Troubleshooting client devices - AWS IoT Greengrass

Troubleshooting client devices

Use the troubleshooting information and solutions in this section to help resolve issues with Greengrass client devices and client device components.

Greengrass discovery issues

Use the following information to troubleshoot issues with Greengrass discovery. These issues can occur when client devices use the Greengrass discovery API to identify a Greengrass core device to which they can connect.

Greengrass discovery issues (HTTP API)

Use the following information to troubleshoot issues with Greengrass discovery. You might see these errors if you test the discovery API with cURL.

curl: (52) Empty reply from server

You might see this error if you specify an inactive AWS IoT certificate in the request.

Check that the client device has an attached certificate, and that the certificate is active. For more information, see Attach a thing or policy to a client certificate and Activate or deactivate a client certificate in the AWS IoT Core Developer Guide.

HTTP 403: {"message":null,"traceId":"a1b2c3d4-5678-90ab-cdef-11111EXAMPLE"}

You might see this error if the client device doesn't have permission to call greengrass:Discover for itself.

Check that the client device's certificate has a policy that allows greengrass:Discover. You can't use thing policy variables (iot:Connection.Thing.*) in the Resource section for this permission. For more information, see Discovery authentication and authorization.

HTTP 404: {"errorMessage":"The thing provided for discovery was not found"}

You might see this error in the following cases:

  • The client device isn't associated to any Greengrass core devices or AWS IoT Greengrass V1 groups.

  • None of the client device's associated Greengrass core devices or AWS IoT Greengrass V1 groups have an MQTT broker endpoint.

  • None of the client device's associated Greengrass core devices run the client device auth component.

Check that the client device is associated to the core device to which you want it to connect. Then, check that the core device runs the client device auth component and has at least one MQTT broker endpoint. For more information, see the following:

Greengrass discovery issues (AWS IoT Device SDK v2 for Python)

Use the following information to troubleshoot issues with Greengrass discovery in the AWS IoT Device SDK v2 for Python.

awscrt.exceptions.AwsCrtError: AWS_ERROR_HTTP_CONNECTION_CLOSED: The connection has closed or is closing.

You might see this error if you specify an inactive AWS IoT certificate in the request.

Check that the client device has an attached certificate, and that the certificate is active. For more information, see Attach a thing or policy to a client certificate and Activate or deactivate a client certificate in the AWS IoT Core Developer Guide.

awsiot.greengrass_discovery.DiscoveryException: ('Error during discover call: response_code=403', 403)

You might see this error if the client device doesn't have permission to call greengrass:Discover for itself.

Check that the client device's certificate has a policy that allows greengrass:Discover. You can't use thing policy variables (iot:Connection.Thing.*) in the Resource section for this permission. For more information, see Discovery authentication and authorization.

awsiot.greengrass_discovery.DiscoveryException: ('Error during discover call: response_code=404', 404)

You might see this error in the following cases:

  • The client device isn't associated to any Greengrass core devices or AWS IoT Greengrass V1 groups.

  • None of the client device's associated Greengrass core devices or AWS IoT Greengrass V1 groups have an MQTT broker endpoint.

  • None of the client device's associated Greengrass core devices run the client device auth component.

Check that the client device is associated to the core device to which you want it to connect. Then, check that the core device runs the client device auth component and has at least one MQTT broker endpoint. For more information, see the following:

Greengrass discovery issues (AWS IoT Device SDK v2 for C++)

Use the following information to troubleshoot issues with Greengrass discovery in the AWS IoT Device SDK v2 for C++.

aws-c-http: AWS_ERROR_HTTP_CONNECTION_CLOSED, The connection has closed or is closing.

You might see this error if you specify an inactive AWS IoT certificate in the request.

Check that the client device has an attached certificate, and that the certificate is active. For more information, see Attach a thing or policy to a client certificate and Activate or deactivate a client certificate in the AWS IoT Core Developer Guide.

aws-c-common: AWS_ERROR_UNKNOWN, Unknown error. (HTTP 403)

You might see this error if the client device doesn't have permission to call greengrass:Discover for itself.

Check that the client device's certificate has a policy that allows greengrass:Discover. You can't use thing policy variables (iot:Connection.Thing.*) in the Resource section for this permission. For more information, see Discovery authentication and authorization.

aws-c-common: AWS_ERROR_UNKNOWN, Unknown error. (HTTP 404)

You might see this error in the following cases:

  • The client device isn't associated to any Greengrass core devices or AWS IoT Greengrass V1 groups.

  • None of the client device's associated Greengrass core devices or AWS IoT Greengrass V1 groups have an MQTT broker endpoint.

  • None of the client device's associated Greengrass core devices run the client device auth component.

Check that the client device is associated to the core device to which you want it to connect. Then, check that the core device runs the client device auth component and has at least one MQTT broker endpoint. For more information, see the following:

Greengrass discovery issues (AWS IoT Device SDK v2 for JavaScript)

Use the following information to troubleshoot issues with Greengrass discovery in the AWS IoT Device SDK v2 for JavaScript.

Error: aws-c-http: AWS_ERROR_HTTP_CONNECTION_CLOSED, The connection has closed or is closing.

You might see this error if you specify an inactive AWS IoT certificate in the request.

Check that the client device has an attached certificate, and that the certificate is active. For more information, see Attach a thing or policy to a client certificate and Activate or deactivate a client certificate in the AWS IoT Core Developer Guide.

Error: Discovery failed (headers: [object Object]) { response_code: 403 }

You might see this error if the client device doesn't have permission to call greengrass:Discover for itself.

Check that the client device's certificate has a policy that allows greengrass:Discover. You can't use thing policy variables (iot:Connection.Thing.*) in the Resource section for this permission. For more information, see Discovery authentication and authorization.

Error: Discovery failed (headers: [object Object]) { response_code: 404 }

You might see this error in the following cases:

  • The client device isn't associated to any Greengrass core devices or AWS IoT Greengrass V1 groups.

  • None of the client device's associated Greengrass core devices or AWS IoT Greengrass V1 groups have an MQTT broker endpoint.

  • None of the client device's associated Greengrass core devices run the client device auth component.

Check that the client device is associated to the core device to which you want it to connect. Then, check that the core device runs the client device auth component and has at least one MQTT broker endpoint. For more information, see the following:

Error: Discovery failed (headers: [object Object])

You might see this error (without an HTTP response code) when you run the Greengrass discovery sample. This error can occur for multiple reasons.

  • You might see this error if the client device doesn't have permission to call greengrass:Discover for itself.

    Check that the client device's certificate has a policy that allows greengrass:Discover. You can't use thing policy variables (iot:Connection.Thing.*) in the Resource section for this permission. For more information, see Discovery authentication and authorization.

  • You might see this error in the following cases:

    • The client device isn't associated to any Greengrass core devices or AWS IoT Greengrass V1 groups.

    • None of the client device's associated Greengrass core devices or AWS IoT Greengrass V1 groups have an MQTT broker endpoint.

    • None of the client device's associated Greengrass core devices run the client device auth component.

    Check that the client device is associated to the core device to which you want it to connect. Then, check that the core device runs the client device auth component and has at least one MQTT broker endpoint. For more information, see the following:

Greengrass discovery issues (AWS IoT Device SDK v2 for Java)

Use the following information to troubleshoot issues with Greengrass discovery in the AWS IoT Device SDK v2 for Java.

software.amazon.awssdk.crt.CrtRuntimeException: Error Getting Response Status Code from HttpStream. (aws_last_error: AWS_ERROR_HTTP_DATA_NOT_AVAILABLE(2062), This data is not yet available.)

You might see this error if you specify an inactive AWS IoT certificate in the request.

Check that the client device has an attached certificate, and that the certificate is active. For more information, see Attach a thing or policy to a client certificate and Activate or deactivate a client certificate in the AWS IoT Core Developer Guide.

java.lang.RuntimeException: Error x-amzn-ErrorType(403)

You might see this error if the client device doesn't have permission to call greengrass:Discover for itself.

Check that the client device's certificate has a policy that allows greengrass:Discover. You can't use thing policy variables (iot:Connection.Thing.*) in the Resource section for this permission. For more information, see Discovery authentication and authorization.

java.lang.RuntimeException: Error x-amzn-ErrorType(404)

You might see this error in the following cases:

  • The client device isn't associated to any Greengrass core devices or AWS IoT Greengrass V1 groups.

  • None of the client device's associated Greengrass core devices or AWS IoT Greengrass V1 groups have an MQTT broker endpoint.

  • None of the client device's associated Greengrass core devices run the client device auth component.

Check that the client device is associated to the core device to which you want it to connect. Then, check that the core device runs the client device auth component and has at least one MQTT broker endpoint. For more information, see the following:

MQTT connection issues

Use the following information to troubleshoot issues with client device MQTT connections. These issues can occur when client devices try to connect to a core device over MQTT.

io.moquette.broker.Authorizator: Client does not have read permissions on the topic

You might see this error in the Greengrass logs when a client device tries to subscribe to an MQTT topic where it doesn't have permission. The error message includes the topic.

Check that the client device auth component' configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:subscribe permission for the topic.

For more information about how to deploy and configure the client device auth component, see the following:

MQTT connection issues (Python)

Use the following information to troubleshoot issues with client device MQTT connections when you use the AWS IoT Device SDK v2 for Python.

AWS_ERROR_MQTT_PROTOCOL_ERROR: Protocol error occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following:

AWS_ERROR_MQTT_UNEXPECTED_HANGUP: Unexpected hangup occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following:

MQTT connection issues (C++)

Use the following information to troubleshoot issues with client device MQTT connections when you use the AWS IoT Device SDK v2 for C++.

AWS_ERROR_MQTT_PROTOCOL_ERROR: Protocol error occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following:

AWS_ERROR_MQTT_UNEXPECTED_HANGUP: Unexpected hangup occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following:

MQTT connection issues (Java)

Use the following information to troubleshoot issues with client device MQTT connections when you use the AWS IoT Device SDK v2 for Java.

software.amazon.awssdk.crt.mqtt.MqttException: Protocol error occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following:

AWS_ERROR_MQTT_UNEXPECTED_HANGUP: Unexpected hangup occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following:

MQTT connection issues (JavaScript)

Use the following information to troubleshoot issues with client device MQTT connections when you use the AWS IoT Device SDK v2 for JavaScript.

AWS_ERROR_MQTT_PROTOCOL_ERROR: Protocol error occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following:

AWS_ERROR_MQTT_UNEXPECTED_HANGUP: Unexpected hangup occurred

You might see this error if the client device auth component doesn't define a client device authorization policy that grants the client device permission to connect.

Check that the client device auth component's configuration includes the following:

  • A device group that matches the client device.

  • A client device authorization policy for that device group that grants the mqtt:connect permission for the client device.

For more information about how to deploy and configure the client device auth component, see the following: