3

I followed the tutorial below to connect my raspberry pi 3 to the Google IOT Core. I setup the Google Core IOT part OK at the Google console and all steps were followed for the raspberry pi part, but, The connection is always refused as per the error messages below.

error { Error: Connection refused: Bad username or password
at MqttClient._handleConnack (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:920:15)
at MqttClient._handlePacket (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:350:12)
at work (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:292:12)
at Writable.writable._write (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/lib/client.js:302:5)
at doWrite (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/node_modules/readable- 
stream/lib/_stream_writable.js:428:64)
at writeOrBuffer (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/node_modules/readable- 
stream/lib/_stream_writable.js:417:5)
at Writable.write (/home/pi/Desktop/Google-IoT- 
Device/node_modules/mqtt/node_modules/readable- 
stream/lib/_stream_writable.js:334:11)
at TLSSocket.ondata (_stream_readable.js:639:20)
at emitOne (events.js:116:13)
at TLSSocket.emit (events.js:211:7) code: 4 }
close

The tutorial link: https://hub.packtpub.com/build-google-cloud-iot-application/#comment-53421

This is the top part of my index.js file:

var fs = require('fs'); 
var jwt = require('jsonwebtoken'); 
var mqtt = require('mqtt'); 
var rpiDhtSensor = require('rpi-dht-sensor'); 

var dht = new rpiDhtSensor.DHT11(2); // `2` => GPIO2 

var projectId = 'nifty-*******-******'; 
var cloudRegion = 'us-central1'; 
var registryId = 'device-registry'; 
var deviceId = 'raspberrypi'; 

var mqttHost = 'mqtt.googleapis.com'; 
var mqttPort = 8883; 
var privateKeyFile = '../certs/rsa_private.pem'; 
var algorithm = 'RS256'; 
var messageType = 'state'; // or event 

var mqttClientId = 'projects/' + projectId + '/locations/' + cloudRegion + 
'/registries/' + registryId + '/devices/' + deviceId; 
var mqttTopic = '/devices/' + deviceId + '/' + messageType; 

var connectionArgs = { 
  host: mqttHost, 
  port: mqttPort, 
  clientId: mqttClientId, 
  username: 'unused', 
  password: createJwt(projectId, privateKeyFile, algorithm), 
  protocol: 'mqtts', 
  secureProtocol: 'TLSv1_2_method' 
};

The tutorial doesn't say anything about downloading the Google root CA certificate so I followed this tutorial: https://raspberrypi.stackexchange.com/questions/76419/entrusted-certificates-installation

I also checked the connection route was OK by following this at Google and everything checked OK: https://cloud.google.com/iot/docs/troubleshooting

The projectID, registryID, deviceID, and region all checked correct.

I am sure it must very simple but this has frustrated me for a week now. I have trawled the internet but what ever I tried results in the same error. Is there anyone that can help?

Paul Ruddlesdin
  • 103
  • 1
  • 1
  • 8

3 Answers3

3

Things to triple check:

  1. Your project ID, registry and device names are all correct with correct case and dash vs. underscore
  2. Your SSL key type matches the algorithm and specified type in the registry. I.e. if you have an RSA key, make sure it's RSA and not RSA with the x509 specified in the registry.
  3. The root cert is correct... That tutorial you linked is WAY more complicated than it needs to be. Just run: wget https://pki.google.com/roots.pem to get the current roots.pem from Google.

Not to throw yet another tutorial at you, but I also literally just published a blog post with really detailed info on this with step-by-step, mostly because the other tutorials either had holes, or stale info.

One other note: I see you're using the state MQTT topic to send, that's right, but in the comment you have listed event. It's events. So if you try to send to event, that'll fail too.

SoWhat
  • 5,564
  • 2
  • 28
  • 59
Gabe Weiss
  • 3,134
  • 1
  • 12
  • 15
  • 2
    Thank you so much GabeWeiss. I followed your tutorial and it works!!! This is the first tutorial of many that I have tried that has actually worked for me. The python code is so easy to follow and I will now use this as the basis for my further learning. I am not sure exactly why the scenario I stated above doesn't work but it is now irrelevant as I am now using your code. Now to learn what to do with the data once its in the GCP. Thanks again. – Paul Ruddlesdin Dec 23 '18 at 13:26
  • I'm facing a similar issue. If I pass the Device ID that I generated I get `Connection refused: Not authorized` if I pass the Numeric ID that Cloud IoT assigns I get the `Connection refused: Bad username or password` seen here. This was after following the tutorial @PaulRuddlesdin linked to along with [this one](https://medium.com/google-developers/building-a-smart-home-cloud-service-with-google-1ee436ac5a03). This tutorial link goes nowhere though. – Brad W Dec 16 '19 at 14:42
  • @BradW Could you post a new SO question with your code and then ping me a PM or something and I can take a look. Without seeing the code, not sure what's going on, but I suspect the MQTT connection isn't being passed the JWT in your 2nd case (when you get bad username/pw) and that the key isn't being registered correctly in the first case. But need more info. :) – Gabe Weiss Dec 17 '19 at 16:07
  • @GabeWeiss I seem to have it working now. While I'm not exactly certain what it means or why it started working afterwards, I added `protocolId : MQIsdp` to the `connectionArgs` object passed to `mqtt.connect()` and I started seeing the `close` event getting pinged in my terminal. – Brad W Dec 17 '19 at 20:37
  • Well that is kinda strange...but I'm glad it's working! :D – Gabe Weiss Dec 17 '19 at 21:27
  • @GabeWeiss this seems to be a false alarm. I'm not seeing any activity in my stack log that would indicate that my device is actually connecting. I will post a new question. – Brad W Dec 18 '19 at 12:22
2

Same problem I have faced and solved it, reduce expiry time where create json token for password

Rajan Makwana
  • 21
  • 1
0

For me it was a simple oversight, namely a space between the equal sign (=) and the region name. Code was:

before (failing) ....

node cloudiot_mqtt_example_nodejs.js mqttDeviceDemo \
--projectId=myproject \
--cloudRegion= us-central1 \
--registryId=1234 \
--deviceId=test-device \
--privateKeyFile=./cert/rsa_private.pem \
--numMessages=25 \
--algorithm=RS256

after (fixed error message "error Error: Connection refused: Bad username or password) ....

--cloudRegion=us-central1 \

also, see examples here: https://github.com/GoogleCloudPlatform/nodejs-docs-samples/tree/master/iot/mqtt_example

Craig D
  • 351
  • 2
  • 7