ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
(Cloud) Custom iOS application fails to complete installation
Article ID: 169022
CDP Integration Server
An Apple iPad is connecting to a wireless access point, which goes through an IPsec VPN tunnel pointed to the Cloud SSL intercept is enabled. The custom-built application installs, but when it runs, it fails to complete installation routine. The following errors are returned:
Feb 12 14:02:54 <device_name> online-auth-agent <Error>: PPQ server trust evaluation failure: 5 Feb 12 14:02:54 <device_name> online-auth-agent <Notice>: Server returned no data Feb 12 14:02:54 <device_name> online-auth-agent <Notice>: Could not complete online authentication
The iPad device is attempting to connect to ppq.apple.com Access logs show ssl_failure
A packet capture was taken and shows that the iOS device FINs the connection from the proxy when the Cloud certificate is passed to the device. This is an indication that the device received a certificate it was not expecting and terminated/aborted the connection.
Login to the portal and in Solutions mode > Threat Protection > Policy > Trusted Destinations > Trusted Domains URLs > Add Trusted Domains/URLs: ppq.apple.com . Click on the Activate button.
NOTE: You may need to put in the IP address for ppq.apple.com into the Trusted Destination IPs/Subnets. As of this writing, ppq.apple.com resolves to 220.127.116.11 and may change at any time.