Error connecting to mqtt server using quectel bg96 module

i have been able to connect to azure-iot-hub and publish and subscribe to topics while using self-signed X509 certs. i used bg96 module to connect to my azure iot hub. Now i have set up device provisioning service and i am trying to connect to my device global endpoint. i am using the same ssl configuration as before but i am unable to open mqtt connection.

i get this error mqtt network open fail

+QMTOPEN: 1,-1

here is the complete output

-> ATI


<- Quectel
<- BG96
<- Revision: BG96MAR02A07M1G
<- 
<- OK
Quectel
BG96
Revision: BG96MAR02A07M1G

AT+CPIN?


-> AT+CPIN?


<- +CPIN: READY


-> AT+QICSGP=2,1,"ZONG","","",3


<- OK


-> AT+QIACT=2


<- OK


-> AT+QICSGP=2,1,"ZONG","","",3


<- OK


-> AT+CGPADDR=2


<- +CGPADDR: 2,100.110.43.143

 
<- OK


APN OK: The IP address is 100.110.43.143


-> AT+QSSLCFG="sslversion",0,3


<- OK


-> AT+QSSLCFG="ciphersuite",0,0XFFFF


<- OK


-> AT+QSSLCFG="negotiatetime",0,300


<- OK


-> AT+QFUPL="ca_cert.pem",1282


Send Data len :1282


+QFUPL: 1282,5155


<- OK


-> AT+QFUPL="client_cert.pem",1188


Send Data len :1188


+QFUPL: 1188,707e


<- OK


-> AT+QFUPL="client_key.pem",1732


Send Data len :1732


+QFUPL: 1732,595e


<- OK


-> AT+QSSLCFG="seclevel",0,2


<- OK


-> AT+QSSLCFG="cacert",0,"ca_cert.pem"


<- OK


-> AT+QSSLCFG="clientcert",0,"client_cert.pem"


<- OK


-> AT+QSSLCFG="clientkey",0,"client_key.pem"


<- OK


-> AT+QSSLCFG="ignorelocaltime",0,1


<- OK


AT+QSSLCFG="ignorelocaltime",0


+QSSLCFG: "ignorelocaltime",0,1


OK


SSL OK: The ssl were successfully initialized.


-> AT+QMTCFG="version",1,4


<- OK


-> AT+QMTCFG="pdpcid",1,2


<- OK


-> AT+QMTCFG="keepalive",1,150


<- OK


-> AT+QMTCFG="session",1,1


<- OK


Config the MQTT Parameter Success!


AT+QMTCFG="ssl",1,1,0


OK

AT+QMTOPEN=1,"global.azure-devices-provisioning.net",8883

OK


+QMTOPEN: 1,-1

before you do “AT+QMTOPEN”,pls send AT+QIACT? to check that , if the PDP has been activated successfully , thanks

https://cnquectel-my.sharepoint.com/:f:/g/personal/america-fae_quectel_com/EhnjdN0lxvhCmWmwZnYE05YB4NS6IvzBfwNGk99QcarP7g?e=iE7cAY

thanks for the reply…
i have checked the link you mentioned in your reply. in these examples you are connecting directly to iot hub but i am trying to connect to azure dps. as i said i can connect to my iot hub successfully this error occurs only when i am trying to connect to dps global endpoint that is global.azure-devices-provisioning.net. i am trying to register my device there. can you please send me any example of that?

here the output of AT+QIACT?before AT+QMTOPEN as you can see pdp context is active but still not connecting.

i have changed the pdp, ssl and mqtt context according to whats recommended in the mqtt application note.

complete output

<- Quectel
<- BG96
<- Revision: BG96MAR02A07M1G
<- 
<- OK
Quectel
BG96
Revision: BG96MAR02A07M1G

-> AT+CPIN?


<- +CPIN: READY
-> AT+QICSGP=1,1,"ZONG","","",3


<- OK
-> AT+CGPADDR=1


<- +CGPADDR: 1,0.0.0.0
<- 
<- OK
-> AT+QIACT=1


<- ERROR
<- AT+QICSGP=1,1,"ZONG","","",3
-> AT+QICSGP=1,1,"ZONG","","",3


<- OK
-> AT+CGPADDR=1


<- +CGPADDR: 1,0.0.0.0
<- 
<- OK
-> AT+QIACT=1


<- OK
-> AT+QICSGP=1,1,"ZONG","","",3


<- OK
-> AT+CGPADDR=1


<- +CGPADDR: 1,100.65.228.150
<- 
<- OK
APN OK: The IP address is 100.65.228.150


-> AT+QSSLCFG="sslversion",2,3


<- OK
-> AT+QSSLCFG="ciphersuite",2,0XFFFF


<- OK
-> AT+QSSLCFG="negotiatetime",2,300


<- OK
-> AT+QFUPL="ca_cert.pem",1282


<- +CME ERROR: 407
<- AT+QFDEL="ca_cert.pem"
-> AT+QFDEL="ca_cert.pem"


<- OK
-> AT+QFUPL="ca_cert.pem",1282


<- CONNECT

Send Data len :1282
+QFUPL: 1282,5155
<- 
<- OK
-> AT+QFUPL="client_cert.pem",1188


<- +CME ERROR: 407
<- AT+QFDEL="client_cert.pem"
-> AT+QFDEL="client_cert.pem"


<- OK
-> AT+QFUPL="client_cert.pem",1188


<- CONNECT
Send Data len :1188
+QFUPL: 1188,707e
<- 
<- OK
-> AT+QFUPL="client_key.pem",1732


<- +CME ERROR: 407
<- AT+QFDEL="client_key.pem"
-> AT+QFDEL="client_key.pem"


<- OK
-> AT+QFUPL="client_key.pem",1732


<- CONNECT
Send Data len :1732
+QFUPL: 1732,595e
<- 
<- OK
-> AT+QSSLCFG="seclevel",2,2


<- OK
-> AT+QSSLCFG="cacert",2,"ca_cert.pem"


<- OK
-> AT+QSSLCFG="clientcert",2,"client_cert.pem"


<- OK
-> AT+QSSLCFG="clientkey",2,"client_key.pem"


<- OK
-> AT+QSSLCFG="ignorelocaltime",2,1


<- OK


SSL OK: The ssl were successfully initialized.


-> AT+QMTCFG="version",0,4


<- OK
-> AT+QMTCFG="pdpcid",0,1


<- OK
-> AT+QMTCFG="keepalive",0,150


<- OK
-> AT+QMTCFG="session",0,1


<- OK
Config the MQTT Parameter Success!

-> AT+QMTCFG="ssl",0,1,2


<- OK
Enable the SSL Success!
AT+QIACT?


+QIACT: 1,1,1,"100.65.228.150"

OK
AT+QMTOPEN=0,"global.azure-devices-provisioning.net",8883

OK

+QMTOPEN: 0,-1

just so you know i have already verified that my certs are working using mqttbox and by connecting to my iot-hub using same certs successfully. so there is no problem with my certificates.

but there is one thing i can open network when i disable ssl using the AT+QMTCFG="ssl"0,0,2. but then i cannot establish connection using AT+QMTCONN because my mqtt server requires ssl/tls secure connection. again if there is any working example you can send me to connect to azure dps global endpoint that would be great.

@Stephen.Li-Q any updates on the question i asked… did you try it yourself??

sorry , i have no experience to connect azure iot DPS service , but i found one at log about this from my colleague , i attached it with the below link ,

https://cnquectel-my.sharepoint.com/:f:/g/personal/america-fae_quectel_com/ElgF0LjgsU9JgrrWNwdfNqkBpXzi_tD10DHRs2NyQpMthA?e=CXM8Jh

Thanks for the effort @Stephen.Li-Q . i have contacted to Quectel’s FAE through support@quectel.com and i hope they will be able to solve my problem.