cancel
Showing results for 
Search instead for 
Did you mean: 
Bert
Level 7

Play Store not accessible for Android clients

We have a WiFi-network specially for mobile devices. This includes a McAfee Web Gateway.

Every time a user wants to download (or upgrade) an app from the Play Store (previous Android Market) a 406 error is returned. It seems that this

is an HTTP error-message.

We only see this error when traffic is proxied via the McAfee Web Gateway. We've whitelisted *.android.clients.google.com totally but this did not help.

This occurs on all Android smartphones and all OS versions.

Has anyone seen this behaviour before?

Kind regards,

Bert

11 Replies
alexott
Level 11

Re: Play Store not accessible for Android clients

Hello

Could you provide more details on MWG: which version are you using? Do you use virus scanning or media type filtering rules?

0 Kudos
Bert
Level 7

Re: Play Store not accessible for Android clients

We use version 6.9.1 build 1257. For a test we've whitelisted *.android.clients.google.com (diabled Media Type Filter, All AV Engines, Proactive Scanning, etc.) in the policy.

We get the following error message on Android devices: '<app name>' could not be downloaded due to an error. (406)

HTTP errorsmessage 406 has the following description:

406 Not Acceptable: The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request

Thanks,

Bert

0 Kudos
anthonydsusd
Level 7

Re: Play Store not accessible for Android clients

We are having the same issue on version 7.2.5.2.0 what I did to fix the playstore at least in our test environment.  I specified the URLs that the playstore use to bypass authentication and just be filter through.  At the rule set for “Direct Proxy Authentication and Authorization” is listed the following Google URL’s to bypass authentication.

*.google.com                <-- need to download content

*.android.com               <-- need to download content

*.googleusercontent.com      <-- need for images to show up

*.gstatic.com                <-- need for images to show up

*.ggpht.com                  <-- need for images to show up

I don’t know remember if you can bypass authentication in version 6.x we upgraded to 7.x more than a year ago and the interface in completely different.  Also we allowing direct access through our firewall to the Google IP address only through ports 80, 443 and, 5228.  I may be a combination of both firewall and WebGateway settings that allows the playstore to work. I am having our end user try there tablets to see if they are able to access the playstore and download apps like normal. I will repost the results once I get more feedback for them.

0 Kudos
shaneg
Level 9

Re: Play Store not accessible for Android clients

This issue has posed a problem for us in our wireless environment as well, however I have found some sort of 'resolution' to it. 

One thing that NEEDS to happen is to install the MWG security certificate.  Without this, your SSL requests and responses will (normally) fail and you will be stuck scratching your head.

I ended up creating a new list for Google junk that related to my ruleset in the whitelisting for Android devices -

www.google.com

accounts.google.com

clients3.google.com

drive.google.com

www.googleapis.com

ssl.gstatic.com

*docs.google.com

*drive.google.com

*googleusercontent.com

*play.google.com

*android.clients.google.com

Are all of them necessary?  Maybe... Maybe not... But it works (and this is what Google has listed for their 'suite')

Another thing I had to do was manually enter in the proxy info into my wireless settings (on the droid device) of the network with the MWG setup. (i.e. 10.x.x.123 port 8080)     For some odd reason, it appears that Android, wireless, and MWG dont like to play together in harmony unless explicit directions are specified.  

One thing I do know is Android does NOT (natively) use 'authentication' with its proxy settings (hence why you have to set the allowed exceptions near the top of your rulesets)   

Let me know if this helps.

Message was edited by: shaneg on 10/4/12 10:50:09 AM CDT
0 Kudos
sroering
Level 13

Re: Play Store not accessible for Android clients

Have you checked the access.log for status code 406?  might be a quick way to find the URLs.  It shouldn't be a common status code, so should be easily distinguishable.

0 Kudos
pbrickey
Level 11

Re: Play Store not accessible for Android clients

For Web Gateway 6x, the problem is most likely 'content type adaptation' so you'll need to whitelist *.android.clients.google.com from this. If you have an existing whitelist entry for google.com, be sure to place the new whitelist entry above the existing one or add the checkbox to the existing google.com entry.

0 Kudos
gertv
Level 7

Re: Play Store not accessible for Android clients

Running MWG 7.5.0.3.0 we are not able to allow android clients to connect to the Google Playstore. The clients are connecting to the playstore on IP-base and for some reason the Web Gateway is not doing a dns fowarding for this IP.

Even the app google playstore aren't working

0 Kudos
mbagheryan
Level 12

Re: Play Store not accessible for Android clients

try to fetch google SSL in ssl scanner.

0 Kudos
gertv
Level 7

Re: Play Store not accessible for Android clients

Android clients are using transparent proxy and there's is no SSL scanning for these clients.

Any idea how we can fix this issue?

0 Kudos