Hi

I am not able to login with PCS login.
C:\Users\demouser\AppData\Roaming\npm>pcs login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code BNH8DJU5A to authenticate.
TypeError [ERR_INVALID_CALLBACK]: Callback must be a function
at makeCallback (fs.js:137:11)
at Object.mkdir (fs.js:719:14)
at ms_rest_azure_1.interactiveLoginWithAuthResponse.then (C:\IoTLab\azure-iot-pcs-remote-monitoring-dotnet\cli\publish\index.js:229:16)
at process._tickCallback (internal/process/next_tick.js:68:7)

Facing issue in Exercise 3 task 5 when running simulator web app.

1. In first run it was showing error environment variable PCS_IOTHUB_CONNSTRING not available. This is not described to add for WebService project in lab guide.

2. After adding environment PCS_IOTHUB_CONNSTRING. Popup new error in 2nd run environment varible PCS_STORAGEADAPTER_WEBSERVICE_URL not available. I added this also.

3. In 3rd run getting another error.
   ##Error
   System.NullReferenceException
   HResult=0x80004003
   Message=Object reference not set to an instance of an object.
   Source=Microsoft.Azure.IoTSolutions.DeviceSimulation.Services

4. And in In Exercise 3 task 5.4, when doing get method for http://localhost:9003/v1/simulations/1. Then getting status 500 instead of 200.

Originally posted by @akn9050 in #12 (comment)

All
By default the Azure Remote Monitoring IoT uses the the Active Directory of the Azure subscriber. I'd like to change this to use a separate Azure AD B2C. directory.

Is there a doc that documents the steps or changes to the auth service to switch to another OAUTH provider. Would the react web app also need changes.

Exercise 1:- task 1:- step 8 launch button is missing.

Received this security alert - labeling as a dependency issue for next update.

Dependabot cannot update this dependency
View details about this error or learn more about Dependabot security updates.

1 lodash vulnerability found in …/cli/package-lock.json 22 days ago
Remediation
Upgrade lodash to version 4.17.19 or later. For example:

"dependencies": {
"lodash": ">=4.17.19"
}
or…
"devDependencies": {
"lodash": ">=4.17.19"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
CVE-2020-8203
low severity
Vulnerable versions: < 4.17.19
Patched version: 4.17.19
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.

This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

In Exercise 4, Task 5, Step16 when adding Azure Blob Storage on IoT Edge it says no items found

Major requested shift:

Move away from solution accelerator and shift to IoT Central.

Benefits are as follows:

• remove many of the moving parts, this will simplify the MCW significantly and increase success with students. Most of the issues experienced are with the simulation infrastructure projects, so expected lower rate of issues as IoT Central provides simulation out of the box with the definition of a device template.

• take advantage of IoT Central alerts (can tie in to Microsoft Power Automate), jobs, edge module deployment, analytics, etc.

This shift will impact most of the content of the lab. Instead of using we would use the IoT Central interface. For external to IoT Central functionality we would move to Continuous Data Export feed(s) provided by IoT Central.

Impact:

Abstract and learning objectives - minor update, swap out IoT Remote Monitoring Accelerator with IoT Central.

Overview - needs updated to reflect IoT Central architecture

Architecture - diagram will be greatly simplified, IoT Hub, ASA (on azure side), removal of the Azure Function for reading incoming telemetry (will be replaced by functionality in IoT Central), continuous data export to Event Hub (for Time Series Insights)

Exercise 1 - completely replace. Removing IoT Remote Monitoring Solution with provisioning IoT Central

Exercise 2 - Remove Task 3 - will not need consumer groups on IoT Hub, Task 4: modify to use event hub as event source for TSI (sink for continuous data export)

Exercise 3 - Completely replace. Cover Device Templates, automated simulation. Write a much simpler "Real" device simulator for traffic light and bus devices. This will eliminate using the accelerator services for the simulator services, storage adapter project etc. (these were copied and modified directly from the remote monitoring accelerator GitHub). Cover device groups, jobs, cloud to device messages, rules, alerts in IOTC, setting up a dashboard with a map (or 3 :D).

Exercise 4 - Replace all IoT Hub tasks with those in IOTC, will have minor changes to IoT Edge module for vehicle telemetry (ex. instructions to get device connection string). All guidance around creating the container, and uploading it to the registry remains. IoT Edge module guidance changes where routing is concerned, and deployment is done through IOTC instead of IOT Hub.

Exercise 5 - completely replace with IOTC sending alerts to the Service Bus Queue through Azure Logic App, or Power Automate

Exercise 6 - No impact

Exercise 7 - same as Exercise 5 impact but with cosmos db.

Exercise 8 - add visualization to IOTC

Exercise 9 - completely replace with Tags/groups in IOTC

Exercise 10 / 11 - should be minimal impact, but will need tested.

After the hands-on-lab updated to remove the IOTC resource group.

In exercide 2 task 4 the description for configuring custom endpoints and routes is no longer valid due to UI changes in the portal. It used to be a separate menu item but is now a tab on the routes item.

Anyone has witnessed this error while provisioning the LAB VM?

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n "status": "Failed",\r\n "error": {\r\n "code": "ResourceDeploymentFailure",\r\n "message": "The resource operation completed with terminal provisioning state 'Failed'.",\r\n "details": [\r\n {\r\n "code": "VMExtensionProvisioningError",\r\n "message": "VM has reported a failure when processing extension 'InstallLabVMApps'. Error message: \"Failed to download all specified files. Exiting. Error Message: The remote server returned an error: (404) Not Found.\"."\r\n }\r\n ]\r\n }\r\n}"}]}

Need to move back to .NET Core 2.1 for storage adapter project as 2.2 is not supported anymore

In exercise 1, after Remote Monitoring solution is loaded, map is not visible through out the lab.

In Exercise 4> Task 3> Step 9, we need to open Module.json, but they have mentioned to open manifest.json which is not available. Can you please update it.

Not even able to sign in docker with the given command. Getting below error:
The system cannot find the file specified. This error may also indicate that the docker daemon is not running

Potential security vulnerability received. Please review and correct at next test/fix-update:

1 stringstream vulnerability found in …/cli/package-lock.json 11 days ago
Remediation
Upgrade stringstream to version 0.0.6 or later. For example:
"dependencies": {
"stringstream": ">=0.0.6"
}
or…
"devDependencies": {
"stringstream": ">=0.0.6"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
WS-2018-0103
More information
moderate severity
Vulnerable versions: < 0.0.6
Patched version: 0.0.6
stringstream versions before 0.0.6 are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Please review and advise/correct at next scheduled update.

1 mem vulnerability found in …/cli/package-lock.json on Jul 5
Remediation
Upgrade mem to version 4.0.0 or later. For example:
"dependencies": {
"mem": ">=4.0.0"
}
or…
"devDependencies": {
"mem": ">=4.0.0"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
WS-2018-0236
More information
moderate severity
Vulnerable versions: < 4.0.0
Patched version: 4.0.0
In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.

Ran pcs from the command line on Exercise 1, at the end of the deployment to the portal, received this error.

GitHub security alerts, closed as acceptable risk to project for now, please review and incorporate into next test/fix or update.

Dependabot cannot update this dependency
View details about this error or learn more about automated security updates.

2 jquery vulnerabilities found in …/webui/package.json 18 hours ago
Remediation
Upgrade jquery to version 3.5.0 or later. For example:

"dependencies": {
"jquery": ">=3.5.0"
}
or…
"devDependencies": {
"jquery": ">=3.5.0"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
GHSA-jpcq-cgw6-v4j6
moderate severity
Vulnerable versions: >= 1.0.3, < 3.5.0
Patched version: 3.5.0
Impact
Passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Patches
This problem is patched in jQuery 3.5.0.

Workarounds
To workaround this issue without upgrading, use DOMPurify with its SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a jQuery method.

References
https://jquery.com/upgrade-guide/3.5/

For more information
If you have any questions or comments about this advisory:

Open an issue in the jQuery repo
Email us at [email protected]
GHSA-gxr4-xjj5-5px2
moderate severity
Vulnerable versions: >= 1.2, < 3.5.0
Patched version: 3.5.0
Impact
Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Patches
This problem is patched in jQuery 3.5.0.

Workarounds
To workaround the issue without upgrading, adding the following to your code:

jQuery.htmlPrefilter = function( html ) {
return html;
};
You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround.

References
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://jquery.com/upgrade-guide/3.5/

For more information
If you have any questions or comments about this advisory:

Open an issue in the jQuery repo
Email us at [email protected]

I am not getting the correct output when running simulation project in Exercise 3 Task 5
Here is the console output when running simmulation project: it is showing lots of environment variables are missing.
simmulation project console output.txt

Here is the postman screenshot when running post request to http://localhost:9003/v1/simulations

Can you please Re-validate the lab and fix whatever needs to be fixed. After you fixed issue with Storage adapter, now i am getting error after that while running the device simulation project

Exercise 3 describes a series of code changes for the participant to make but the supplied code already has these changes made

https://github.com/Microsoft/MCW-IoT-for-business/blob/master/Hands-on%20lab/HOL%20step-by-step%20-%20IoT%20for%20business.md#exercise-3-create-bus-and-traffic-light-simulated-devices-and-add-alerts-and-filters

When follwoing the steps for running the storage adapter service (Task 4 at https://github.com/Microsoft/MCW-IoT-for-business/blob/master/Hands-on%20lab/HOL%20step-by-step%20-%20IoT%20for%20business.md#exercise-3-create-bus-and-traffic-light-simulated-devices-and-add-alerts-and-filters) when running in debug the browsing to /v1/status just returns a 404.

The service uses the kestrel server on port 9022 so I assume it doesn't matter what VS is using for IIS Express as this will vary between installations. Is there some additional setup that needs to be done?
The screen shot of the properties for the project only shows a portion of the screen so its difficult to tell if any other settings are made.

This MCW is scheduled for content update.
Solliance - please review current content, open issues #25 , #26 , #27 , #28 and recommended updates for SME review.

I don't see any IOTLab folder into lab VM. Can you suggest from wher I can download the lab files.
You removed the URL to download the lab files from Before hands on lab guide.

Update to newer version of 3rd party javascript library (moments.js)

Please review/advise:

1 lodash vulnerability found in …/webui/package.json 21 hours ago
Remediation
Upgrade lodash to version 4.17.13 or later. For example:
"dependencies": {
"lodash": ">=4.17.13"
}
or…
"devDependencies": {
"lodash": ">=4.17.13"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
CVE-2019-10744
More information
critical severity
Vulnerable versions: < 4.17.13
Patched version: 4.17.13
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Potential security vulnerability received. Please review and correct at next test/fix-update:

1 shelljs vulnerability found in …/cli/package-lock.json 11 days ago
Remediation
No patched version is available.

Details
WS-2017-3737
More information
moderate severity
Vulnerable versions: <= 0.8.3
Patched version: No fix
Shelljs 0.8.3 and before are vulnerable to Command Injection. Commands can be invoked from shell.exec(), those commands will include input from external sources, to be passed as arguments to system executables and allowing an attacker to inject arbitrary commands.

Updated to match current template - please add TOC

In the requirements of the Step by Step md file it mentions that you need to install the following:

Azure development workload for Visual Studio 2019
https://docs.microsoft.com/azure/azure-functions/functions-develop-vs#prerequisites

That is not possible as VS 2019 no longer offers that extension as it is built in, so please remove this requirement from the md file.

VS 2017 needs this step to install the extension but not VS 2019
-Lino

The installation process for iot-edge changed significantly between preview and ga and the hol currently still has the pre-ga version

https://github.com/Microsoft/MCW-IoT-for-business/blob/master/Hands-on%20lab/HOL%20step-by-step%20-%20IoT%20for%20business.md#task-2-install-and-start-the-iot-edge-runtime

Line 620 - missing alt-text

@joelhulen @kylebunting
Solliance team -
This workshop is scheduled for an update in March. Please review open issues and update this issue with suggested content changes. Once done, we'll assign to our SME team for review and additional feedback.

I was able to complete Exercise 5 and 6.

But in Exercise 7. I am facing this issue now

The august-2018-test-fix branch is ready for review and QC.

Update steps in Exercise 3 task 1.5 and task 4.6 under webservice project and then debug, otherwise lab users will miss to add App URL.

Please update the instruction to add App URL under web server settings in debug, default app url doesn't work when running local host.

When trying to login with pcs, I constantly get this kind of error. I have tried: 1) creating .pcs folder in C:\Users\demouser\AppData\Roaming\npm 2) reinstalling everything from scratch 3) using Chrome, IE, Edge interchangeably. I cannot run this process.

The error I get looks like below:
C:\Users\demouser\AppData\Roaming\npm>pcs login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CFQ7BUZLM to authenticate.
Error: Entry not found in cache.
at Logger.createError (C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\adal-node\lib\log.js:216:13)
at TokenRequest. (C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\adal-node\lib\token-request.js:526:40)
at C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\adal-node\lib\token-request.js:148:20
at C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\adal-node\lib\cache-driver.js:366:7
at C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\adal-node\lib\cache-driver.js:301:7
at Request._callback (C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\adal-node\lib\util.js:130:7)
at Request.self.callback (C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\request\request.js:185:22)
at Request.emit (events.js:182:13)
at Request. (C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\node_modules\request\request.js:1161:10)
at Request.emit (events.js:182:13)

Below link doesn't work with the Deploy to Azure button.

https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fcodingbandit%2FMCW-IoT-and-the-Smart-City%2Ffeature%2Fseptember-2019-update%2FHands-on%2520lab%2FLab-files%2FLabVM%2Fazure-deploy.json

Below is the error message.
There was an error loading the template from URI 'https://raw.githubusercontent.com/codingbandit/MCW-IoT-and-the-Smart-City/feature/september-2019-update/Hands-on lab/Lab-files/LabVM/azure-deploy.json'. Ensure that the template is publicly accessible and does not have any comments.

[ERROR][2020-05-09 13:41:10.310][WebService.6bd1ab2d-8ed5-4d2b-ad2f-5f5d814b56c4][Simulations.cs:452:TryToStartDevicesCreationAsync] Failed to create bulk-device-creation job, { ExceptionFullName = Microsoft.Azure.IoTSolutions.DeviceSimulation.Services.Exceptions.ExternalDependencyException, ExceptionMessage = Job quota exceeded, retry later, StackTrace = at Microsoft.Azure.IoTSolutions.DeviceSimulation.Services.Devices.CreateListUsingJobsAsync(IEnumerable1 deviceIds) in C:\MCW-IoT-and-the-Smart-City\Hands-on lab\Lab-files\DeviceSimulation\Services\Devices.cs:line 515 at Microsoft.Azure.IoTSolutions.DeviceSimulation.Services.Simulations.TryToStartDevicesCreationAsync(String simulationId, IDevices devices) in C:\MCW-IoT-and-the-Smart-City\Hands-on lab\Lab-files\DeviceSimulation\Services\Simulations.cs:line 443, Source = Microsoft.Azure.IoTSolutions.DeviceSimulation.Services, Data = System.Collections.ListDictionaryInternal, InnerException = { ExceptionFullName = Microsoft.Azure.Devices.Common.Exceptions.JobQuotaExceededException, ExceptionMessage = Job quota has been exceeded, StackTrace = at Microsoft.Azure.Devices.HttpClientHelper.ExecuteAsync(HttpClient httpClient, HttpMethod httpMethod, Uri requestUri, Func3 modifyRequestMessageAsync, Func2 isMappedToException, Func3 processResponseMessageAsync, IDictionary2 errorMappingOverrides, CancellationToken cancellationToken) at Microsoft.Azure.Devices.HttpClientHelper.PostAsync[T1,T2](Uri requestUri, T1 entity, IDictionary2 errorMappingOverrides, IDictionary2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.IoTSolutions.DeviceSimulation.Services.IotHub.RegistryManagerWrapper.ImportDevicesAsync(String containerUri, String inputBlobName) in C:\MCW-IoT-and-the-Smart-City\Hands-on lab\Lab-files\DeviceSimulation\Services\IotHub\RegistryManagerWrapper.cs:line 118 at Microsoft.Azure.IoTSolutions.DeviceSimulation.Services.Devices.CreateListUsingJobsAsync(IEnumerable1 deviceIds) in C:\MCW-IoT-and-the-Smart-City\Hands-on lab\Lab-files\DeviceSimulation\Services\Devices.cs:line 509, Source = Microsoft.Azure.Devices, Data = System.Collections.ListDictionaryInternal, InnerException = } }

When setting up the Simulation Agent the screenshot partially shows an environment value for the url of the storage adapter service. This var isnt present in the solution and the screenshot below is truncated so it isnt clear what the value should be.

https://github.com/Microsoft/MCW-IoT-for-business/blob/master/Hands-on%20lab/images/Hands-onlabstep-by-step-IoTforbusinessimages/media/image43.png

Please review and advise/correct at next schedule update.

2 lodash vulnerabilities found in …/cli/package-lock.json on Jul 11
Remediation
Upgrade lodash to version 4.17.13 or later. For example:
"dependencies": {
"lodash": ">=4.17.13"
}
or…
"devDependencies": {
"lodash": ">=4.17.13"
}
Always verify the validity and compatibility of suggestions with your codebase.

CVE-2019-10744
More information
critical severity
Vulnerable versions: < 4.17.13
Patched version: 4.17.13
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Getting issue when running Storage Adapter Project in Exercise 3 Task 4.
Getting Below error:
This localhost page can’t be foundNo webpage was found for the web address: http://localhost:9022/v1/status

Received this security alert - labeling as a dependency issue for next update.

Dependabot cannot update this dependency
View details about this error or learn more about Dependabot security updates.

1 dot-prop vulnerability found in …/cli/package-lock.json 9 days ago
Remediation
Upgrade dot-prop to version 5.1.1 or later. For example:

"dependencies": {
"dot-prop": ">=5.1.1"
}
or…
"devDependencies": {
"dot-prop": ">=5.1.1"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details
CVE-2020-8116
high severity
Vulnerable versions: < 5.1.1
Patched version: 5.1.1
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

When doing pcs login

It returns with below error:

C:\Users\demouser\AppData\Roaming\npm>pcs login

internal/modules/cjs/loader.js:582
throw err;
^

Error: Cannot find module 'azure-arm-containerservice'
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:580:15)
at Function.Module._load (internal/modules/cjs/loader.js:506:25)
at Module.require (internal/modules/cjs/loader.js:636:17)
at require (internal/modules/cjs/helpers.js:20:18)
at Object. (C:\Users\demouser\AppData\Roaming\npm\node_modules\iot-solutions\publish\deploymentmanager.js:11:38)
at Module._compile (internal/modules/cjs/loader.js:688:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:699:10)
at Module.load (internal/modules/cjs/loader.js:598:32)
at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
at Function.Module._load (internal/modules/cjs/loader.js:529:3)

Excercise 3 describes changing the value for the project environment settings for both the simulation agent and storage adapter projects but the environment variable arent present and need to be created.

https://github.com/Microsoft/MCW-IoT-for-business/blob/master/Hands-on%20lab/HOL%20step-by-step%20-%20IoT%20for%20business.md#exercise-3-create-bus-and-traffic-light-simulated-devices-and-add-alerts-and-filters

The device model files required for the project are not checked in.

Following the instructions of Task5 in exercise 3 and am getting this error "Message=Environment variables not found: , documentDBConnectionString". So a assuming the instruction in Exercise 3 Task 4 part 6 about the environment variable of the cosmo database string is incorrect, please what is the correct name of the variable

Lab currently broken, please archive lab materials until we can schedule an update/fix.

I am trying to add my own device and have created the JSON files in the Services\data\devicemodels and in the JS scripts in the scripts folder.

However, when I follow the steps and Debug the SimulationAgent in Exercise 3 / Tasks 6, the logs indicate that my custom device is not found.

It looks like the SimulationAgent is looking for DeviceModels in the \Lab-files\azure-iot-pcs-remote-monitoring-dotnet\device simulation\SimulationAgent\bin\Debug\netcoreapp2.0\data\devicemodels folder and the customer device that I added in the Services project is not there.

Is there a step I am missing to add my files the build recipe ?