Why is Azure IoT Central Disconnecting My Clients Every 5 or 10 minutes?

Question

Why is Azure IoT Central Disconnecting My Clients Every 5 or 10 minutes?

Jamie Fraser 25

Hi All,

I am configuring an MQTT client that sends data to Azure IoT Central every 10 seconds. The client is using a DeviceID and SharedAccessKey to authenticate, which it does successfully and data is being sent to Azure.

However, every 5 or 10 minutes (and it is either 5 or 10 minutes (approximately), which is in itself odd to me) Azure disconnects the client and the client then has to connect again; which it is always successful in doing.

The disconnection starts with what is shown in Wireshark as an Encrypted Alert, then a short time later Azure starts the FIN handshake and the connection is terminated.

Unfortunately due to the fragmented industry I work in I have no access to the Azure side, and can only try to work with those that manage Azure by email. I feel that this issue is something that will be very obvious to many people, but I am struggling to find the cause.

I have read that there might be a CLI parameter called du that is passed during key generation, but my contact suggests this is not being passed so maybe it defaults to something short like du=300 (secs)? But, I am also confused as to why sometimes the client is disconnected after 5 minutes, but other times it is disconnected after 10 minutes - so far I have not been able to determine a pattern.

Any help would be greatly appreciated.

Thanks

Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-07T09:28:52.53+00:00
Hi Jamie Fraser

Sorry for the delay in response.

Please check below steps and let us know.

Please make sure you are changing TLS 1.2 in client code.

Please adjust timeout to 1800 or higher

Please adjust TTL (time to live) param in your code.

Could you share sample code to replicate the issue. Going through this Device client as mentioned in this tutorial.

Thank you.
Jamie Fraser 25 Reputation points

2025-04-07T14:41:28.8966667+00:00
Hi Manas,

Thank you for your reply, but I don't think these are the issues.

TLS1.2 is selected, and would have to be to allow a connection to be made.

Not sure what timeout you are referring to here.

TTL is related to the number of hops rather than a 'time' as such.

Any additional help appreciated.

Regards

Jamie
Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-07T14:54:19.2433333+00:00

Hi Jamie Fraser

Could you share any sample code to replicate and do the needed modification.

Thank you.
Jamie Fraser 25 Reputation points

2025-04-07T15:00:20.68+00:00

Unfortunately not, it is not a custom written routine. What on the client side can specify a disconnection time by the server though?

Manas Mohanty 3,700 Microsoft External Staff Moderator

Hi Jamie Fraser

Sorry for the delay due to investigation time.

Below are supported retry policies for IOT hub client.

IOTHUB_CLIENT_RETRY_NONE
IOTHUB_CLIENT_RETRY_IMMEDIATE
IOTHUB_CLIENT_RETRY_INTERVAL
IOTHUB_CLIENT_RETRY_LINEAR_BACKOFF
IOTHUB_CLIENT_RETRY_EXPONENTIAL_BACKOFF
IOTHUB_CLIENT_RETRY_EXPONENTIAL_BACKOFF_WITH_JITTER

Can be set with below code

IOTHUB_CLIENT_RESULT IoTHubClient_SetRetryPolicy( IOTHUB_CLIENT_HANDLE iotHubClientHandle, IOTHUB_CLIENT_RETRY_POLICY retryPolicy, size_t retryTimeoutLimitInSeconds);

Reference - Connection and messaging Reliability

Please refer the below section to do the needed modification.

device_client = IoTHubDeviceClient.create_from_connection_string(
            conn_str, product_info=model_id
        )

I was proposing to use timeout, TTL as in below sample code

# MQTT client setup
client = mqtt.Client(client_id=device_id)
client.username_pw_set(username=username, password=password)
client.tls_set()  # Use TLS for secure connection

# Timeout and retry settings
timeout = 60  # Timeout for connection attempts
time_to_live = 3600  # Time to live for the connection in seconds
retry_interval = 10  # Interval between retry attempts in seconds

# Function to connect to Azure IoT Central with retry logic
def connect_with_retry():
    connected = False
    start_time = time.time()
    while not connected and (time.time() - start_time) < time_to_live:
        try:
            client.connect(hostname, port=8883, keepalive=timeout)
            connected = True
            print("Connected to Azure IoT Central")
        except Exception as e:
            print(f"Connection failed: {e}. Retrying in {retry_interval} seconds...")
            time.sleep(retry_interval)

# Function to send telemetry data
def send_telemetry():
    telemetry_topic = "devices/{}/messages/events/".format(device_id)
    client.publish(telemetry_topic, json.dumps(telemetry_data))

# Connect to Azure IoT Central with retry logic
connect_with_retry()

# Send telemetry data every 10 seconds
try:
    while True:
        send_telemetry()
        time.sleep(10)
except KeyboardInterrupt:
    client.disconnect()

Reference used - Connect a device using Python

Hope it helps.

Thank you

Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-09T10:02:47.8233333+00:00

Hi Jamie Fraser

Please let us know if the pointers share in above comment were helpful to you.

Thank you.
Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-10T11:16:24.7233333+00:00

Hi Jamie Fraser

We have not heard from you. Hope the pointers shared were helpful to you.

Thank you,
Jamie Fraser 25 Reputation points

2025-04-14T09:11:43.58+00:00
Hi Manas,

The time_to_live variable in the code you sent seems to relate to client-side logic rather than anything that would cause a disconnection to be initiated by Azure.

Please note the following:

It is Azure that is initiating the disconnection as far as I can tell. I believe this can only be something in the Azure configuration, or something that the client includes as part of its initial connection negotiation.

This query is not related to connection retries. I am trying to understand why the connection is not persisting for longer than 5 or 10 minutes.

Thanks

Jamie
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-15T12:25:11.88+00:00

Hello @Jamie Fraser ,

The default expiry date is 365 days in Azure IoT Central.

Bellow documentation links is about IoTHub MQTT support and SAS tokens.

Expiry is "UTF8 strings for number of seconds since the epoch 00:00:00 UTC on 1 January 1970").

Can you try to communicate with a sas token which exceeds this 365 days?

Have you Created a rule /set up notifications in your Azure IoT Central application like show in link

below

https://learn.microsoft.com/en-us/azure/iot-central/core/tutorial-create-telemetry-rules
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-17T06:37:24.2533333+00:00

Hello @Jamie Fraser ,

can you check above comment .If you have any further queries, do let us know.
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-21T07:20:10.9233333+00:00

Hello @Jamie Fraser ,

We still have not heard back from you. If you have any additional questions, please leave them in the comments. If you find it helpful, please let me know in the comments, and if you find it useful, please give me a like.
Jamie Fraser 25 Reputation points

2025-04-21T07:29:28.2566667+00:00

Hi Sampath,

Sorry for the delay. I think the answer to my problem lies in what you have said, but unfortunately I have to rely on those within our client's organisation with access to the Azure account to investigate further and make any necessary changes - they are sometimes very slow to respond. I will give you a 'like' in the meantime and if it works out completely then I will come back and add a further comment. Thanks again.
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-21T07:38:21.1433333+00:00

thank you. Please come back and conform. Hope every day will be great as today. Like means upvote. Can I convert above comment to answer so you can accept and click yes/ wait for conformation.
Jamie Fraser 25 Reputation points

2025-04-21T07:40:11.23+00:00

Yes, please do.
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-21T13:04:05.8233333+00:00

Hello @Jamie Fraser ,
Posted as answer. can you click accept and click yes. If any update, please comment. So can update my answer as well.
Jamie Fraser 25 Reputation points

2025-04-21T13:12:13.9966667+00:00

Hi Sampath,

I think you may have edited your answer since I first read it. I had assumed that the SAS token is generated by Azure, but is it actually generated on the client side?

Thanks
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-24T11:06:25.7666667+00:00

As per our discussion, please let me know the updates after your client-side conformation. Thank you

Accepted answer

0 additional answers

Your answer

Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-07T09:28:52.53+00:00

Hi Jamie Fraser

Sorry for the delay in response.

Please check below steps and let us know.

Please make sure you are changing TLS 1.2 in client code.

Please adjust timeout to 1800 or higher

Please adjust TTL (time to live) param in your code.

Could you share sample code to replicate the issue. Going through this Device client as mentioned in this tutorial.

Thank you.
Jamie Fraser 25 Reputation points

2025-04-07T14:41:28.8966667+00:00

Hi Manas,

Thank you for your reply, but I don't think these are the issues.

TLS1.2 is selected, and would have to be to allow a connection to be made.

Not sure what timeout you are referring to here.

TTL is related to the number of hops rather than a 'time' as such.

Any additional help appreciated.

Regards

Jamie
Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-07T14:54:19.2433333+00:00

Hi Jamie Fraser

Could you share any sample code to replicate and do the needed modification.

Thank you.
Jamie Fraser 25 Reputation points

2025-04-07T15:00:20.68+00:00

Unfortunately not, it is not a custom written routine. What on the client side can specify a disconnection time by the server though?
Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-09T10:02:47.8233333+00:00

Hi Jamie Fraser

Please let us know if the pointers share in above comment were helpful to you.

Thank you.
Manas Mohanty 3,700 Reputation points Microsoft External Staff Moderator

2025-04-10T11:16:24.7233333+00:00

Hi Jamie Fraser

We have not heard from you. Hope the pointers shared were helpful to you.

Thank you,
Jamie Fraser 25 Reputation points

2025-04-14T09:11:43.58+00:00

Hi Manas,

The time_to_live variable in the code you sent seems to relate to client-side logic rather than anything that would cause a disconnection to be initiated by Azure.

Please note the following:

It is Azure that is initiating the disconnection as far as I can tell. I believe this can only be something in the Azure configuration, or something that the client includes as part of its initial connection negotiation.

This query is not related to connection retries. I am trying to understand why the connection is not persisting for longer than 5 or 10 minutes.

Thanks

Jamie
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-15T12:25:11.88+00:00

Hello @Jamie Fraser ,

The default expiry date is 365 days in Azure IoT Central.

Bellow documentation links is about IoTHub MQTT support and SAS tokens.

Expiry is "UTF8 strings for number of seconds since the epoch 00:00:00 UTC on 1 January 1970").

Can you try to communicate with a sas token which exceeds this 365 days?

Have you Created a rule /set up notifications in your Azure IoT Central application like show in link

below

https://learn.microsoft.com/en-us/azure/iot-central/core/tutorial-create-telemetry-rules
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-17T06:37:24.2533333+00:00

Hello @Jamie Fraser ,

can you check above comment .If you have any further queries, do let us know.
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-21T07:20:10.9233333+00:00

Hello @Jamie Fraser ,

We still have not heard back from you. If you have any additional questions, please leave them in the comments. If you find it helpful, please let me know in the comments, and if you find it useful, please give me a like.
Jamie Fraser 25 Reputation points

2025-04-21T07:29:28.2566667+00:00

Hi Sampath,

Sorry for the delay. I think the answer to my problem lies in what you have said, but unfortunately I have to rely on those within our client's organisation with access to the Azure account to investigate further and make any necessary changes - they are sometimes very slow to respond. I will give you a 'like' in the meantime and if it works out completely then I will come back and add a further comment. Thanks again.
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-21T07:38:21.1433333+00:00

thank you. Please come back and conform. Hope every day will be great as today. Like means upvote. Can I convert above comment to answer so you can accept and click yes/ wait for conformation.
Jamie Fraser 25 Reputation points

2025-04-21T07:40:11.23+00:00

Yes, please do.
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-21T13:04:05.8233333+00:00

Hello @Jamie Fraser ,
Posted as answer. can you click accept and click yes. If any update, please comment. So can update my answer as well.
Jamie Fraser 25 Reputation points

2025-04-21T13:12:13.9966667+00:00

Hi Sampath,

I think you may have edited your answer since I first read it. I had assumed that the SAS token is generated by Azure, but is it actually generated on the client side?

Thanks
Sampath 2,675 Reputation points Microsoft External Staff Moderator

2025-04-24T11:06:25.7666667+00:00

As per our discussion, please let me know the updates after your client-side conformation. Thank you

Answer 1

Hello @Jamie Fraser ,

The client being disconnected by Azure IoT Central approximately every 5 or 10 minutes and the presence of TLS Encrypted Alerts followed by FIN packets it suggests that the Shared Access Signature (SAS) token expiry time is the root cause.

Azure IoT Central uses SAS tokens for device authentication. These tokens include an expiry time (expressed as the number of seconds since the Unix epoch). If the SAS token has a short duration , Azure will gracefully disconnect the client once the token expires, even if the client is still actively sending telemetry.

Ensure that the SAS token generated on the client side has a longer expiry time . The maximum supported duration is 365 days, but you can safely start with at least a few hours (e.g., 3600–86400 seconds) for testing.

If you are not generating the SAS token yourself (e.g., the client is using a third-party stack), ask your client-side team or vendor to verify or extend the token duration.

Reference this MSDOC for more details :

Please don’t forget to click “Accept the answer” and “Yes” if the information helped you. This can be beneficial to other community members facing similar issues.

If you need further clarification, feel free to reply in the comments.

Share via

Why is Azure IoT Central Disconnecting My Clients Every 5 or 10 minutes?

0 additional answers

Your answer