IoT Edge 1.0 and 1.1 devices cannot authorize to the IoT Hub anymore

Davy Meybos 75 Reputation points
2024-10-14T09:24:59.6866667+00:00

Hello,

since last week our Azure IoT edge 1.0 and 1.1 devices cannot connect to our IoT Hub anymore.

We use device certificates and DPS and we see that the certificates are valid and DPS registers the devices to the Hub correct, however as soon as the modules should be downloaded/created and 401002 unauthorized error occurs:

Okt 14 08:44:16 S360N12011023C82HU iotedged[28984]: 2024-10-14T06:44:16Z [INFO] - Checking edge runtime status Okt 14 08:44:16 S360N12011023C82HU iotedged[28984]: 2024-10-14T06:44:16Z [INFO] - Creating and starting edge runtime module edgeAgent Okt 14 08:44:16 S360N12011023C82HU iotedged[28984]: 2024-10-14T06:44:16Z [WARN] - Error in watchdog when checking for edge runtime status: Okt 14 08:44:16 S360N12011023C82HU iotedged[28984]: 2024-10-14T06:44:16Z [WARN] - A module runtime error occurred. Okt 14 08:44:16 S360N12011023C82HU iotedged[28984]: 2024-10-14T06:44:16Z [WARN] - caused by: Could not get identity $edgeAgent Okt 14 08:44:16 S360N12011023C82HU iotedged[28984]: 2024-10-14T06:44:16Z [WARN] - caused by: Could not get module $edgeAgent Okt 14 08:44:16 S360N12011023C82HU iotedged[28984]: 2024-10-14T06:44:16Z [WARN] - caused by: HTTP request failed: [401 Unauthorized] {"Message":"{"errorCode":401002,"message":"Unauthorized access","trackingId":"E430C19F110E41E98CBCF181773EE266-G2:-TimeStamp:2024-10-14T06:44:16.407931446Z","timestampUtc":"2024-10-14T06:44:16.407931446Z","info":null}","ExceptionMessage":""}

We believe this started without changed on our end.

We also have another environment with another IoT Hub and there everything is still working as expected.

How can we debug further and find out what is going wrong and on which end?

Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
582 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,224 questions
{count} votes

Accepted answer
  1. Sander van de Velde | MVP 34,201 Reputation points MVP
    2024-11-04T22:36:00.4066667+00:00

    Hello @Davy Meybos ,

    welcome to this moderated Azure community forum.

    Thanks for the follow up, now others having the same issue know what is happening.

    Based on your comment, this 'Unauthorized access' behaviour it related to a recent bug in the IoT Hub.

    The team behind the IoT Hub has reverted the IoT Hub to a previous version of the IoT Hub gateway and a repair including extra tests is scheduled to prevent this error in the future.


    Please do "Accept Answer". All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Sander van de Velde | MVP 34,201 Reputation points MVP
    2024-10-14T19:23:27.5+00:00

    Hello @Davy Meybos ,

    welcome to this moderated Azure community forum.

    The message says 'Unauthorized'...

    I expect you already tested if the client certificates are still valid.

    Are you able to test if any of the devices can connect to any IoT hub using a connection string?

    Can you check the certificate store for the correct DigiCert certificate as seen in this blog post due to the expiration of the Baltimore TLS certificate?

    Finally, did you check the certificates needed for the TLS security for module-to-module communication and optionally child device communication as seen in this blog post? You can also get the expiration date of those certficates by checking the first log lines of the edgeAgent when it is restarted...


    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.