Within a customer subscription, we're running into an issue related to C2D messaging where messages sent to devices connected via the MQTT protocol are sometimes rejected.
The general setup is that all devices (PLCs) are connected to an IoT-Hub via MQTT.
Each device may receive inputs from a related service which uses the ServiceClient class in the Microsoft.Azure.Devices package to send C2D messages.
The IoT-Hub itself is accessed only through a private endpoint and public access is blocked.
Sometimes, the IoT-Hub metrics display rejected messages. However, this shouldn't be possible according to the relevant documentation. It states:
Devices that connect over the Message Queuing Telemetry Transport (MQTT) Protocol can't reject cloud-to-device messages.
There are no devices connected that use a different protocol.
Are there other possible reasons a C2D message may be rejected?