Could not connect: mqtt.js returned Failure on first connection (Not authorized): getaddrinfo ENOTFOUND undefined error

[rockysoft8]

Hello,

I am trying to use the iot-sdk-example under devices/samples/javascript/simple_sample_device_x509.js

And get the error Could not connect: mqtt.js returned Failure on first connection (Not authorized): getaddrinfo ENOTFOUND undefined error

Steps followed:

1. Cloned this git repo
2. navigate to the directory /devices/samples/javascript
3. npm install within the directory
4. Set the following env variables

export IOTHUB_DEVICE_CONNECTION_STRING="****.azure-devices.net;DeviceId=***;x509=true"
export PATH_TO_CERTIFICATE_FILE="./certificate1.crt"
export PATH_TO_KEY_FILE="./privateKey.pem"

5. Run the sample by runnign node simple_sample_device_x509.js

I get the error above and am not able to understand what the actual error is.

Can someone please point in the right direction and the next steps to debug?

[anthonyvercolano]

@rockysoft8 Hello, the certificate file is assumed to be in PEM format. Is this the case with your certificate? PLEASE do NOT post the key file.

Is it possible that you have proxy issues or is your network blocking the MQTT port? port 8883?

[rockysoft8]

Hello @anthonyvercolano yes the certificate is in PEM format. We have used the device provisioning API to get the certificates.

I am using this on the home network and have other devices using the port 8883.

[rockysoft8]

Hello @anthonyvercolano any update here?

[rockysoft8]

Hi @anthonyvercolano

Any help here? I am blocked because of this error.

Thanks

[anthonyvercolano]

@rockysoft8 Can you describe your home network DNS setup?

Also, could you take the contents of your ./certificant1.crt file (which as stated is in PEM format) and run it though something like https://certlogik.com/decoder ? Do the results look surprising? Any dates expired?

Also what happens if you wait 10 seconds in your app after the ENOTFOUND error and then try to connect again. Does it work?

How was the cert you are using created?

[rockysoft8]

Hi @anthonyvercolano

I have used the python script below and it is able to connect. So don't think the issue is related to DNS setup.

I can share the credentials privately and you can test the script on your end too

Python Script:

from paho.mqtt import client as mqtt
import ssl
import os
import certifi

path_to_root_cert = "C:\companyName\ProjectName\TestProject\ca.pem"
cert_file = "C:\companyName\ProjectName\TestProject\client.pem"
key_file = "C:\companyName\ProjectName\TestProject\client_key.key"
device_id = "companyNameTestDevice"
#sas_token = "<generated SAS token>"
iot_hub_name = "rsbd-cus-icore-iothub"

def on_connect(client, userdata, flags, rc):
    print("Device connected with result code: " + str(rc))

def on_disconnect(client, userdata, rc):
    print("Device disconnected with result code: " + str(rc))

def on_publish(client, userdata, mid):
    print("Device sent message")

client = mqtt.Client(client_id=device_id, protocol=mqtt.MQTTv311)

client.on_connect = on_connect
client.on_disconnect = on_disconnect
client.on_publish = on_publish

client.username_pw_set(username=iot_hub_name+".azure-devices.net/" +
                       device_id + "/?api-version=2018-06-30", password=None)

# Set the certificate and key paths on your client

client.tls_set(ca_certs=path_to_root_cert, certfile=cert_file, keyfile=key_file,
               cert_reqs=ssl.CERT_NONE, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)

client.tls_insecure_set(True)
# Connect as before
client.connect(iot_hub_name+".azure-devices.net", port=8883)

client.connect(iot_hub_name+".azure-devices.net", port=8883)

client.publish("devices/" + device_id + "/messages/events/", '{"id":123}', qos=1)
client.loop_forever()

[anthonyvercolano]

@rockysoft8 What happens if you remove the line client.tls_insecure_set(True) ?

[mattiadevivo]

Hi, I'm experiencing the same issue while trying to run my code on a Docker container with node:gallium-alpine as base image and arm64v8 platform. I checked private key, certificate (pem) and and the device connection string, they are all correctly set up. On the same machine outside the Docker container all is properly working. Is there any prerequisites about software need to be installed on the "device"?

[vishnureddy17]

Hi @rockysoft8 and @mattiadevivo, does this issue appear when using connection string authentication rather than X509? Thanks!

[mattiadevivo]

Hi @vishnureddy17 , in my case I was using x509 cert. I didn't try with connection string.

[vishnureddy17]

Would it be possible to try connection string authentication and see if the issue still appears? If the issue persists with connection strings, we can rule out some things which is why I ask.

I just attempted to reproduce the issue using the information provided by @rockysoft8, but I was unable to recreate the problem.

[vishnureddy17]

Closing issue due to inactivity from @rockysoft8. @rockysoft8, feel free to leave a comment here if you are still experiencing issues and I'll reopen it.

@mattiadevivo If you still need assistance, could you open a separate issue?

[mattiadevivo]

@vishnureddy17 thank you for the help, from my side no need to investigate further since it was just a playground

[vishnureddy17]

@mattiadevivo I've heard of DNS issues occurring on the alpine Docker images in the past, might be something worth looking into.