Testing and Troubleshooting Connectivity
Troubleshooting the connection is crucial as it helps identify and resolve any issues that may arise during the communication between your IoT Edge device and the Azure IoT Hub. A stable and secure connection is vital for the proper functioning of your IoT solution.
sudo iotedge check is the built-in troubleshooting tool of the IoT Edge runtime. It checks all steps of the connection process and highlights where problems exist.
The following sections provide explanations of each check. Please note, only a few checks need to be okay. If some of the checks show WARNING or ERROR, it will not impact the configuration and connectivity. This information is indicated in the "Importance" column.
Connectivity checks (aziot-identity-service)
| Check | Explanation | Importance |
|---|---|---|
| Host can connect to and perform TLS handshake with iothub AMQP port | This check ensures that the edge device can securely connect to Azure IoT Hub via the AMQP port. It's crucial for the proper functioning and secure communication of the IoT Edge deployment with the IoT Hub. | Not Important - If this check fails, the deployment can still function properly as long as other checks pass. |
| Host can connect to and perform TLS handshake with iothub HTTPS/WebSockets port | It ensures the edge device can securely connect to the Azure IoT Hub via HTTPS or WebSockets. It guarantees the use of a reliable and secure protocol to transmit data over the internet, safeguarding the confidentiality and integrity of the data. | IMPORTANT - If this check fails, the edge device will not be able to communicate. |
| Host can connect to and perform TLS handshake with iothub MQTT port | This checks if the edge device can establish a secure MQTT connection with the Azure IoT Hub. This is crucial for proper functioning and secure communication between the IoT Edge deployment and the IoT Hub. | Not Important - If this check fails, the deployment can still function properly as long as other checks pass. |
Connectivity checks
| Check | Explanation | Importance |
|---|---|---|
| Container on the default network can connect to upstream AMQP port | This check ensures that containers on the default network can establish a connection with the upstream AMQP port (5671) for a reliable and widely-used messaging protocol. | Not Important - If this check fails, the deployment can still function properly as long as other checks pass. |
| Container on the default network can connect to upstream HTTPS/WebSockets port | It ensures that containers on the default network can establish a secure connection with the upstream services using HTTPS or WebSockets protocol. It is crucial to verify this as it ensures that the communication between containers and upstream services is reliable and secure, protecting the integrity and confidentiality of transmitted data. | IMPORTANT - If this check fails, the edge device will not be able to communicate. |
| Container on the IoT Edge module network can connect to upstream AMQP port | This check ensures that modules on the IoT Edge module network can communicate with upstream services using the reliable and widely-used messaging protocol, AMQP. It verifies that modules can connect to the upstream AMQP port (5671). | Not Important - If this check fails, the deployment can still function properly as long as other checks pass. |
| Container on the IoT Edge module network can connect to upstream HTTPS/WebSockets port | Checks if IoT Edge modules can securely communicate with upstream services via the HTTPS or WebSockets port, which ensures reliable and secure transmission of data over the internet, protecting its confidentiality and integrity. | IMPORTANT - If this check fails, the edge device will not be able to communicate. |
note
For the edge device to communicate with cloud services, it's necessary to enable specific HTTPS ports on the network or firewall.
Configuration checks
| Check | Explanation | Importance |
|---|---|---|
| aziot-edged configuration is well-formed | This check ensures that the configuration file for the IoT Edge daemon is well-formed and does not contain any syntax errors. | Not Important |
| Configuration up-to-date with config.toml | This check ensures that the configuration for the IoT Edge daemon is up-to-date with the configuration file (config.toml). | Not Important |
| Container engine is installed and functional | It ensures that the container engine (Docker or Moby) is installed and running properly. This is necessary for the deployment to run and manage containers. | Not Important |
| Configuration has correct URIs for daemon mgmt endpoint | Checks that the URIs specified for the IoT Edge daemon management endpoint are correct. | Not Important |
| aziot-edge package is up-to-date | Checks that the Azure IoT Edge runtime package is up-to-date. This ensures that any security vulnerabilities or issues in previous versions of the package are addressed. | Not Important |
| Container time is close to host time | Checks that the time on the container is synchronized with the time on the host system. This ensures that logs and other time-sensitive data are consistent across the deployment. | Not Important |
| DNS server | Responsible for translating human-readable domain names into IP addresses that computers can understand. | Not Important |
| Production readiness | Ensures that an IoT Edge deployment is configured optimally and meets the necessary standards for stable and reliable operation in a production environment. | Not Important |
| Agent image is valid and can be pulled from upstream | This check ensures that the Docker image for the IoT Edge Agent can be pulled from upstream. This is necessary for the deployment to run and manage the Edge Agent properly. | Not Important |
| Proxy settings are consistent in aziot-edged, aziot-identityd, moby daemon and config.toml | This check ensures that the proxy settings specified in various configuration files are consistent. This is necessary for the deployment to communicate with upstream services via a proxy server, if necessary. | Not Important |
note
The status of the checks for "Configuration checks (aziot-identity-service)" can be omitted since they are not as crucial.