lesudu wrote on April 24, 2018:
I am trying to run Windows demo application (MQTTEcho) for Amazon FreeRTOS.
I have followed the documentation as stated.
When I run, I get this:
IP Address: xxx.xxx.xxx.xxx
6 13283 [IP-task] Subnet Mask: xxx.xxx.xxx.xxx
7 13283 [IP-task] Gateway Address: xxx.xxx.xxx.xxx
8 13283 [IP-task] DNS Server Address: xxx.xxx.xxx.xxx
9 13285 [MQTTEcho] MQTT echo attempting to connect to .iot.eu-central-1.amazonaws.com.
10 13285 [MQTTEcho] Sending command to MQTT task.
11 13285 [MQTT] Received message 10000 from queue.
12 13543 [IP-task] Socket sending wakeup to MQTT task.
13 17602 [MQTT] Received message 0 from queue.
14 17689 [IP-task] Socket sending wakeup to MQTT task.
15 17689 [MQTT] Received message 0 from queue.
16 17701 [IP-task] Socket sending wakeup to MQTT task.
17 17701 [MQTT] Received message 0 from queue.
18 17703 [MQTT] About to close socket.
19 17802 [IP-task] Socket sending wakeup to MQTT task.
20 17865 [MQTT] Socket closed.
21 17865 [MQTT] Notifying task.
22 17865 [MQTT] Received message 0 from queue.
23 17866 [MQTTEcho] Command sent to MQTT task failed.
24 17866 [MQTTEcho] ERROR: MQTT echo failed to connect.
25 17866 [MQTTEcho] MQTT echo test could not connect to broker.
26 17866 [MQTTEcho] Sending command to MQTT task.
27 17866 [MQTT] Received message 20000 from queue.
28 17866 [MQTT] Notifying task.
29 17867 [MQTTEcho] Command sent to MQTT task passed.
30 17867 [MQTTEcho] MQTT echo demo finished.
On AWS IoT side,
The policy looks like this:
It has been attached to the Certificate.
PC has hard-wired ethernet connection which works.
I am clueless what the problem is. Please help! Thanks in advance.
Edited by: lesudu on Apr 24, 2018 1:20 AM
DanG-AWS wrote on April 24, 2018:
Here are some things to confirm:
From your pasted debug output, it appears that the TCP socket connection is succeeding, but the subsequent MQTT broker connection attempt fails. If you step through the code, is that what you see? If so, then an additional detail to determine is whether the TLS connection is succeeding before the MQTT connect fails. If so, that indicates that your client certificate is trusted by the AWS service frontend, but not by the MQTT broker backend (i.e., the certificate is not associated with a valid Thing and/or policy).
Next, assuming you’re in a lab setting, try configuring a fully permissive policy for your Thing certificate. That approach is only appropriate to help you isolate potential causes. Once you’ve narrowed down the problem, iteratively reduce the scope of the Thing certificate policy until it’s as restrictive as possible.
Next, if you don’t mind trying the AWS command-line interface, check out the debugging instructions in https://github.com/aws/amazon-freertos/blob/master/demos/common/greengrass_connectivity/README.md. Ignore the first few commands that are Greengrass-specific; start with the aws iot describe-certificate… command that’s about 3/4 of the way down the page. That, and the two commands after it, will help you double-check your Amazon FreeRTOS client certificate and policy configuration.
If you’re still stuck after the above, please post whatever additional details you discover.
lesudu wrote on April 25, 2018:
Hello, Thanks for the reply. You are right. TCP connection is established.
But what I see is the code is executed properly to a point where socket connection has to be made. But it is going to the following function:
static void prvGracefulSocketClose( MQTTBrokerConnection_t * const pxConnection )
About the certificates:
I see this in the console:
The interface that will be opened is set by “configNETWORK_INTERFACE_TO_USE”, which
should be defined in FreeRTOSConfig.h
Attempting to open interface number 2.
2 126 [IP-task] Starting key provisioning…
3 126 [IP-task] Write root certificate…
4 126 [IP-task] Write device private key…
5 138 [IP-task] Write device certificate…
6 148 [IP-task] Key provisioning done…
7 148 [IP-task] Creating MQTT Echo Task…
8 148 [IP-task]
Does that mean TLS is working fine?
I created a certificate, policy and attached it to a thing I created. I am testing it using the ‘test’ tab in IoT console by adding the topic to subscribe to.
I used the same certificate in the Simulator code. (used the generator).As a AWS IoT noob, I am not sure if I did this right. Can you please confirm?
About the policy:
I used the fully permissive policy first before I used the one I mentioned in my original message. That did not work either.
I am unfamiliar with AWS command-line interface yet. I will check that and get back to you again.
Also, just to clarify, I am in the corporate network.Can that be a reason why it is going wrong?
Thanks in advance!
Edited by: lesudu on Apr 25, 2018 3:44 AM
Tiangang-AWS wrote on April 25, 2018:
So looks like your network stack is working. Although I don’t think corporate network could be the issue, a quick way to verify that would be trying your mobile phone hotspot.
And maybe you’ve already verified it, could you confirm your clientcredentialMQTT_BROKER_ENDPOINT and clientcredentialIOT_THING_NAME are both correct? They’re in demos/common/include/aws_clientcredential.h. Also, make sure the certificate is attached to the thing, and policy is attached to the certificate.
To see if your TLS connection is working, you can put a break point in this file, [https://github.com/aws/amazon-freertos/blob/master/lib/secure_sockets/portable/pc/windows/aws_secure_sockets.c#L172], and see what the return code of TLS_Connect is.
lesudu wrote on April 26, 2018:
I cannot connect directly via Hotspot because the laptop is secure too and cannot connect to other networks without a VPN.
I confirmed that clientcredentialMQTT_BROKER_ENDPOINT and clientcredentialIOT_THING_NAME are both correct. Also, AWS side certificate and policy configuration is proper and exactly as you have mentioned.
However, I have tried to put the break-point for TLS_Connect. But the code is not executed till that point. As I have mentioned in the previous message, console says “About to close the socket” and " Socket closed". It gracefully closes the socket before it even reaches there.
Tiangang-AWS wrote on April 27, 2018:
Here’re few things you could try,
Set a break point at https://github.com/aws/amazon-freertos/blob/master/lib/secure_sockets/portable/pc/windows/aws_secure_sockets.c#L154. If that doesn’t work, then it could be network stack itself not working.
Try using mosquitto [https://mosquitto.org/download/] to publish something. mosquitto_pub -d --cafile [root certficate] --cert [your device certificate] --key [private key] -h [AWS IoT endpoint] -p 8883 -m “a test message” -t “test/topic” -q 1. This would at least tell you if you could reach AWS IoT at all. If this doesn’t work, then it could be your corporate network firewall.
lesudu wrote on April 30, 2018:
- I have set a breakpoint. These are the results:
lStatus = FreeRTOS_connect( pxContext->xSocket, &xTempAddress, xAddressLength ); //Result: failed lstatus is nagative!
xResult = FreeRTOS_issocketconnected( pxSocket ); //Result: returns 0 - should be returning positive if connected
And, to establish TCP Connection
/* Establish the TCP connection. */
xStatus = prvSetupConnection( pxEventData ); //Result:failed
- I also tried with the Mosquitto MQTT broker, I am getting
Unable to connect (lookup error)
Apparently, I guess it is the problem of the firewall. I will check with an open PC and get back to you on the results.
lesudu wrote on May 03, 2018:
I have tried with a personal laptop and an open network.
Now I could communicate with the AWS. It was the problem because of the company firewall after all.
Thanks a lot for the inputs!