Google IoT Core w/ NB IoT can't connect

[nicolasgarnet]

Hi,

I am using the arduino tutorial for connecting MKR 1500 (NB-IoT) to Google IoT Core with the corresponding librairies.
It doesn't work.

Azure tutorial works fine, but not IoT Core.
I have done it several times while following each step precisely.

I have different hypothesis :

• certificate are no longer working and I don't know how to update them with the ones provided by Google (roots.pem)
• maybe the connection is not TLS 1.2

Is it still working for other MKR 1500 and Google IoT Core users ?

[sandeepmistry]

Hi @nicolasgarnet,

Are you using https://create.arduino.cc/projecthub/Arduino_Genuino/securely-connecting-a-mkr-gsm-1400-to-google-cloud-iot-core-b8b628 + https://github.com/arduino/ArduinoCloudProviderExamples/tree/master/examples/Google%20Cloud%20Platform%20IoT%20Core/GCP_IoT_Core_NB

[nicolasgarnet]

Hi @sandeepmistry

Yes indeed, and the appropriate ArduinoMqttClient and MKRNB librairies.
It seems not working attempting SSL connection.

[sandeepmistry]

Can you please change the NB nbAccess; line in the sketch to NB nbAccess(true); and copy/paste the output of the Serial Monitor here.

It would also be great to know what carrier you are using etc.

[nicolasgarnet]

Btw, I was able to connect to my GCP IoT Core with mosquitto.
I also connected through IoT Core with public key and jwt from this arduino code.

Google IoT Core needs a complete cerficate package (roots.pem) and I don't find the corresponding cert in the utility NBrootscert, so my guess is the problem comes from here.

[nicolasgarnet]

please change the NB nbAccess; line in the sketch to NB nbAccess(true); and copy/paste the output of the Serial Monitor here.

Here it is:

Attempting to connect to the cellular network
AT

OK
AT

OK
AT+CMEE=0

OK
AT+CFUN=0

OK
AT+CPIN?

+CPIN: READY

OK
AT+CMGF=1

OK
AT+UDCONF=1,1

OK
AT+CTZU=1

OK
AT+CGDCONT=1,"IP",""

OK
AT+UAUTHREQ=1,0

OK
AT+CFUN=1

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,1

OK
AT+CGATT=1

OK
AT+CGACT?

+CGACT: 1,1

OK
You're connected to the cellular network

Attempting to connect to MQTT broker: mqtt.googleapis.com
AT+CCLK?

+CCLK: "19/10/03,14:29:02+08"

OK
AT+USECMNG=0,0,"AddTrust_External_CA_Root",1082

>
+USECMNG: 0,0,"AddTrust_External_CA_Root","1D3554048578B03F42424DBF20730A3F"

OK
AT+USECMNG=0,0,"Baltimore_CyberTrust_Root",891

>
+USECMNG: 0,0,"Baltimore_CyberTrust_Root","ACB694A59C17E0D791529BB19706A6E4"

OK
AT+USECMNG=0,0,"COMODO_RSA_Certification_Authority",1500

>
+USECMNG: 0,0,"COMODO_RSA_Certification_Authority","1B31B0714036CC143691ADC43EFDEC18"

OK
AT+USECMNG=0,0,"DST_Root_CA_X3",846

>
+USECMNG: 0,0,"DST_Root_CA_X3","410352DC0FF7501B16F0028EBA6F45C5"

OK
AT+USECMNG=0,0,"DigiCert_High_Assurance_EV_Root_CA",969

>
+USECMNG: 0,0,"DigiCert_High_Assurance_EV_Root_CA","D474DE575C39B2D39C8583C5C065498A"

OK
AT+USECMNG=0,0,"Entrust_Root_Certification_Authority",1173

>
+USECMNG: 0,0,"Entrust_Root_Certification_Authority","D6A5C3ED5DDD3E00C13D87921F1D3FE4"

OK
AT+USECMNG=0,0,"Equifax_Secure_Certificate_Authority",804

>
+USECMNG: 0,0,"Equifax_Secure_Certificate_Authority","67CB9DC013248A829BB2171ED11BECD4"

OK
AT+USECMNG=0,0,"GeoTrust_Global_CA",856

>
+USECMNG: 0,0,"GeoTrust_Global_CA","F775AB29FB514EB7775EFF053C998EF5"

OK
AT+USECMNG=0,0,"GeoTrust_Primary_Certification_Authority_G3",1026

>
+USECMNG: 0,0,"GeoTrust_Primary_Certification_Authority_G3","B5E83436C910445848706D2E83D4B805"

OK
AT+USECMNG=0,0,"GlobalSign",958

>
+USECMNG: 0,0,"GlobalSign","9414777E3E5EFD8F30BD41B0CFE7D030"

OK
AT+USECMNG=0,0,"Go_Daddy_Root_Certificate_Authority_G2",969

>
+USECMNG: 0,0,"Go_Daddy_Root_Certificate_Authority_G2","803ABC22C1E6FB8D9B3B274A321B9A01"

OK
AT+USECMNG=0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5",1239

>
+USECMNG: 0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5","CB17E431673EE209FE455793F30AFA1C"

OK
AT+USECMNG=2,0,"AmazonRootCA1"

ERROR
AT+USECMNG=0,0,"Starfield_Services_Root_Certificate_Authority_G2",1011

>
+USECMNG: 0,0,"Starfield_Services_Root_Certificate_Authority_G2","173574AF7B611CEBF4F93CE2EE40F9A2"

OK
AT+USOCR=6

+USOCR: 0

OK
AT+USOSEC=0,1,0

OK
AT+USECPRF=0,0,1

OK
AT+USOCO=0,"mqtt.googleapis.com",8883

OK
AT+USOWR=0,256,"109E0200044D5154540442003C004A70726F6A656374732F61726475696E6F313530302F6C6F636174696F6E732F6575726F70652D77657374312F726567697374726965732F6E62313530302F646576696365732F7465737400C665794A68624763694F694A46557A49314E694973496E523563434936496B705856434A392E65794A68645751694F694A68636D5231615735764D5455774D434973496D6C68644349364D5455334D4445774E5463304D6977695A586877496A6F784E5463774D546B794D54517966512E736D51426533506A7A5A4F456A54725065573577637743585357544E795376616D4F62413349374D687459314D303255EO
+UUSOCL: 0
AT+USOCL=0

ERROR
.AT+CCLK?

+CCLK: "19/10/03,14:29:37+08"

OK
AT+USOCR=6

+USOCR: 0

OK
AT+USOSEC=0,1,0

OK
AT+USECPRF=0,0,1

OK
AT+USOCO=0,"mqtt.googleapis.com",8883

OK
AT+USOWR=0,256,"109E0200044D5154540442003C004A70726F6A656374732F61726475696E6F313530302F6C6F636174696F6E732F6575726F70652D77657374312F726567697374726965732F6E62313530302F646576696365732F7465737400C665794A68624763694F694A46557A49314E694973496E523563434936496B705856434A392E65794A68645751694F694A68636D5231615735764D5455774D434973496D6C68644349364D5455334D4445774E5463334E7977695A586877496A6F784E5463774D546B794D54633366512E6A4D346C6369636262694E72644933727A51442D6C726C62305A4A6C574E434368EA4A47264F476C519"
ERR

+UUSOCL: 0
AT+USOCL=0

ERROR
.

Then it continues in loop.

[nicolasgarnet]

@sandeepmistry

I forgot to mention carrier is SFR NB-IOT.
The Azure tutorial worked with it.

[nicolasgarnet]

@sandeepmistry

Is still working on your side ?
This would help figure out if it is something wrong just on my side.

I checked that every basic information was entered right with mosquitto. So then I tried checking what was happening with SSL connection.

I have tried :

• Putting the last Google cert (roots.pem) by coding it in uint_8_t

• Checking the AT command sent in SARA R4 for cert verification and TLS 1.2

Nothing worked, but I am not an expert so I might have done something wrong.

If you have time, any help would be gladly appreciated.

[sandeepmistry]

@nicolasgarnet the SSL layer seems ok on my side (I haven't tried the JWT again however).

Via openssl the root cert used is Global sign, which is already in the MKRNB lib:

$ openssl s_client -connect  mqtt.googleapis.com:8883
CONNECTED(00000005)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = mqtt.googleapis.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=mqtt.googleapis.com
   i:/C=US/O=Google Trust Services/CN=GTS CA 1O1
 1 s:/C=US/O=Google Trust Services/CN=GTS CA 1O1
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgIQK3hDnhvqYDgIAAAAABT7VTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw
EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTE5MDkxNzEzMjUwNVoXDTE5MTIxMDEzMjUw
NVowbTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxHDAaBgNVBAMTE21x
dHQuZ29vZ2xlYXBpcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDLTCL6HsWntZZrmZrOiguookhIosG3B3P+2xFCoh1dnpASGefq5c2DbDs69Pqj
wWXAAzNYiHW+UyTb2ae8uXAhVMZXfCVog/evvwVWGDinoa8XFNJCEMbMsjrcVRKs
eCEeHbR97A99Y5vvDWV/COQqwoi5v+KOxQePfmEFgi2el6TxYip+IAHvDwTi4lmP
FcuC6AFzJY7seHddtJHMFLIqc3IAM+8bOfV4HVRleGxOmekjHkIVJDUr8L49N7ky
OWUoW6JcLXPm8bR3hmRfAuqVGGLVdvDfKUoxWRnjmFtQFPUi+rCrwySbZOi7wmZ3
UCurmlUykivHViF1vvwNMHH7AgMBAAGjggJxMIICbTAOBgNVHQ8BAf8EBAMCBaAw
EwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUIoxq
mv49UdGfH2jSm1qpij4eREkwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J
/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2ku
Z29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dU
UzFPMS5jcnQwOAYDVR0RBDEwL4ITbXF0dC5nb29nbGVhcGlzLmNvbYIYbXF0dC1t
dGxzLmdvb2dsZWFwaXMuY29tMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB
1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMx
TzEuY3JsMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAY/Lbzeg7zCzPC3KEJ1dr
M6SNYXePvXWmOLHHaFRL2I0AAAFtP5zUFAAABAMARjBEAiAfJQu5hfRiRhbAe0HB
9o0xt8KEeeSxhdOGBoIVbAb72QIgOiKjG9kfCSCJtLaDT+x5tbtHA4PiNmWT9I1P
kefMSWoAdQB0ftqDMa0zEJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAW0/nNRD
AAAEAwBGMEQCIDG2onWJKd9+Fmz9mW67q1admhNIRVMG1uXWQSL7XpVYAiArNpkT
XPpyexJQ7/DaT8LqtTDlpbfCyp9VQyjNmyVYcjANBgkqhkiG9w0BAQsFAAOCAQEA
OG75AWM9Zb29NhvyGqtT5ffEYsJReHO6N7+xE/5IsqKHjVfQitn/6L9m3EumBiMD
VkAaQuOA7By/bXH2sORtYMbxQiloMG8IF7Y5J4Tn6QKntC9lBB2xWGV+UOGxRnD4
M77a36D5IVFVXdzQqtUgtS85lkm2Oisz1R689rIYl+sfN8qSjGj/RsXIqGHe9eBf
WhQu8o8AO5G1MxsG3eQuD7BaYQ+OzISnHzqhIdA1MWDIJ3V6IchZgp63Q1UfV83q
XmaejV17ueAeY6yS2XzXPCVVMJGJ2pHqNSD6sDDavPN8g3nQg98RZz7gQzFCTRWK
/BFtL1xUKb17QJV57lbgRg==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=mqtt.googleapis.com
issuer=/C=US/O=Google Trust Services/CN=GTS CA 1O1
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3225 bytes and written 285 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-CHACHA20-POLY1305
    Session-ID: E6B72A4E74C75D33E051E489976BB15F0E8F44FC27EDBAF676827DC08EE9D622
    Session-ID-ctx: 
    Master-Key: 0CFA0E7052A1FA42998F5538500F64FCB28126C3C2956D64E5860EB5E1934CE5665D0CD781189C6D59A7EAF55C0430FB
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 00 40 97 cf c7 0c 1d 3e-94 41 dd a5 35 c3 21 7f   .@.....>.A..5.!.
    0010 - 22 64 6a 42 1b 6b cc 37-0e 38 3c f2 a4 f4 6e 13   "djB.k.7.8<...n.
    0020 - 8e 72 46 43 48 dd 87 85-18 a9 4d 69 cf 88 7d 04   .rFCH.....Mi..}.
    0030 - 45 f3 3d 2a b7 43 d9 27-35 8a 23 5a d2 f0 59 48   E.=*.C.'5.#Z..YH
    0040 - b6 06 da ef 33 1c bf 92-cb d9 d7 d4 b6 a9 4e 60   ....3.........N`
    0050 - b9 6e e6 7a a9 88 95 34-38 82 21 c7 3b ca 77 b3   .n.z...48.!.;.w.
    0060 - 56 39 8c f8 19 11 bd b1-11 2d 1d bd 74 59 e6 63   V9.......-..tY.c
    0070 - e7 70 db 63 23 0c 41 db-70 fd 4e ad e6 89 10 29   .p.c#.A.p.N....)
    0080 - 4b 88 53 5e c9 1c f0 1f-1f 66 77 ab 48 ac 81 b0   K.S^.....fw.H...
    0090 - d3 19 00 90 41 14 a0 cd-17 ea 5a 47 b4 0f 69 bd   ....A.....ZG..i.
    00a0 - ba 0f 08 04 ec 24 57 df-4e a5 ad bc e4 ce 8a 66   .....$W.N......f
    00b0 - 7c d3 4f cd ef 6a 0e 1b-ba 10 83 10 af 64 a5 46   |.O..j.......d.F
    00c0 - 58 94 e0 9a cc 5c c0 61-f6 aa a0 ac 72 69 9c 49   X....\.a....ri.I
    00d0 - 4d 7b cc 0e 52                                    M{..R

    Start Time: 1570458135
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
read:errno=0

Here's the debug log when I run the GCP_IoT_Core_NB (note, I have not setup the device in GCP for this test):

Attempting to connect to the cellular network
AT

OK
AT

OK
AT+CMEE=0

OK
AT+CFUN=0

OK
AT+CPIN?

+CPIN: READY

OK

+PACSP1
AT+CMGF=1

OK
AT+UDCONF=1,1

OK
AT+CTZU=1

OK
AT+CGDCONT=1,"IP",""

OK
AT+UAUTHREQ=1,0

OK
AT+CFUN=1

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,1

OK
AT+CGATT=1

OK
AT+CGACT?

+CGACT: 1,1

OK
You're connected to the cellular network

Attempting to connect to MQTT broker: mqtt.googleapis.com 
AT+CCLK?

+CCLK: "19/10/07,14:48:32-16"

OK
AT+USECMNG=0,0,"AddTrust_External_CA_Root",1082

>
+USECMNG: 0,0,"AddTrust_External_CA_Root","1D3554048578B03F42424DBF20730A3F"

OK
AT+USECMNG=0,0,"Baltimore_CyberTrust_Root",891

>
+USECMNG: 0,0,"Baltimore_CyberTrust_Root","ACB694A59C17E0D791529BB19706A6E4"

OK
AT+USECMNG=0,0,"COMODO_RSA_Certification_Authority",1500

>
+USECMNG: 0,0,"COMODO_RSA_Certification_Authority","1B31B0714036CC143691ADC43EFDEC18"

OK
AT+USECMNG=0,0,"DST_Root_CA_X3",846

>
+USECMNG: 0,0,"DST_Root_CA_X3","410352DC0FF7501B16F0028EBA6F45C5"

OK
AT+USECMNG=0,0,"DigiCert_High_Assurance_EV_Root_CA",969

>
+USECMNG: 0,0,"DigiCert_High_Assurance_EV_Root_CA","D474DE575C39B2D39C8583C5C065498A"

OK
AT+USECMNG=0,0,"Entrust_Root_Certification_Authority",1173

>
+USECMNG: 0,0,"Entrust_Root_Certification_Authority","D6A5C3ED5DDD3E00C13D87921F1D3FE4"

OK
AT+USECMNG=0,0,"Equifax_Secure_Certificate_Authority",804

>
+USECMNG: 0,0,"Equifax_Secure_Certificate_Authority","67CB9DC013248A829BB2171ED11BECD4"

OK
AT+USECMNG=0,0,"GeoTrust_Global_CA",856

>
+USECMNG: 0,0,"GeoTrust_Global_CA","F775AB29FB514EB7775EFF053C998EF5"

OK
AT+USECMNG=0,0,"GeoTrust_Primary_Certification_Authority_G3",1026

>
+USECMNG: 0,0,"GeoTrust_Primary_Certification_Authority_G3","B5E83436C910445848706D2E83D4B805"

OK
AT+USECMNG=0,0,"GlobalSign",958

>
+USECMNG: 0,0,"GlobalSign","9414777E3E5EFD8F30BD41B0CFE7D030"

OK
AT+USECMNG=0,0,"Go_Daddy_Root_Certificate_Authority_G2",969

>
+USECMNG: 0,0,"Go_Daddy_Root_Certificate_Authority_G2","803ABC22C1E6FB8D9B3B274A321B9A01"

OK
AT+USECMNG=0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5",1239

>
+USECMNG: 0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5","CB17E431673EE209FE455793F30AFA1C"

OK
AT+USECMNG=2,0,"AmazonRootCA1"

ERROR
AT+USECMNG=0,0,"Starfield_Services_Root_Certificate_Authority_G2",1011

>
+USECMNG: 0,0,"Starfield_Services_Root_Certificate_Authority_G2","173574AF7B611CEBF4F93CE2EE40F9A2"

OK
AT+USOCR=6

+USOCR: 0

OK
AT+USOSEC=0,1,0

OK
AT+USECPRF=0,0,1

OK
AT+USOCO=0,"mqtt.googleapis.com",8883

OK
AT+USOWR=0,241,"10EE0100044D5154540442003C002970726F6A656374732F2F6C6F636174696F6E732F2F726567697374726965732F2F646576696365732F00B765794A68624763694F694A46557A49314E694973496E523563434936496B705856434A392E65794A68645751694F6949694C434A70595851694F6A45314E7A41304E546B334D544973496D5634634349364D5455334D4455304E6A45784D6E302E4F344E61495171336C566336364B6C71536B634A78674666772D67316148374F564A3536783068334B724832326A4161726E76696A69537832723533676F4B52724676704E7935574E33462D363137336B3646783267"

+USOWR: 0,241

OK
AT+USORD=0,512

+USORD: 0,""

OK
AT+USORD=0,512

+USORD: 0,""

OK
AT+USORD=0,512

+USORD: 0,""

OK
AT+USORD=0,512

+USORD: 0,""

OK
AT+USORD=0,512

+USORD: 0,""

OK

+UUSORD: 0,4
AT+USORD=0,512


+USORD: 0,4,"20020004"
OK

+UUSOCL: 0
AT+USORD=0,512

ERROR
AT+USOCL=0

ERROR
.

I've attached the root cert from the lib:
globalsign.cer.zip

Would you be able to check with your provider if the connection was allowed?

[sandeepmistry]

The write is failing in the debug log you provided:

AT+USOWR=0,256,"109E0200044D5154540442003C004A70726F6A656374732F61726475696E6F313530302F6C6F636174696F6E732F6575726F70652D77657374312F726567697374726965732F6E62313530302F646576696365732F7465737400C665794A68624763694F694A46557A49314E694973496E523563434936496B705856434A392E65794A68645751694F694A68636D5231615735764D5455774D434973496D6C68644349364D5455334D4445774E5463334E7977695A586877496A6F784E5463774D546B794D54633366512E6A4D346C6369636262694E72644933727A51442D6C726C62305A4A6C574E434368EA4A47264F476C519"
ERR

[nicolasgarnet]

Hello @sandeepmistry ,

I took the time to investigate more before responding.

Provider is saying that there are no limitation on my NB sim card. They don't see what reason could not make it work on their part.

What suggests to you the problem comes from my provider ?

From the error in the debug log I provided, it seems the handshake between the socket and the remote server doesn't work. I have tried translating it from HEX:

����MQTT�B<Jprojects/arduino1500/locations/europe-west1/registries/nb1500/devices/testÆeyJhbGciOiJFUzI1
NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhcmR1aW5vMTUwMCIsImlhdCI6MTU3MDY
yNDcxMSwiZXhwIjoxNTcwNzExMTExfQ.b2Fg4zl0GFHw6xFPmIaXFP2OSDA0NfwHMTHJ6N1naid52XVuyAa3

The second part is the jwt key, which I am sure is correct.
I am not expert enough to understand why it fails to write on the socket.

Is it a problem located on my MKR 1500, or is it on the network provided ? What's your opinion ?

So I checked and it seems that my ublox sara-R410M 02B-00 doesn't have the lastest firmware version. I can see this with ATI9:

ATI9
L0.0.00.00.05.06,A.02.00

OK

Could it be the origin the error ? I can't manage to update it with "program m-center.
I didn't get that card from Arduino but from RS Components.

Do you think buying a recent MKR 1500 directly from Arduino could solve this ?

I am starting to get a bit lost behind all the AT commands and understanding the origin of the problem...

I am really grateful that you tested the code on your side, at least I am not suspecting errors from it now.

[sandeepmistry]

Is it a problem located on my MKR 1500, or is it on the network provided ? What's your opinion ?

I am unsure, for whatever reason after the socket is connected and the MQTT connection data is written the socket is marked as closed. It could be the server disconnecting or the the u-blox module.

...

+USORD: 0,4,"20020004"
OK

+UUSOCL: 0
AT+USORD=0,512

ERROR
AT+USOCL=0

It appears the timestamp of the module is fine:

AT+CCLK?

+CCLK: "19/10/07,14:48:32-16"

Do you think buying a recent MKR 1500 directly from Arduino could solve this ?

At this point I doubt it. Would you be able to try with another SIM from a different provider?

[ateeq256]

Hi,

I am facing same problem,
Is there any resolution?
The device getting correct time from Netowrk,but the Mqtt connection is not working

Attempting to connect to the cellular network
AT

OK
AT+CMEE=0

OK
AT+CFUN=0

OK
AT+CPIN?

+CPIN: READY

OK
AT+CMGF=1

OK
AT+UDCONF=1,1

OK
AT+CTZU=1

OK
AT+CGDCONT=1,"IP",""

OK
AT+UAUTHREQ=1,0

OK
AT+CFUN=1

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,0

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,2

OK
AT+CEREG?

+CEREG: 0,5

OK
AT+CGATT=1

OK
AT+CGACT?

+CGACT: 1,1

OK
You're connected to the cellular network

Attempting to connect to MQTT broker: mqtt.googleapis.com 
Network Time : AT+CCLK?

+CCLK: "20/10/11,17:11:03+08"

OK
1602429063
AT+CCLK?

+CCLK: "20/10/11,17:11:03+08"

OK
AT+USOCR=6

+USOCR: 0

OK
AT+USOCO=0,"mqtt.googleapis.com",8883

OK
AT+USOWR=0,256,"10950200044D5154540442003C004770726F6A656374732F6265616D696F742F6C6F636174696F6E732F6575726F70652D77657374312F726567697374726965732F6265616D2F646576696365732F4265616D30303300C065794A68624763694F694A46557A49314E694973496E523563434936496B705856434A392E65794A68645751694F694A695A574674615739304969776961574630496A6F784E6A41794E4449354D44597A4C434A6C654841694F6A45324D4449314D5455304E6A4E392E4B4177366A4C47554C76704561654550384138695A6D766732476C7075357236527632524739305974645A33724850346E4161566D797454623066663942"

+USOWR: 0,256

OK
AT+USOWR=0,24,"474F7244665A7746597A3161456134754662566354587941"

+USOWR: 0,24

OK
AT+USORD=0,512

+USORD: 0,""

OK
AT+USORD=0,512

[ateeq256]

Is it possible if the certifications used by the MKRNB are expired?

[adamrosebrock]

This problem with GCP / IoT exists on the MKRNB1500, GSM1400, and WiFi1010. None of these platforms are successfully opening a connection on 8883. mqttClient.connectError() returns -1 (Connection Timeout) on the WiFi1010...

Secure MQTT to test.mostquitto.org works fine on all platforms. This appears to be a problem with establishment of the initial SSL connection to Google Cloud Platform.

[djfratello]

I have such a problem on my MKR GSM 1400 board.

Internet connection works, but I cannot connect to the Google platform

AT

OK
AT+IPR=921600

OK
AT

OK
AT+UPSV=3

OK
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

ERROR
AT+CPIN?

+CPIN: READY

OK
AT+CMGF=1

OK
AT+UDCONF=1,1

OK
AT+CTZU=1

OK
AT+UDTMFD=1,2

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK

+UMWI: 0,1

+UMWI: 0,2

+UMWI: 0,3

+UMWI: 0,4
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,0

OK
AT+CREG?

+CREG: 0,1

OK
AT+UCALLSTAT=1

OK
AT+CGATT=1

OK
AT+UPSD=0,1,"internet"

OK
AT+UPSD=0,6,3

OK
AT+UPSD=0,2,""

OK
AT+UPSD=0,3,""

OK
AT+UPSD=0,7,"0.0.0.0"

OK
AT+UPSDA=0,3

OK
AT+UPSND=0,8

+UPSND: 0,8,1

OK
You're connected to the cellular network

Attempting to connect to MQTT broker: mqtt.googleapis.com 
AT+CCLK?

+CCLK: "21/07/08,19:25:16+08"

OK
AT+USECMNG=0,0,"AddTrust_External_CA_Root",1082
>
+USECMNG: 0,0,"AddTrust_External_CA_Root","1d3554048578b03f42424dbf20730a3f"

OK
AT+USECMNG=0,0,"Baltimore_CyberTrust_Root",891
>
+USECMNG: 0,0,"Baltimore_CyberTrust_Root","acb694a59c17e0d791529bb19706a6e4"

OK
AT+USECMNG=0,0,"COMODO_RSA_Certification_Authority",1500
>
+USECMNG: 0,0,"COMODO_RSA_Certification_Authority","1b31b0714036cc143691adc43efdec18"

OK
AT+USECMNG=0,0,"DST_Root_CA_X3",846
>
+USECMNG: 0,0,"DST_Root_CA_X3","410352dc0ff7501b16f0028eba6f45c5"

OK
AT+USECMNG=0,0,"DigiCert_High_Assurance_EV_Root_CA",969
>
+USECMNG: 0,0,"DigiCert_High_Assurance_EV_Root_CA","d474de575c39b2d39c8583c5c065498a"

OK
AT+USECMNG=0,0,"Entrust_Root_Certification_Authority",1173
>
+USECMNG: 0,0,"Entrust_Root_Certification_Authority","d6a5c3ed5ddd3e00c13d87921f1d3fe4"

OK
AT+USECMNG=0,0,"Equifax_Secure_Certificate_Authority",804
>
+USECMNG: 0,0,"Equifax_Secure_Certificate_Authority","67cb9dc013248a829bb2171ed11becd4"

OK
AT+USECMNG=0,0,"GeoTrust_Global_CA",856
>
+USECMNG: 0,0,"GeoTrust_Global_CA","f775ab29fb514eb7775eff053c998ef5"

OK
AT+USECMNG=0,0,"GeoTrust_Primary_Certification_Authority_G3",1026
>
+USECMNG: 0,0,"GeoTrust_Primary_Certification_Authority_G3","b5e83436c910445848706d2e83d4b805"

OK
AT+USECMNG=0,0,"GlobalSign",958
>
+USECMNG: 0,0,"GlobalSign","9414777e3e5efd8f30bd41b0cfe7d030"

OK
AT+USECMNG=0,0,"Go_Daddy_Root_Certificate_Authority_G2",969
>
+USECMNG: 0,0,"Go_Daddy_Root_Certificate_Authority_G2","803abc22c1e6fb8d9b3b274a321b9a01"

OK
AT+USECMNG=0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5",1239
>
+USECMNG: 0,0,"VeriSign_Class_3_Public_Primary_Certification_Authority_G5","cb17e431673ee209fe455793f30afa1c"

OK
AT+USECMNG=2,0,"AmazonRootCA1"

ERROR
AT+USECMNG=0,0,"Starfield_Services_Root_Certificate_Authority_G2",1011
>
+USECMNG: 0,0,"Starfield_Services_Root_Certificate_Authority_G2","173574af7b611cebf4f93ce2ee40f9a2"

OK
AT+USOCR=6

+USOCR: 0

OK
AT+USOSEC=0,1,0

OK
AT+USECPRF=0,0,1

OK
AT+USOCO=0,"mqtt.googleapis.com",8883

ERROR
AT+USOCL=0

ERROR

[djfratello]

@fabltd
not yet
Still working on fixing the problem

Now my MKR board don't won't use any CA

You're connected to the cellular network

Attempting to connect to MQTT broker: mqtt.2030.ltsapis.goog 
AT+CCLK?

+CCLK: "22/04/01,11:52:32+08"

OK
AT+USECMNG=0,0,"AddTrust_External_CA_Root",1082
>
ERROR
.