(Cloud) Custom iOS application fails to complete installation

book

Article ID: 169022

calendar_today

Updated On:

Products

CDP Integration Server

Issue/Introduction

An Apple iPad is connecting to a wireless access point, which goes through an IPsec VPN tunnel pointed to the Cloud
SSL intercept is enabled.
The custom-built application installs, but when it runs, it fails to complete installation routine.
The following errors are returned:

Feb 12 14:02:54 <device_name> online-auth-agent[185] <Error>: PPQ server trust evaluation failure: 5 
Feb 12 14:02:54 <device_name> online-auth-agent[185] <Notice>: Server returned no data 
Feb 12 14:02:54 <device_name> online-auth-agent[185] <Notice>: Could not complete online authentication 

The iPad device is attempting to connect to ppq.apple.com
Access logs show ssl_failure
 

Cause

A packet capture was taken and shows that the iOS device FINs the connection from the proxy when the Cloud certificate is passed to the device.  This is an indication that the device received a certificate it was not expecting and terminated/aborted the connection.

Resolution

Login to the portal and in Solutions mode > Threat Protection > Policy > Trusted Destinations > Trusted Domains URLs > Add Trusted Domains/URLs:  ppq.apple.com .  Click on the Activate button.

NOTE:  You may need to put in the IP address for ppq.apple.com into the Trusted Destination IPs/Subnets.  As of this writing, ppq.apple.com resolves to 17.135.64.9 and may change at any time.