Forum Widgets
Latest Discussions
Can Admins Access IoT Edge Container Code Despite ACR Encryption?
If I deploy my Python application as an IoT Edge container, and the container is pulled from Azure Container Registry (which says all images are encrypted at rest), can someone with administrator access on the machine access the container and see my code?
Module identity fetch issue
I have registered an edge device[gateway] to Azure IoTHub using x509 self signed certificate. The device got registered fine and modules [edgeAgent,edgeHub] got deployed along with some custom edge modules- with deployment status 200, device and modules status reporting. The modules are running on the edge device but the modules keep restarting as they couldnt authenticate. edge Device registration is through x509 self signed certificate, with below properties in config.toml # Manual provisioning with x.509 certificates [provisioning] source = "manual" iothub_hostname = "REQUIRED_IOTHUB_HOSTNAME" device_id = "REQUIRED_DEVICE_ID_PROVISIONED_IN_IOTHUB" [provisioning.authentication] method = "x509" identity_cert = "REQUIRED_URI_OR_POINTER_TO_DEVICE_IDENTITY_CERTIFICATE" identity_pk = "REQUIRED_URI_TO_DEVICE_IDENTITY_PRIVATE_KEY" Logs from edgeHub: [INF] - Unable to authenticate client <deviceid>/<custom_edge_module> with cached service identity <deviceid>/<custom_edge_module> (Found: False). Resyncing service identity... <4> 2025-09-19 00:29:56.415 +00:00 [WRN] - Error while refreshing the service identity: <deviceid>/<custom_edge_module> OnBehalfOf: <deviceid> System.Collections.Generic.KeyNotFoundException: The given key '<deviceid>/<custom_edge_module>' was not present in the dictionary. at Microsoft.Azure.Devices.Edge.Hub.Core.DeviceScopeIdentitiesCache.RefreshServiceIdentityInternal(String refreshTarget, String onBehalfOfDevice, Boolean invokeServiceIdentitiesUpdated) in /mnt/vss/_work/1/s/edge-hub/core/src/Microsoft.Azure.Devices.Edge.Hub.Core/DeviceScopeIdentitiesCache.cs:line 187 device twin status: "deviceScope": "ms-azure-iot-edge://<devicescope>", "modelId": "", "status": "enabled", "statusUpdateTime": "0001-01-01T00:00:00.0000000Z", "lastActivityTime": "2025-09-19T00:47:10.0840495Z", "connectionState": "Connected", "cloudToDeviceMessageCount": 0, "authenticationType": "selfSigned", "x509Thumbprint": { "PrimaryThumbprint": "<thumbprint>" } Module identity twin of edgeHub: "modelId": "", "status": "enabled", "statusUpdateTime": "0001-01-01T00:00:00.0000000Z", "lastActivityTime": "2025-09-19T00:42:23.4967322Z", "connectionState": "Connected", "cloudToDeviceMessageCount": 0, "authenticationType": "sas", "x509Thumbprint": {} module identity twin of edgeAgent and other modules: "modelId": "", "status": "enabled", "statusUpdateTime": "0001-01-01T00:00:00.0000000Z", "lastActivityTime": "2025-09-19T00:54:15.6085296Z", "connectionState": "Disconnected", "cloudToDeviceMessageCount": 0, "authenticationType": "sas", "x509Thumbprint": {} The modules couldnt communicate to hub as they couldnt authenticate, where as the same modules works fine when the edge device is registered via shared access signature and send telemetry to iot hub. Please let me know where could the issue be for modules not able to communicate with iotHubConnecting PLC to Azure IoT Hub
We have a client with an Automation Direct Productivity 3000 PLC. Looks like it has an MQTT client configuration that may allow us to connect directly to Azure IoT Hub, but we are struggling. We're waiting for the client to get a vendor resource to assist. Meanwhile. we're trying to figure out if that will work directly, or if we need something like IoT Edge to act as a protocol translator. Unsure if the device is able to utilize TLS 1.2 or not. The config screen looks like this (please ignore current settings): Do we need to use something like IoT Edge to convert the MQTT to use TLS? Any other advice for getting this up and running? Thank you, -Peter
All Azure IoT Central Applications completly broken
Dear community, I have big trouble regarding all Azure IoT Applications, which haven't been properly rendering since a couple of hours. Every link is broken and no data is shown as seen the screenshot below. We already tested different browser different tentants different computers No difference. Can anyone point out the reason for that or experiences similar issues right now? Best, Andy
Sensor to AZURE IoT Hub to ADLS to Power BI
Discovery & Resolution ? By creating this workflow, I found the following: Device sensor firmware published data once every 30 seconds. AZURE IoT Hub routed this data to ADL BLOB as JSON once every 2 minutes. Power BI Power Query failed to interpret JSON files. "extra characters at end of JSON input". The PBI PQ error occurred because each BLOB file contained four individual JSON expressions - one for each device sensor publication. This can be resolved by reformatting each JSON file as a single document by bracketing all four expressions as one […] and adding a comma to the end of the first three. It works, but it's sloppy. I did it manually. A simpler resolution is to synchronize timing of device sensor publications with IoT Hub routing to ADL BLOB so that each file contains only a single JSON expression. In other words, by publishing and routing to ADL at the same frequency - only one publication / JSON expression is contained per file. This avoids the PBI PQ failure, but I have doubts about its scalability. Do any of you have a better suggestion? Is it possible to configure the IoT Hub to wrap multiple JSON expressions as a single JSON document for routing to ADLS?Edge Module Authentication
Hi Folks, I've made my first IoT Edge Module (container), its just based off: FROM ubuntu:oracular For now, but it seems to start up and run correctly. I've pushed the container into ACR and added it to my manifest which pushed it down to my edge gateway and its up and running. So far so good. Now, I want my application in that container to publish events to the edgeHub, and subscribe to properties set in IoT Central. I followed some of the guides, but have had no luck. Firstly - not much love for a rust application, but aside from that, I've resorted to jumping into the container and trying to use the mosquitto clients likes so: $ docker exec -ti <module_id> bash # mosquitto_sub -d \ -V mqttv311 \ -h edgeHub \ -p 8883 \ -i "${IOTEDGE_DEVICEID}/${IOTEDGE_MODULEID}" \ -u "${IOTEDGE_IOTHUBHOSTNAME}/${IOTEDGE_DEVICEID}/${IOTEDGE_MODULEID}/?api-version=2018-06-30" \ -P "${SAS_TOKEN}" \ -t "devices/${IOTEDGE_DEVICEID}/modules/${IOTEDGE_MODULEID}/messages/events" \ --cafile /etc/ssl/certs/IoTHubRootCA.pem \ -q 1 Client <device_id>/<module_id> sending CONNECT OpenSSL Error[0]: error:0A000086:SSL routines::certificate verify failed Error: Protocol error I just cant get it to validate the certs in the edgeHub. If I look at the edgeHub container it shows: $ docker logs -f edgeHub <4> 2025-06-30 06:52:23.276 +00:00 [WRN] - "TLS handshake failed., System.AggregateException: One or more errors occurred. (Authentication failed, see inner exception.)\n ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.\n ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL.\n ---> Interop+Crypto+OpenSslCryptographicException: error:0A000418:SSL routines::tlsv1 alert unknown ca\n --- End of inner exception stack trace ---\n at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, ReadOnlySpan`1 input, Byte[]& sendBuf, Int32& sendCount)\n at System.Net.Security.SslStreamPal.HandshakeInternal(SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions)\n --- End of inner exception stack trace ---\n at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)\n --- End of inner exception stack trace ---, 0af563ac" That error suggests the edgeHub does not like the CA in my module ? I'm looking for any references to get the right CA's setup so that my translation app can publish events to the edgeHub container.
Need help with updating disconnected devices
hey, I am new to azure and IOT and I need help with knowing how to do this. The scenario is that: I have a set of Linux devices that can't be connected to the internet ever, these devices should be connected to another device (will have internet) which will act as parent to all these disconnected devices. The challenge is to update these child devices using Azure IOT, the updates will be deployed in the hub, and it has to passed to child devices via parent device and automatically needs to be installed in the child devices. The parent might not require this update or might. How will I do this? also I can't use any scripting mechanisms. Now when I surfed a bit through azure documentation, I found out that I can use device update for this, What I found was: 1) setup every device in IOT hub 2)set the device with internet as parent and others a child 3)set up MCC module in parent 4)Connect the devices physically (Lan or Wi-Fi) 5)Roll out updates Now I don't know whether this is true or not, it's just my understanding. I am having few doubts: 1)do we also add the child devices (disconnected devices in IOT hub), if yes what if we have 1000 devices? (I'm asking about scalability) 2)How do I actually physically connect the parent and child devices, do I just plug in Lan/Wi-Fi, or do I have to do anything else? 3)How to add MCC Module? 4)how does this actually works? is it feasible?Designing and developing for Unified Namespaces
I apologize if I am posting in the incorrect community. I would like to know if anyone has developed a Unified Namespace architecture and solution within Azure for IIOT without using third-party middleware such as ignition, high-byte, or HiveMQ. I am currently looking to use Azure IOT and ADF and Dynamics 365 as the ERP and MES.
IOT Central data export destination on waiting
Hello. I have successfully created a demo sensor in iot central and now I would like to connect it to my service bus queue. I went to data export tab and create a new destination using the connection strings of my queue, it seemed ok but the destination is on "waiting" state since 10 hours. Is it normal? Can I check anything? Thanks Gianpaolo
