Device shadow synchronization fails after firmware update on edge devices in device shadow module

carlosarch · November 25, 2024, 12:41pm

After a firmware update, device shadow states are not synchronizing properly between our edge devices and SAP IoT. The devices continue to send telemetry data successfully, but shadow updates fail with connection errors.

MQTT shadow update topic we’re using:


$aws/things/{deviceId}/shadow/update
Payload: {"state":{"reported":{"firmwareVersion":"2.1.5"}}}

The firmware update completes successfully and the devices reboot, but when they attempt to publish shadow updates, we see authentication failures in the device logs. Monitoring is completely disrupted as we can’t see current device states. The strange part is that regular telemetry on standard topics works fine - only shadow topics fail. Has anyone dealt with shadow sync issues post-firmware update?

ryandata · December 17, 2024, 12:53am

Your shadow synchronization failure is caused by a combination of topic format issues, authentication scope, and firmware publish logic. Let me address each area:

MQTT Shadow Update Topic: SAP IoT 2505 uses a specific shadow topic hierarchy that differs from AWS IoT. The correct format is:


iot/devices/{deviceId}/shadow/update/reported

Note the /reported suffix - this is mandatory for reported state updates. For desired state, use:


iot/devices/{deviceId}/shadow/update/desired

Your firmware is likely publishing to the generic /update endpoint which isn’t valid in SAP IoT’s shadow implementation. Update your firmware’s MQTT publish logic to use the correct topic path.

Also verify the payload structure matches SAP IoT’s schema:

{
  "state": {
    "firmwareVersion": "2.1.5",
    "lastUpdate": "2025-05-12T08:30:00Z"
  }
}

The outer state wrapper should be removed - SAP IoT expects the properties directly in the payload.

Firmware Publish Logic: Your firmware update likely changed how shadow updates are published. Common issues:

QoS Level: Shadow updates require QoS 1 minimum. Verify firmware isn’t using QoS 0:


mqttClient.publish(topic, payload, 1, false); // QoS=1, retain=false

Publish Timing: After firmware reboot, devices must wait for MQTT CONNACK before publishing shadows. Add connection verification:


if (mqttClient.isConnected() && mqttClient.getConnectionState() == CONNECTED) {
  publishShadowUpdate();
}

Retained Messages: Firmware might be setting retain=true on shadow updates, causing shadow service confusion. Shadow updates must have retain=false.

Device Authentication: The authentication failure specifically on shadow topics indicates insufficient permissions. After firmware updates, devices need to re-establish their authentication context:

Force device re-authentication: Disconnect and reconnect MQTT with clean session:


mqttClient.disconnect();
mqttClient.connect(cleanSession=true);

Verify shadow permissions: In IoT Service Cockpit, check device permissions include:
- `iot.Device.Read
- `iot.Device.Write
- iot.DeviceShadow.Write (critical for shadow updates)
Certificate validation: If using X.509 certificates, firmware updates sometimes invalidate the certificate chain. Re-provision device certificates:


POST /iot/core/api/v1/devices/{deviceId}/credentials
{
  "type": "X509Certificate",
  "certificate": "{newCertPEM}"
}

Shadow Service Cache Issue: The shadow service caches device authentication state. After firmware updates, this cache can be stale. Force cache refresh by updating device metadata:


PATCH /iot/core/api/v1/devices/{deviceId}
{
  "customProperties": {
    "firmwareVersion": "2.1.5",
    "lastFirmwareUpdate": "2025-05-12T08:30:00Z"
  }
}

This triggers shadow service to reload device authentication context.

Recommended Firmware Update Procedure:

Before firmware update: Publish shadow state with updating=true flag
Perform firmware update and reboot
On reboot: Wait 5 seconds for network stability
Reconnect MQTT with cleanSession=true
Wait for CONNACK confirmation
Publish shadow update with new firmware version using correct topic format
Verify shadow update success before resuming telemetry

Implementing these changes, especially correcting the shadow topic format and ensuring proper authentication scope, should restore shadow synchronization after firmware updates.

elena_pro · December 13, 2024, 2:24am

I’ve seen this before - firmware updates can change the device’s MQTT client ID generation logic. If the client ID changes, the shadow service doesn’t recognize it as the same device and blocks updates. Verify your firmware is using consistent client IDs across updates. The client ID should match the device ID registered in SAP IoT.

builderdev · November 27, 2024, 11:46pm

You’re right about the topic format - we were using AWS-compatible topics and the firmware update changed that. However, even after correcting the topic to SAP IoT format, we’re still seeing authentication errors specifically on shadow topics. Regular telemetry topics authenticate fine with the same credentials.

Topic		Views
Device shadow synchronization fails after firmware update-frequent MQTT disconnects and shadow state mismatch SAP IoT question , json , firmware-update , mqtt , device-shado , shadow-sync , sys-integration , sapiot-25 , device-control	6	November 12, 2025
Device shadow not updating after firmware upgrade, causing stale automation triggers SAP IoT question , automation , permissions , json , payload-structure , event-processing , firmware-upgrade , device-shadow , mqtt-topic	5	November 30, 2025
Device shadow API SDK: MQTT device state sync fails after firmware upgrade, shadow not updating Oracle IoT Cloud question , json , mqtt , firmware-upgrade , api-sdk , device-shadow , device-state , oiot-22 , mqtt-sync	6	June 12, 2025
Device shadow not updating reported state after firmware upgrade on industrial controllers Oracle IoT Cloud question , mqtt , dashboard-inaccuracy , device-sdk , device-shadow , iiot-support , shadow-stale , firmware , oiot-pm	5	November 15, 2025
Device shadow out of sync with actual device state after firmware update deployment IBM Watson IoT question , json , state-sync , firmware-update , mqtt , device-shado , device-mgmt , iot-sdk , wiot-ea	3	April 10, 2025
Device shadow synchronization fails after firmware update with MQTT disconnect errors Google Cloud IoT question , firmware-update , mqtt-protocol , mqtt , shadow-sync , device-shadow , iiot-support , gcpiot-25 , cloud-iot-core	6	December 7, 2025
Device shadow fails to sync with actual device state in SAP IoT sapiot-23 SAP IoT question , monitoring , real-time , json , state-sync , mqtt , device-shadow , device-mgmt , sapiot-23	5	July 10, 2025
Device shadow sync fails with 'missing twin state' error after firmware update Google Cloud IoT question , configuration , asset-lifecycle , json , state-sync , data-ingestion , firmware-update , device-shadow , gcpiot-25	6	December 29, 2024
Device shadow firmware update status not syncing to cloud after edge deployment PTC ThingWorx question , json , cloud-sync , firmware-update , mqtt , edge-device , shadow-sync , device-shadow , twx-97	5	August 16, 2025

Device shadow synchronization fails after firmware update on edge devices in device shadow module

Related topics