[Bug Report] ModuleClient.Create throws "A valid module Id should be specified to create a ModuleClient"

[Steve0212a]

Context

Windows 10 Desktop x64 netcoreapp3.1 desktop device

<PackageReference Include="Microsoft.Azure.Devices.Client" Version="1.38" />
<PackageReference Include="Microsoft.Azure.Devices.Provisioning.Transport.Amqp" Version="1.15.0" />
<PackageReference Include="Microsoft.Azure.Devices.Provisioning.Transport.Http" Version="1.14.0" />
<PackageReference Include="Microsoft.Azure.Devices.Provisioning.Transport.Mqtt" Version="1.16.0" />

Description of the issue

I am new to IOT, Edge and DPS. I am attempting to use DPS to create a device client and module client. I have mostly copied the code from https://github.com/Azure-Samples/azure-iot-samples-csharp/blob/master/provisioning/Samples/device/X509Sample/ProvisioningDeviceClientSample.cs (except the creation of the module client).

The device client is successfully created so I do have the certificate / individual enrollment set up correctly. However, the moduleClient fails with the error "A valid module Id should be specified to create a ModuleClient". I do not see an option to specify a module id on ModuleClient.Create(). The ultimate goal is to be able to create a ModuleClient to get module twin configuration for processing.

Code sample exhibiting the issue

            Console.WriteLine($"Loading the certificate...");
            using X509Certificate2 certificate = LoadProvisioningCertificate();
            using var security = new SecurityProviderX509Certificate(certificate);

            Console.WriteLine($"Initializing the device provisioning client...");

            using var transport = GetTransportHandler();
            ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
                "<removed>",
                "<removed>",
                security,
                transport);

            Console.WriteLine($"Initialized for registration Id {security.GetRegistrationID()}.");

            Console.WriteLine("Registering with the device provisioning service... ");
            DeviceRegistrationResult result = await provClient.RegisterAsync();

            Console.WriteLine($"Registration status: {result.Status}.");
            if (result.Status != ProvisioningRegistrationStatusType.Assigned)
            {
                Console.WriteLine($"Registration status did not assign a hub, so exiting this sample.");
                return;
            }

            Console.WriteLine($"Device {result.DeviceId} registered to {result.AssignedHub}.");

            Console.WriteLine("Creating X509 authentication for IoT Hub...");
            IAuthenticationMethod auth = new DeviceAuthenticationWithX509Certificate(
                result.DeviceId,
                certificate);

            Console.WriteLine($"Testing the provisioned device with IoT Hub...");
            _IoTHubDeviceClient = DeviceClient.Create(result.AssignedHub, auth, TransportType.Mqtt);

            // THIS THROWS THE EXCEPTION
            _IoTHubModuleClient = ModuleClient.Create(result.AssignedHub, auth, TransportType.Mqtt);

Console log of the issue

I tried setting the environment variable as the first line of my program, but did not receive any additional console output.

Environment.SetEnvironmentVariable("DEBUG", "*");

[abhipsaMisra]

The authentication method that you supply to the .Create methods are the ones which uniquely identify and authenticate your client instance. For a device identity, you create a DeviceAuthenticationWithX509Certificate instance, supplying it with your device Id and the certification information. You will need to do something similar for your module identity, i.e. create an authentication mechanism that takes in the module Id, the Id of the parent device and the certification information. It looks like currently we do not publish a module authentication with X509 auth mechanism, but you can create one yourself by following the pattern in DeviceAuthenticationWithX509Certificate.

[Steve0212a]

Unfortunately, that did not work. I basically copied the code from https://github.com/Azure/azure-iot-sdk-csharp/blob/master/iothub/device/src/DeviceAuthenticationWithX509Certificate.cs, but I get compile errors. It appears that several of the properties are marked as "internal set". Further, the compiler does not know what "Certificate" or "ChainCertificates" are - am I missing a package?

I don't see how I can work around the internal set issue though...

[abhipsaMisra]

I see, thanks for trying it out. For the internal references, you would need to extract out the authentication negotiation logic from the SDK and add it into your application. Since this is turning out to be a bigger change than simply copying the device authentication logic and adding the module bits, we'll look at adding this type into the library directly.

[Steve0212a]

Could you please give me an idea of timeframe for when this could be released? It seems like a pretty low risk change. I am in the process of doing a proof of concept around Azure IOT with hopes of starting the project next month.

Is there any other way I could make this work other than extracting the authentication negotiation logic from the SDK? Is there a way that once the DeviceClient is connected, to get its connection string where I could just then append the module id to it for the moduleclient constructor?

[Steve0212a]

I tried cloning your repo today and adding the class ModuleAuthenticationWithX509Certificate which is a copy of DeviceAuthenticationWithX509Certificate, but I added module id. I then found I had to modify ClientFactory. Anywhere ClientFactory referenced DeviceAuthenticationWithX509Certificate, I added code to handle ModuleAuthenticationWithX509Certificate too.

Unfortunately, it still did not work. DeviceClient still works, but, now, with ModuleClient, I am getting this exception. Not sure where to go from here.

Microsoft.Azure.Devices.Client.Exceptions.UnauthorizedException
  HResult=0x80131500
  Message=CONNECT failed: RefusedNotAuthorized
  Source=System.Private.CoreLib
  StackTrace:
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.<OpenInternalAsync>d__96.MoveNext() in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\Mqtt\MqttTransportHandler.cs:line 1038

[abhipsaMisra]

Thank you for trying this out from your end. I would have followed the same steps that you did, i.e. add a module authentication type and use it to influence the TLS auth to use the supplied certificates for authentication. With an Unauthorized exception there are a couple of possibilities:

1. The client did not correctly detect this as an X509 authentication based client and tried to authenticate with a sas token - this would have shown up higher in the call stack since you wouldn't have supplied the necessary sas keys to generated a sas token.
2. The client detected this as an X509 based device but did not append the client certificates to the connection request while performing TLS negotiation - will need to inspect that all required certificates are supplied during the channel factory creation (over tcp and over websockets).
3. If the client is correctly sending all required certificate information then we'll need to track the request from the service end and check why service rejected the request.

If you can confirm that (1) and (2) are as expected, then I'd recommend reaching out to the service team and having them check the behavior.

We are planning to officially support ModuleAuthenticationWithX509Certificate in the future, but unfortunately there isn't a timeline that I can share at the moment. Let me know if you have any further questions, or if there is anything else we can help with.

[Steve0212a]

As far as I can tell, it appears to be using the certificate. I would like to get logging to the console working. Any idea why it is not? Per the instructions for creating this ticket, you need to set the environment variable DEBUG to '*' which I have done on the first line of my app, but Log.IsEnabled() returns false. How can I get that working to maybe see what I am missing?

[abhipsaMisra]

You will need to follow the steps here to enable console logging.

(Any instructions asking you to set an environment variable to enable logging are out-of-date. I'll update the issue template.)

[Steve0212a]

Thanks. I got the console logging added. It seems to me like the certificate is being used, but I am not 100% sure.

Another few question - am I going about this in the wrong way? We want to use DPS and X509 certs. Is there another way to use them for the module client? How are other people instantiating their module client when using x509 certs and DPS? Once DeviceClient is connected, is there a way to get the module connection string without the need to use the cert again with the module client. Is no one else using this scenario (module client with x509 cert/dps)?

Thanks for the help

Here is the code:

            IAuthenticationMethod authModule = new ModuleAuthenticationWithX509Certificate(
                result.DeviceId,
                "IotEdgeModule1",
                LoadProvisioningCertificate()); // reload the cert

            var _IoTHubModuleClient = ModuleClient.Create(result.AssignedHub, authModule, TransportType.Mqtt_WebSocket_Only);
            await _IoTHubModuleClient.OpenAsync();

And here is the output.

2021-09-17T09:41:23.8139665 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#34329867, ChannelReadComplete, (MqttIotHubAdapter#0)).
2021-09-17T09:41:38.7607718 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x0682cd41, [::ffff:10.1.8.90]:57899 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:38.7806227 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#34329867, ChannelReadComplete, MqttIotHubAdapter#0).
2021-09-17T09:41:38.7829573 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x0682cd41, [::ffff:10.1.8.90]:57899 => [::ffff:20.49.110.129]:8883] READ, ).
Found certificate: <hidden> CN=Azure IoT CA TestOnly Root CA; PrivateKey: False
Found certificate: <hidden> CN=Azure IoT CA TestOnly Intermediate CA; PrivateKey: False
Found certificate: <hidden> CN=blazin-dps2; PrivateKey: True
Using certificate 834E5971C06757A855A627CF10CA335B87FFC279 CN=blazin-dps2
2021-09-17T09:41:39.8009005 [Microsoft-Azure-Devices-Device-Client-Enter] (InternalClient#55993668, InternalClient_ctor, (Microsoft.Azure.Devices.Client.ITransportSettings[2], DeviceClientPipelineBuilder#35016340)).
2021-09-17T09:41:39.8036579 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, ITransportSettings[] = Microsoft.Azure.Devices.Client.ITransportSettings[2]).
2021-09-17T09:41:39.8060814 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, IotHubConnectionString = IotHubConnectionString#7167227).
2021-09-17T09:41:39.8083647 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, OnMethodCalledDelegate = OnMethodCalledDelegate#1898283595).
2021-09-17T09:41:39.8106924 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, Action`1 = System.Action`1[Microsoft.Azure.Devices.Shared.TwinCollection]).
2021-09-17T09:41:39.8132271 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, ConnectionStatusChangesHandler = ConnectionStatusChangesHandler#1901501661).
2021-09-17T09:41:39.8158760 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, OnModuleEventMessageReceivedDelegate = OnModuleEventMessageReceivedDelegate#1901972189).
2021-09-17T09:41:39.8180171 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, OnDeviceMessageReceivedDelegate = OnDeviceMessageReceivedDelegate#1911853268).
2021-09-17T09:41:39.8203935 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, ProductInfo = .NET/1.38.0 (.NET Core 3.1.19; Microsoft Windows 10.0.19042 WindowsProduct:0x00000030; X64; {F5E9C37C-E2F6-451C-B0E1-9E4D6527C249})).
2021-09-17T09:41:39.8226093 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, ClientOptions = ClientOptions#16294043).
2021-09-17T09:41:39.8250634 [Microsoft-Azure-Devices-Device-Client-Associate] (ProtocolRoutingDelegatingHandler#6630602, InnerHandler, ProtocolRoutingDelegatingHandler#6630602, (null)).
2021-09-17T09:41:39.8274121 [Microsoft-Azure-Devices-Device-Client-Associate] (ErrorDelegatingHandler#5024928, InnerHandler, ErrorDelegatingHandler#5024928, ProtocolRoutingDelegatingHandler#6630602).
2021-09-17T09:41:39.8296698 [Microsoft-Azure-Devices-Device-Client-Associate] (RetryDelegatingHandler#38414640, InnerHandler, RetryDelegatingHandler#38414640, ErrorDelegatingHandler#5024928).
2021-09-17T09:41:39.8333585 [Microsoft-Azure-Devices-Device-Client-Associate] (RetryDelegatingHandler#38414640, SetRetryPolicy, RetryDelegatingHandler#38414640, RetryPolicy#1401080).
2021-09-17T09:41:39.8357680 [Microsoft-Azure-Devices-Device-Client-Associate] (InternalClient#55993668, InternalClient, InternalClient#55993668, RetryDelegatingHandler#38414640).
2021-09-17T09:41:39.8386036 [Microsoft-Azure-Devices-Device-Client-Associate] (InternalClient#55993668, InternalClient, InternalClient#55993668, ITransportSettings[]#29422698).
2021-09-17T09:41:39.8411974 [Microsoft-Azure-Devices-Device-Client-Associate] (HttpTransportHandler#13896890, InnerHandler, HttpTransportHandler#13896890, (null)).
2021-09-17T09:41:39.8438653 [Microsoft-Azure-Devices-Device-Client-Exit] (InternalClient#55993668, InternalClient_ctor, Microsoft.Azure.Devices.Client.ITransportSettings[2], DeviceClientPipelineBuilder#35016340).
2021-09-17T09:41:39.8459634 [Microsoft-Azure-Devices-Device-Client-CreateFromConnectionString] (InternalClient#55993668, HostName=<MyHubName>.azure-devices.net;DeviceId=blazin-dps2;ModuleId=IotEdgeModule1, Mqtt_Tcp_OnlyMqtt_WebSocket_Only).
2021-09-17T09:41:39.8522510 [Microsoft-Azure-Devices-Device-Client-Associate] (ModuleClient#23399238, ModuleClient, ModuleClient#23399238, InternalClient#55993668).
2021-09-17T09:41:45.1691321 [Microsoft-Azure-Devices-Device-Client-Info] (RetryDelegatingHandler#38414640, EnsureOpenedAsync, Opening connection).
2021-09-17T09:41:45.1726361 [Microsoft-Azure-Devices-Device-Client-Enter] (RetryDelegatingHandler#38414640, OpenAsync, (CancellationToken#21621962)).
2021-09-17T09:41:45.1749580 [Microsoft-Azure-Devices-Device-Client-Enter] (ErrorDelegatingHandler#5024928, ExecuteWithErrorHandlingAsync, ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync).
2021-09-17T09:41:45.1771295 [Microsoft-Azure-Devices-Device-Client-Enter] (ProtocolRoutingDelegatingHandler#6630602, ProtocolRoutingDelegatingHandler.OpenAsync, (CancellationToken#21621962)).
2021-09-17T09:41:45.1792065 [Microsoft-Azure-Devices-Device-Client-Info] (ProtocolRoutingDelegatingHandler#6630602, ProtocolRoutingDelegatingHandler.OpenAsync, Trying Mqtt_Tcp_Only).
2021-09-17T09:41:45.1812657 [Microsoft-Azure-Devices-Device-Client-Info] (PipelineContext#64254500, Set, ITransportSettings = MqttTransportSettings#51408035).
2021-09-17T09:41:45.1836283 [Microsoft-Azure-Devices-Device-Client-Associate] (MqttTransportHandler#5826912, InnerHandler, MqttTransportHandler#5826912, (null)).
2021-09-17T09:41:45.1858322 [Microsoft-Azure-Devices-Device-Client-Associate] (ProtocolRoutingDelegatingHandler#6630602, InnerHandler, ProtocolRoutingDelegatingHandler#6630602, MqttTransportHandler#5826912).
2021-09-17T09:41:45.1879160 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttTransportHandler#5826912, OpenAsync, (CancellationToken#21621962)).
2021-09-17T09:41:45.2311666 [Microsoft-Azure-Devices-Device-Client-Info] (MqttTransportHandler#5826912, CreateChannelFactory, Connecting to 20.49.110.129).
2021-09-17T09:41:45.2341745 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4] HANDLER_ADDED, ).
2021-09-17T09:41:45.2364874 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4] REGISTERED, ).
2021-09-17T09:41:45.2387956 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4] CONNECT: 20.49.110.129:8883, ).
2021-09-17T09:41:45.2701438 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] ACTIVE, ).
2021-09-17T09:41:45.2724890 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ChannelActive, (MqttIotHubAdapter#0)).
2021-09-17T09:41:45.2747943 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ConnectAsync, (MqttIotHubAdapter#0)).
2021-09-17T09:41:45.2770333 [Microsoft-Azure-Devices-Device-Client-Info] (MqttIotHubAdapter#38350642, ConnectAsync, usernameString=<MyHubName>.azure-devices.net/blazin-dps2/IotEdgeModule1/?api-version=2020-09-30&DeviceClientType=.NET%2F1.38.0%20%28.NET%20Core%203.1.19%3B%20Microsoft%20Windows%2010.0.19042%20WindowsProduct%3A0x00000030%3B%20X64%3B%20%7BF5E9C37C-E2F6-451C-B0E1-9E4D6527C249%7D%29).
2021-09-17T09:41:45.2793480 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ScheduleCheckConnectTimeoutAsync, (MqttIotHubAdapter#0)).
2021-09-17T09:41:45.2816767 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] WRITE: ConnectPacket[Type=CONNECT, QualityOfService=AtMostOnce, Duplicate=False, Retain=False], ).
2021-09-17T09:41:45.2840980 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] FLUSH, ).
2021-09-17T09:41:45.2898262 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.3257257 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] RECEIVED_COMPLETE, ).
2021-09-17T09:41:45.3288499 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ChannelReadComplete, (MqttIotHubAdapter#0)).
2021-09-17T09:41:45.3317731 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.3345968 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, ChannelReadComplete, MqttIotHubAdapter#0).
2021-09-17T09:41:45.3375803 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.3472677 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] RECEIVED_COMPLETE, ).
2021-09-17T09:41:45.3501908 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ChannelReadComplete, (MqttIotHubAdapter#0)).
2021-09-17T09:41:45.3524251 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.3547236 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, ChannelReadComplete, MqttIotHubAdapter#0).
2021-09-17T09:41:45.3568535 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.3785178 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] USER_EVENT: TlsHandshakeCompletionEvent(SUCCESS), ).
2021-09-17T09:41:45.3827769 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, UserEventTriggered, (MqttIotHubAdapter#0, TlsHandshakeCompletionEvent(SUCCESS))).
2021-09-17T09:41:45.3851533 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, UserEventTriggered, MqttIotHubAdapter#0, TlsHandshakeCompletionEvent(SUCCESS)).
2021-09-17T09:41:45.3876386 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ScheduleKeepConnectionAliveAsync, (MqttIotHubAdapter#0)).
2021-09-17T09:41:45.3899490 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, ConnectAsync, MqttIotHubAdapter#0).
2021-09-17T09:41:45.3938888 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.3971226 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, ChannelActive, MqttIotHubAdapter#0).
2021-09-17T09:41:45.3993575 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] RECEIVED_COMPLETE, ).
2021-09-17T09:41:45.4015452 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ChannelReadComplete, (MqttIotHubAdapter#0)).
2021-09-17T09:41:45.4036766 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.4058102 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, ChannelReadComplete, MqttIotHubAdapter#0).
2021-09-17T09:41:45.4091661 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] READ, ).
2021-09-17T09:41:45.4292397 [DotNetty-Default-Debug] (DotNetty.Handlers.Logging.LoggingHandler, [id: 0x73fa9da4, [::ffff:10.1.8.90]:57935 => [::ffff:20.49.110.129]:8883] RECEIVED: ConnAckPacket[Type=CONNACK, QualityOfService=AtMostOnce, Duplicate=False, Retain=False], ).
2021-09-17T09:41:45.4316285 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ChannelRead, (MqttIotHubAdapter#0, ConnAckPacket[Type=CONNACK, QualityOfService=AtMostOnce, Duplicate=False, Retain=False])).
2021-09-17T09:41:45.4339504 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ProcessMessage, (MqttIotHubAdapter#0, CONNACK)).
2021-09-17T09:41:45.4361422 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ProcessConnectAckAsync, (MqttIotHubAdapter#0, ConnAckPacket[Type=CONNACK, QualityOfService=AtMostOnce, Duplicate=False, Retain=False])).
2021-09-17T09:41:45.4390247 [Microsoft-Azure-Devices-Device-Client-Info] (MqttIotHubAdapter#38350642, ProcessConnectAckAsync, ConnAckPacket.ReturnCode=RefusedNotAuthorized).
2021-09-17T09:41:45.4415138 [Microsoft-Azure-Devices-Device-Client-ErrorMessage] (MqttIotHubAdapter#38350642, ProcessConnectAckAsync, Invalid credentials were provided while attempting a CONNECT, will shut down.).
2021-09-17T09:41:45.4450521 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ShutdownOnErrorAsync, (MqttIotHubAdapter#0, Microsoft.Azure.Devices.Client.Exceptions.UnauthorizedException: CONNECT failed: RefusedNotAuthorized)).
2021-09-17T09:41:45.4503678 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttTransportHandler#5826912, OnError, (Microsoft.Azure.Devices.Client.Exceptions.UnauthorizedException: CONNECT failed: RefusedNotAuthorized)).
2021-09-17T09:41:50.2407339 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, WriteAsync, (MqttIotHubAdapter#0, DisconnectPacket[Type=DISCONNECT, QualityOfService=AtMostOnce, Duplicate=False, Retain=False])).
2021-09-17T09:41:50.2507821 [Microsoft-Azure-Devices-Device-Client-ErrorMessage] (MqttIotHubAdapter#38350642, WriteAsync, When writing data to the MQTT transport layer, it had already been closed.).
2021-09-17T09:41:55.9031127 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttTransportHandler#5826912, OpenAsync, CancellationToken#21621962).
2021-09-17T09:41:57.9675568 [Microsoft-Azure-Devices-Device-Client-Exit] (ProtocolRoutingDelegatingHandler#6630602, ProtocolRoutingDelegatingHandler.OpenAsync, CancellationToken#21621962).
2021-09-17T09:42:02.1378410 [Microsoft-Azure-Devices-Device-Client-ErrorMessage] (MqttIotHubAdapter#38350642, WriteAsync, Received a non-fatal exception while writing data to the MQTT transport layer, will shut down: Microsoft.Azure.Devices.Client.Exceptions.IotHubCommunicationException: MQTT is disconnected.
   at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.WriteAsync(IChannelHandlerContext context, Object data) in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\Mqtt\MqttIotHubAdapter.cs:line 171).
2021-09-17T09:42:02.1413715 [Microsoft-Azure-Devices-Device-Client-Enter] (MqttIotHubAdapter#38350642, ShutdownOnErrorAsync, (MqttIotHubAdapter#0, Microsoft.Azure.Devices.Client.Exceptions.IotHubCommunicationException: MQTT is disconnected.
   at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttIotHubAdapter.WriteAsync(IChannelHandlerContext context, Object data) in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\Mqtt\MqttIotHubAdapter.cs:line 171)).
2021-09-17T09:42:02.1455466 [Microsoft-Azure-Devices-Device-Client-ErrorMessage] (ErrorDelegatingHandler#5024928, ExecuteWithErrorHandlingAsync, Exception caught: Microsoft.Azure.Devices.Client.Exceptions.UnauthorizedException: CONNECT failed: RefusedNotAuthorized
   at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenInternalAsync(CancellationToken cancellationToken) in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\Mqtt\MqttTransportHandler.cs:line 1038
   at Microsoft.Azure.Devices.Client.Transport.Mqtt.MqttTransportHandler.OpenAsync(CancellationToken cancellationToken) in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\Mqtt\MqttTransportHandler.cs:line 224
   at Microsoft.Azure.Devices.Client.Transport.ProtocolRoutingDelegatingHandler.OpenAsync(CancellationToken cancellationToken) in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\ProtocolRoutingDelegatingHandler.cs:line 129
   at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.<>c__DisplayClass27_0.<<ExecuteWithErrorHandlingAsync>b__0>d.MoveNext() in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\ErrorDelegatingHandler.cs:line 179
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.Azure.Devices.Client.Transport.ErrorDelegatingHandler.ExecuteWithErrorHandlingAsync[T](Func`1 asyncOperation) in C:\tfs\azure-iot-sdk-csharp\iothub\device\src\Transport\ErrorDelegatingHandler.cs:line 193).
2021-09-17T09:42:02.1535957 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, ShutdownOnErrorAsync, MqttIotHubAdapter#0).
2021-09-17T09:42:04.7774738 [Microsoft-Azure-Devices-Device-Client-Exit] (MqttIotHubAdapter#38350642, WriteAsync, MqttIotHubAdapter#0).

[abhipsaMisra]

We want to use DPS and X509 certs. Is there another way to use them for the module client? How are other people instantiating their module client when using x509 certs and DPS? Once DeviceClient is connected, is there a way to get the module connection string without the need to use the cert again with the module client. Is no one else using this scenario (module client with x509 cert/dps)?

DPS deals only with device identities, and not with module identities. So trying to provision a module identity will not work.

Could you describe your device and module relationship, and what operations you intend to execute on each? That way we can suggest an alternative approach for you to achieve the intended result.

[Steve0212a]

Right now, I am working on a proof of concept. We planned on provisioning the Edge devices using X509 certs. We will have one custom module that uses SNMP to read data from devices and sends that info to the cloud. We are planning on using device twin and module twin to send configuration to the module (i.e. what devices to read via SNMP). Because of this, I have need in my custom module code to instantiate a DeviceClient and a ModuleClient to read the twin configuration. I can instantiate the DeviceClient using the X509 cert, but I have no way to instantiate the ModuleClient as we do not want the end user to have to manually enter a connection string on every Edge device.

We are not locked into X509 if there is a better solution that is secure and easy to use. The client has requested that the solution be as easy as possible for the end users.

Please let me know your thoughts.

thx

[abhipsaMisra]

@Steve0212a Thanks for the explanation of your scenario. In your setup, you've mentioned that you have a custom "module" that reads data from devices and sends it to the cloud. Do you see this as a gateway device? Would the following statement be an accurate representation of your scenario:

• You have device/module identities that maintain their state. These devices are only connected to a custom "module".
• The custom module is connected upstream to the cloud. This custom module reads the device/module information and sends it to the cloud.

[Steve0212a]

yes, that would be an accurate representation

[Steve0212a]

After talking with another person at MS, I have found that ModuleClient.CreateFromEnvironmentAsync works after creating the device client with the X509. I must have had something else not configured correctly because I tried that before and it did not work.

[abhipsaMisra]

Thank you for posting the solution here; I'm glad it worked out for you!