iOS Enterprise Deployement: Clicking on itms-services link results in "Cannot connect to [domain]" error

ios iphone ssl plist ipa

19,962

Solution 1

I had this problem and none of the documented solutions here, or in other answers, worked for me. Using a correct SSL certificate, it was possible to load the plist in safari, on the target device with no problems. However, attempting to install using the "itms-services://..." link would always fail with the "Cannot connect to [domain]" error.

The problem was the intermediate SSL certificate was not configured on the web server. Web browsers had no problem with this, SSL was valid, but connecting the device to a Mac, and viewing the log through the devices panel in XCode showed the below error:

iPhone itunesstored[83] <Warning>: Could not load download manifest with underlying error: Error Domain=NSURLErrorDomain Code=-1202 "Cannot connect to the Store".... "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “[mydomain]”, which could put your confidential information at risk."

Installing the intermediate SSL certificate on Apache solved this issue.

Solution 2

I had a problem like this for a while and it was driving me crazy. I was getting the popup "Cannot connect to [domain]" and I saw the same error in the log "Cannot connect to iTunes Store."

The original problem was that I had a missing ">" in my .plist xml file.

But I fixed the missing ">" and it worked on another ipad. So, it should have worked on the original ipad, right? Well, no, because the bad plist with the typo must have still been in the cache of that ipad.

So, the fix is to either rename the .plist file, or shut down and "re-boot" the ipad, or find some other way of clearing your ipad's cache of the bad plist file.

Solution 3

I was receiving the same error.

In my case, the ".plist" wasn't accessible.

My resolution was to add the appropriate mime-types to the website being hosted by Internet Information Services (IIS).

Namely, ".ipa", and ".plist".

Solution 4

Not sure this would have helped the original poster as I don't know how itms-services works, but it might help other seeing the "Cannot connect to [domain]" error.

We were trying to install an enterprise deployment through Safari and kept seeing this error. The plist was fine and the ipa file it pointed to would download if we entered the url directly. However we realised we were making the first (pre-install) connection through http. Changing this to https allowed the installation to proceed as expected.

Solution 5

Check for any trailing slashes on your URL link value for TEMP_URL and remove them. If you test the URL with trailing slashes on a browser it will download without problem. In the plist it will fail.

View more solutions

19,962

Author by

David Jones

Updated on July 02, 2022

Comments

David Jones almost 2 years

In an effort to deploy an enterprise iOS app, I've created the following link:

Unencoded version (for easy reading):

<a href="itms-services://?action=download-manifest&url=https://example.com/api/distribution/ios?token=abc123">Download</a>

Encoded version:

<a href="itms-services://?action=download-manifest&url=https%3A%2F%2Fexample.com%2Fapi%2Fdistribution%2Fios%3Ftoken%3Dabc123">Download</a>

The link is properly encoded, as discussed here and here.

Assuming the user's token is valid, a .plist file is returned via SSL, as discussed here. The URL of the .ipa file referenced in the .plist file is generated on the fly. Here is what the .plist file looks like:

<plist version="1.0">
<dict>
    <key>items</key>
    <array>
        <dict>
            <key>assets</key>
            <array>
                <dict>
                    <key>kind</key>
                    <string>software-package</string>
                    <key>url</key>
                    <string>TEMP_URL</string>
                </dict>
            </array>
            <key>metadata</key>
            <dict>
                <key>bundle-identifier</key>
                <string>org.cocos2d.ready-ios</string>
                <key>bundle-version</key>
                <string>0.0.1</string>
                <key>kind</key>
                <string>software</string>
                <key>title</key>
                <string>Ready</string>
            </dict>
        </dict>
    </array>
</dict>
</plist>

As far as I can tell, our GoDaddy SSL certificate appears to be on the trusted list.

However, despite all of the above, after tapping the link and waiting a moment, I receive the following error:

Cannot connect to [domain]

This is the iPhone console output after tapping the link:

Aug 29 07:30:56 My-iPhone wifid[15] <Notice>: WiFi:[431015456.799163]: Client itunesstored set type to background application
Aug 29 07:30:56 My-iPhone wifid[15] <Notice>: WiFi:[431015456.804319]: BG Application: Not Present, BG Daemon: Present. Daemons: apsd networkd itunesstored 
Aug 29 07:30:56 My-iPhone wifid[15] <Notice>: WiFi:[431015456.806066]: Already connected to [Company Name].
Aug 29 07:30:58 My-iPhone itunesstored[100] <Warning>: Could not load download manifest with underlying error: Error Domain=SSErrorDomain Code=2 "Cannot connect to iTunes Store" UserInfo=0x15788270 {NSLocalizedDescription=Cannot connect to iTunes Store}
Aug 29 07:31:03 My-iPhone wifid[15] <Notice>: WiFi:[431015463.925398]: Client itunesstored set type to normal application
Aug 29 07:31:03 My-iPhone wifid[15] <Notice>: WiFi:[431015463.928745]: BG Application: Not Present, BG Daemon: Present. Daemons: apsd networkd

Any ideas?