(Cloud) Custom iOS application fails to complete installation
book
Article ID: 169022
calendar_today
Updated On:
Products
CDP Integration Server
Issue/Introduction
An Apple iPad is connecting to a wireless access point, which goes through an IPsec VPN tunnel pointed to the Cloud SSL intercept is enabled. The custom-built application installs, but when it runs, it fails to complete installation routine. The following errors are returned:
Feb 12 14:02:54 <device_name> online-auth-agent[185] <Error>: PPQ server trust evaluation failure: 5 Feb 12 14:02:54 <device_name> online-auth-agent[185] <Notice>: Server returned no data Feb 12 14:02:54 <device_name> online-auth-agent[185] <Notice>: Could not complete online authentication
The iPad device is attempting to connect to ppq.apple.com Access logs show ssl_failure
Cause
A packet capture was taken and shows that the iOS device FINs the connection from the proxy when the Cloud certificate is passed to the device. This is an indication that the device received a certificate it was not expecting and terminated/aborted the connection.
Resolution
Login to the portal and in Solutions mode > Threat Protection > Policy > Trusted Destinations > Trusted Domains URLs > Add Trusted Domains/URLs: ppq.apple.com . Click on the Activate button.
NOTE: You may need to put in the IP address for ppq.apple.com into the Trusted Destination IPs/Subnets. As of this writing, ppq.apple.com resolves to 17.135.64.9 and may change at any time.