We help IT Professionals succeed at work.

What could be blocking me from signing into iTunes on my network?

I have a Server 2003 R2 environment with two Server 2003 R2 DCs running AD.  I have an eSafe security device acting as my firewall/spam filter.  We have always blocked iTunes and Apple products but are embracing iPhones and iPads so I need to be able to connect and update them.  I believe this to be an eSafe issue but nothing is being logged when I try and fail.  It is, however, still collecting its normal log data as other things are blocked.

I can open iTunes but get the following messages when trying to login:

XP OS=We could not complete your iTunes Store request.  The network connection was reset.

Mac OSX=We could not complete your iTunes Store request.  The secure network connection was refused.

In eSafe, I have whitelisted:

*.apple.com*
*.itunes.com*
*.itunes.apple.com*
*.ax.itunes.apple.com*
*.gs.apple.com*
17.151.36.30
17.171.27.65
17.149.156.10
63.235.36.115

When I run the iTunes diagnostic tool it tells me that the "Secure link to the iTunes Store failed."

Any advice or suggestions you can offer would be much appreciated.

Thanks
Comment
Watch Question

IT Director
CERTIFIED EXPERT
Commented:
Hi.

Here are some ideas on how you might be able to fix this problem.

Do you run any software firewalls (Windows Firewall, Symantec Internet Security,etc) on the computers that can't connect to the iTunes store? If so temporarily disable them and see if you can now access the iTunes Store. If this was the problem then you have to create specific rules on the software firewall to allow access to the iTunes store.

If you have already checked this, you can also try the following:

1. Start up your Mac OS X machine.

2. Download and install a program called LittleSnitch (http://www.obdev.at/index.html)
    This is a software firewall for your Mac. You can use this to determine the exact addresses iTunes tries to access.

3. Configure LittleSnitch so that it will prompt you to manually approve each connection attempt.

4. You can then write down all the different addresses and whitelist them on your firewall.

Here are some addresses that iTunes tried to access when I ran little snitch:

iTunes wants to connect to ax.init.itunes.apple.com on TCP port 80 (http)
iTunes wants to connect to p21-buy.itunes.apple.com on TCP port 443 (https)
wants to connect to ax.sidebar.itunes.apple.com on TCP port 80 (http)
wants to connect to traffic.libsyn.com on TCP port 80 (http)
wants to connect to hw.libsyn.com on TCP port 80 (http
wants to connect to hw.libsyn.com on TCP port 80 (http
wants to connect to my.itunes.apple.com on TCP port 80 (http)
wants to connect to a2.mzstatic.com on TCP port 80 (http
wants to connect to se.itunes.apple.com on TCP port 443 (https)
wants to connect to a4.mzstatic.com on TCP port 80 (http)

Depending on where you are located and what podcasts, apps, etc you have in your iTunes Library it will try to access different addresses.

If all this doesn't work try to connect a computer directly to the modem and see if you can connect to the iTunes Store from there. It's highly unlikely but maybe your ISP blocked iTunes for some reason.

Let me know what you come up with.

Author

Commented:
Huge Thank You!

It was actually time.apple.com that was blocking me.  LittleSnitch is an awesome tool for problems like this.

Thanks Again!
Cyrill ReiserIT Director
CERTIFIED EXPERT

Commented:
You're welcome.