05-20-2015 09:14 AM
Hi there. We upgraded to WSA Ironport v8.5.1 about a month ago when reportedly some iMessage clients stopped working. iMessage is Apple's text/IM application all rolled into one (im not an iMessage user so forgive my basic description). The app is impacted only on iMacs and Apple laptops, not on iPhones or iPads (presumably because those go through the cell network as opposed to iMacs and laptops which use the LAN/WAN). The symptom is that the cliennts cannot send/receive messages after the WSA AsyncOS upgrade to 8.5.1 though we did not change any settings.
After some troubleshooting with two iMessage users, we see this strange log over and over:
which we know to represent the HTTP error code 503 for "Service Unavailable", however we've seen these errors in the past with cypher issues and other issues related to SSL. Strangely enough the "courier.push.apple.com" URL does not resolve to any IP so it is not a valid DNS name (not sure how it is resolving at all - but see dig to 8.8.8.8 pasted below in case this is doubted) and the Apple IP addresses in the 17.0.0.0/8 block do not have PTR records. My question is whether anyone has had similar issues on WSA with iMessage, and if so what did you do to resolve these? Thanks.
[user@Linux ~]$ dig @8.8.8.8 courier.push.apple.com
; <<>> DiG 9.3.4-P1 <<>> @8.8.8.8 courier.push.apple.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7522
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;courier.push.apple.com. IN A
;; ANSWER SECTION:
courier.push.apple.com. 235 IN CNAME courier-push-apple.com.akadns.net.
;; AUTHORITY SECTION:
akadns.net. 179 IN SOA internal.akadns.net. hostmaster.akamai.com. 1432137946 90000 90000 90000 180
;; Query time: 227 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed May 20 09:05:46 2015
;; MSG SIZE rcvd: 150
[user@Linux ~]$ dig @8.8.8.8 courier-push-apple.com.akadns.net
; <<>> DiG 9.3.4-P1 <<>> @8.8.8.8 courier-push-apple.com.akadns.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38762
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;courier-push-apple.com.akadns.net. IN A
;; AUTHORITY SECTION:
akadns.net. 179 IN SOA internal.akadns.net. hostmaster.akamai.com. 1432137978 90000 90000 90000 180
;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed May 20 09:06:18 2015
;; MSG SIZE rcvd: 117
06-10-2015 03:28 PM
This has been linked to the following bug: CSCuj04486
No ETA as of yet, the workaround implemented was the following:
IMESSAGES WORKAROUND TO GET SMS TEXT TO WORK (Excludes MMS)
Choose the operation you want to perform:
NEW - Add new local IP to host mapping.
DELETE - Delete an existing mapping.
[]> new
Enter the IP address of the host you are adding.
[]> 17.172.233.123
Enter the canonical host name and any additional aliases (separate values with spaces)
[]> courier.push.apple.com
07-01-2015 01:54 PM
I have had similar issues, not with imessage, but with an application that uses https. First IP would passthrough, the rest of them would get similar messages as yours with OTHER-NONE. I had TAC look into it and try different things, including bypassing authentication for the client IP to no avail. I finally said screw it and added the 5 IP's the client uses to the bypass list. Problem solved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide