OS apps on iOS11

miregan
Contributor II

Since upgrading to iOS 11 alot of the core OS apps are no longer working such as facetime, notes, mail, etc. When I go to general>storage>mail the iPad asks me to restore Mail and that I can restore it from the app store. We do not block the app store on our network however we do block iOS updates. It seems that by blocking iOS updates we are also blocking the core OS apps from working on iOS 11. Has anyone else seen this? Is there a workaround? Currently, after a device is factory reset and you are back into the iPad most of the core OS apps show 'waiting' which is a big issue in our environment.

Thank you.

5 REPLIES 5

cpdecker
Contributor III

Can confirm I am seeing this on iOS 11 when iOS updates are blocked at a network level. I did not realize this is what was happening and was troubleshooting this issue, so you saved me a ton of time with your post. I don't have any advice right now but did want to say thanks!

miregan
Contributor II

Hey cpdecker...I believe we have got a workaround in place and will finish testing it out tomorrow. I will let you know once it I have verified its working.

miregan
Contributor II

cpdecker for now we are blocking gs.apple.com. This does not stop the download of the iOS however it does stop the ios update from being able to verify and install. I tried blocking the mesu.apple.com/assets/softwareupdate.xml url but for whatever reason the ipads are still finding the update as available and able to download it. You could also install a tvos beta profile which forces the device to report back as up to date however this did not work for us in reality as it requires a reboot after the configuration profile is installed.

cpdecker
Contributor III

Thank you for the heads up. I had noticed some years ago that blocking mesu.apple.com/assets/softwareupdate.xml was no longer working, probably around iOS 9 release, and started using a built-in "Apple SoftwareUpdate" signature on our traffic policing box. As it is 'signature-based', I haven't been entirely sure what's being blocked. Just curious if you have seen if the iPad is able to go ahead and verify and install the previously downloaded update once gs.apple.com is unblocked? Might be an interesting way to allow pre-loading the iOS before allowing users to update.

miregan
Contributor II

Once gs.apple.com is unblocked the update can verify and install however I actually went a different route and stored a .js file on our local web server in the dmz. I then created a Global HTTP Proxy filter for the ipad pointing to the url of that file which is currently blocking those iOS updates but allowing the core OS apps to function. The file is very simple in nature:

function FindProxyForURL(url, host) {
if (localHostOrDomainIs(host, "mesu.apple.com")) {
return "PROXY 8.8.8.8:53";
}
else {
return "DIRECT";
}
}

It seems to be working alright so far