TLS handshake timeout: what could be causing this?

[b-enigma-con]

We recently installed and manually provisioned an IoT Edge device on Ubuntu 22.04 LTS using self-signed CA certificates in our local network. The device was operating correctly. Afterwards, the device was shipped to the client and installed in the clients' network.

After applying the necessary firewall changes at the client and moving the IoT Edge device to another IoT Hub using:

sudo iotedge config mp --connection-string '[CONN STRING HERE]'
sudo iotedge config apply
we now receive the following errors in the logs: TLS handshake timeout

Nov 14 14:42:48 iot-01 aziot-edged[1938]: 2023-11-14T14:42:48Z [INFO] - Creating and starting Edge runtime module edgeAgent...
Nov 14 14:42:48 iot-01 aziot-edged[1938]: 2023-11-14T14:42:48Z [INFO] - Pulling image via tag mcr.microsoft.com/azureiotedge-agent:1.4...
Nov 14 14:42:58 iot-01 aziot-edged[1938]: 2023-11-14T14:42:58Z [WARN] - container runtime error
Nov 14 14:42:58 iot-01 aziot-edged[1938]: Caused by:
Nov 14 14:42:58 iot-01 aziot-edged[1938]: HTTP 500 Internal Server Error: Get "https://mcr.microsoft.com/v2/": net/http: TLS handshake timeout
Nov 14 14:42:58 iot-01 aziot-edged[1938]: 2023-11-14T14:42:58Z [WARN] - Error in watchdog: Failed to pull Edge runtime module: registry operation error: pull image "mcr.microsoft.com/azureiotedge-agent:1.4".

Where should we search for the solution? Could this issue be firewall related, should we cleanup certain folders on the IoT Edge after moving from one IoT Hub to another IoT Hub?

[vadim-kovalyov]

It is hard to say with this little information. From my previous experience it is likely the clients' network has some proxy (like ZScaler) that does TLS termination. Could you check that?

[david-emakenemi]

Issue has been stale for 2 weeks. Closing for now @b-enigma-con feel free to re-open if you are still experiencing the issue.