 10): True
            .... 1... = RF Channel 13 (2428 MHz - Data - 11): True
            ...1 .... = RF Channel 14 (2430 MHz - Data - 12): True
            ..1. .... = RF Channel 15 (2432 MHz - Data - 13): True
            .1.. .... = RF Channel 16 (2434 MHz - Data - 14): True
            1... .... = RF Channel 17 (2436 MHz - Data - 15): True
            .... ...1 = RF Channel 18 (2438 MHz - Data - 16): True
            .... ..1. = RF Channel 19 (2440 MHz - Data - 17): True
            .... .1.. = RF Channel 20 (2442 MHz - Data - 18): True
            .... 1... = RF Channel 21 (2444 MHz - Data - 19): True
            ...1 .... = RF Channel 22 (2446 MHz - Data - 20): True
            ..1. .... = RF Channel 23 (2448 MHz - Data - 21): True
            .1.. .... = RF Channel 24 (2450 MHz - Data - 22): True
            1... .... = RF Channel 25 (2452 MHz - Data - 23): True
            .... ...1 = RF Channel 26 (2454 MHz - Data - 24): True
            .... ..1. = RF Channel 27 (2456 MHz - Data - 25): True
            .... .1.. = RF Channel 28 (2458 MHz - Data - 26): True
            .... 1... = RF Channel 29 (2460 MHz - Data - 27): True
            ...1 .... = RF Channel 30 (2462 MHz - Data - 28): True
            ..1. .... = RF Channel 31 (2464 MHz - Data - 29): True
            .1.. .... = RF Channel 32 (2466 MHz - Data - 30): True
            1... .... = RF Channel 33 (2468 MHz - Data - 31): True
            .... ...1 = RF Channel 34 (2470 MHz - Data - 32): True
            .... ..1. = RF Channel 35 (2472 MHz - Data - 33): True
            .... .1.. = RF Channel 36 (2474 MHz - Data - 34): True
            .... 1... = RF Channel 37 (2476 MHz - Data - 35): True
            ...1 .... = RF Channel 38 (2478 MHz - Data - 36): True
            ..0. .... = RF Channel 0 (2402 MHz - Reserved for Advertising - 37): False
            .0.. .... = RF Channel 12 (2426 MHz - Reserved for Advertising - 38): False
            0... .... = RF Channel 39 (2480 MHz - Reserved for Advertising - 39): False
        ...0 1111 = Hop: 15
        101. .... = Sleep Clock Accuracy: 31 ppm to 50 ppm (5)
    CRC: 0xbdd292

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     18 15.029   Master_0x1b67ed37     LE 1M      LE LL    0          3001204                       0          0          False      0             Empty PDU

Frame 18: 26 bytes on wire (208 bits), 26 bytes captured (208 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x1b67ed37
    [Master Address: c4:af:a8:f2:1a:8f (c4:af:a8:f2:1a:8f)]
    [Slave Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)]
    Data Header: 0x0001
    CRC: 0xf2d968

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     19 18.013   Master_0x1b67ed37     LE 1M      LE LL    0          2999873                       0          0          False      1             Empty PDU

Frame 19: 26 bytes on wire (208 bits), 26 bytes captured (208 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x1b67ed37
    [Master Address: c4:af:a8:f2:1a:8f (c4:af:a8:f2:1a:8f)]
    [Slave Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)]
    Data Header: 0x0001
    CRC: 0xf2d968

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     20 20.982   Master_0x1b67ed37     LE 1M      LE LL    0          2999874                       0          0          False      2             Empty PDU

Frame 20: 26 bytes on wire (208 bits), 26 bytes captured (208 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x1b67ed37
    [Master Address: c4:af:a8:f2:1a:8f (c4:af:a8:f2:1a:8f)]
    [Slave Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)]
    Data Header: 0x0001
    CRC: 0xf2d968

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     21 23.945   Master_0x1b67ed37     LE 1M      LE LL    0          2999873                       0          0          False      3             Empty PDU

Frame 21: 26 bytes on wire (208 bits), 26 bytes captured (208 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x1b67ed37
    [Master Address: c4:af:a8:f2:1a:8f (c4:af:a8:f2:1a:8f)]
    [Slave Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)]
    Data Header: 0x0001
    CRC: 0xf2d968

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     22 27.005   Master_0x1b67ed37     LE 1M      LE LL    0          2999873                       0          0          False      4             Empty PDU

Frame 22: 26 bytes on wire (208 bits), 26 bytes captured (208 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x1b67ed37
    [Master Address: c4:af:a8:f2:1a:8f (c4:af:a8:f2:1a:8f)]
    [Slave Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)]
    Data Header: 0x0001
    CRC: 0xf2d968

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     23 29.955   Master_0x1b67ed37     LE 1M      LE LL    0          2999874                       0          0          False      5             Empty PDU

Frame 23: 26 bytes on wire (208 bits), 26 bytes captured (208 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x1b67ed37
    [Master Address: c4:af:a8:f2:1a:8f (c4:af:a8:f2:1a:8f)]
    [Slave Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)]
    Data Header: 0x0001
    CRC: 0xf2d968

No.     Time     Source                PHY        Protocol Length     Delta time (µs end to start) SN         NESN       More Data  Event counter Info
     24 51.000   ff:ff:c0:18:01:83     LE 1M      LE LL    20         21010146                                                       0             ADV_IND

Frame 24: 46 bytes on wire (368 bits), 46 bytes captured (368 bits) on interface 0
Nordic BLE Sniffer
Bluetooth Low Energy Link Layer
    Access Address: 0x8e89bed6
    Packet Header: 0x1400 (PDU Type: ADV_IND, ChSel: #1, TxAdd: Public)
        .... 0000 = PDU Type: ADV_IND (0x0)
        ...0 .... = RFU: 0
        ..0. .... = Channel Selection Algorithm: #1
        .0.. .... = Tx Address: Public
        0... .... = Reserved: False
        Length: 20
    Advertising Address: ff:ff:c0:18:01:83 (ff:ff:c0:18:01:83)
    Advertising Data
    CRC: 0xdd16e2

Connection request Android.txt

By the way, I tried connecting to the same iTag using an NRF51822 on SDK12 and the connection seems to work without any issues.

Thanks for your help!

Parents Reply Children
No Data
Related
Terms of service