We have a WiFi-network specially for mobile devices. This includes a McAfee Web Gateway.
Every time a user wants to download (or upgrade) an app from the Play Store (previous Android Market) a 406 error is returned. It seems that this
is an HTTP error-message.
We only see this error when traffic is proxied via the McAfee Web Gateway. We've whitelisted *.android.clients.google.com totally but this did not help.
This occurs on all Android smartphones and all OS versions.
Has anyone seen this behaviour before?
We use version 6.9.1 build 1257. For a test we've whitelisted *.android.clients.google.com (diabled Media Type Filter, All AV Engines, Proactive Scanning, etc.) in the policy.
We get the following error message on Android devices: '<app name>' could not be downloaded due to an error. (406)
HTTP errorsmessage 406 has the following description:
406 Not Acceptable: The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request
We are having the same issue on version 188.8.131.52.0 what I did to fix the playstore at least in our test environment. I specified the URLs that the playstore use to bypass authentication and just be filter through. At the rule set for “Direct Proxy Authentication and Authorization” is listed the following Google URL’s to bypass authentication.
*.google.com <-- need to download content
*.android.com <-- need to download content
*.googleusercontent.com <-- need for images to show up
*.gstatic.com <-- need for images to show up
*.ggpht.com <-- need for images to show up
I don’t know remember if you can bypass authentication in version 6.x we upgraded to 7.x more than a year ago and the interface in completely different. Also we allowing direct access through our firewall to the Google IP address only through ports 80, 443 and, 5228. I may be a combination of both firewall and WebGateway settings that allows the playstore to work. I am having our end user try there tablets to see if they are able to access the playstore and download apps like normal. I will repost the results once I get more feedback for them.
This issue has posed a problem for us in our wireless environment as well, however I have found some sort of 'resolution' to it.
One thing that NEEDS to happen is to install the MWG security certificate. Without this, your SSL requests and responses will (normally) fail and you will be stuck scratching your head.
I ended up creating a new list for Google junk that related to my ruleset in the whitelisting for Android devices -
Are all of them necessary? Maybe... Maybe not... But it works (and this is what Google has listed for their 'suite')
Another thing I had to do was manually enter in the proxy info into my wireless settings (on the droid device) of the network with the MWG setup. (i.e. 10.x.x.123 port 8080) For some odd reason, it appears that Android, wireless, and MWG dont like to play together in harmony unless explicit directions are specified.
One thing I do know is Android does NOT (natively) use 'authentication' with its proxy settings (hence why you have to set the allowed exceptions near the top of your rulesets)
Let me know if this helps.Message was edited by: shaneg on 10/4/12 10:50:09 AM CDT
Have you checked the access.log for status code 406? might be a quick way to find the URLs. It shouldn't be a common status code, so should be easily distinguishable.
For Web Gateway 6x, the problem is most likely 'content type adaptation' so you'll need to whitelist *.android.clients.google.com from this. If you have an existing whitelist entry for google.com, be sure to place the new whitelist entry above the existing one or add the checkbox to the existing google.com entry.
Running MWG 184.108.40.206.0 we are not able to allow android clients to connect to the Google Playstore. The clients are connecting to the playstore on IP-base and for some reason the Web Gateway is not doing a dns fowarding for this IP.
Even the app google playstore aren't working