Technically Impossible

Lets look at the weak link in your statement. Anything "Technically Impossible" basically means we haven't figured out how yet.

トップ > English post > Solutions for iCloud Connection Error - Review Hosts, DNS or Browser's extensions as Ad Blocker

Solutions for iCloud Connection Error - Review Hosts, DNS or Browser's extensions as Ad Blocker

English post IT

When connection error is occured at iCloud and Apple's services are all green, its root cause is the user's environment.

Although Apple mentions about sign in issue, there is no official answwers about connection issue*1.
Regarding connection issue, the next solution is often suggested*2,

  1. Set Google DNS for IPv4 network interface
  2. Turn IPv6 network interface OFF

But this is not always the solution, atleast not decisive one. If DNS and its name resulution is the root cause, all browsers installed in a single PC failes connecting to iCloud. And same to IPv6.
But there is the case that certain browser can't connect but others are no problem, example in case that connection with Chrome Canary is failed, but stable version of Chrome is OK.

In such case, an use may doubt Chrome Canary has root cause of connection issue. This is right guess logically, but the true root cause is not there. Because obstructive factor of connection including name resolution is the root cause. A user must identify affecting only to certain browser.

This post introduces some solutions for this issue. Simply, to domains that iCloud depnds on,

  1. Review name resolution
  2. Identify obstructive factor of connection

However, due to the circumstances above, it is not possible to provide a common procedure for dealing with each individual case. An user needs indentify the scope of affection, and then take the necessary measures for each casae in consideration of the suggested solutions.

However, due to the above circumstances, it is not possible to provide a common procedure for dealing with each individual case. First, please identify the scope of the problem, and then take the necessary measures for each case in consideration of the proposed solutions.

Assumption - domains that iCloud depends on

iCloud needs to refer resources under following domains to work itself properly. "*" means that iCloud needs to refer resources under any sub domains.


domain for connect

*.apple.com
*.apple-mapkit.com
*.cdn-apple.com
*.icloud.com
*.icloud.com.cn
*.icloud-content.com
*.icloud-content.com.cn



domain for font

*.apple.com
*.cdn-apple.com
*.icloud.com
*.icloud.com.cn



domain for form

*.apple.com
*.icloud.com
*.icloud.com.cn



domain for frame

*.apple.com
*.icloud.com
*.icloud.com.cn
*.icloud-content.com
*.icloud-content.com.cn
*.icloud-sandbox.com



domain for image

*.apple.com
*.apple-mapkit.com
*.cdn-apple.com
*.icloud.com
*.icloud.com.cn
*.icloud-content.com
*.icloud-content.com.cn



domain for media

*.apple.com
*.cdn-apple.com
*.icloud.com
*.icloud.com.cn
*.icloud-content.com
*.icloud-content.com.cn



domain for script

*.apple.com
*.apple-cloudkit.com
*.cdn-apple.com



domain for style

*.apple.com

In this post, we have a problem to connect with the iCloud, so we should focus on the "connect" domain. In particular, the following sub-domains.

appleid.cdn-apple.com

Intention of all solutions below is to solving name resolution for this domain, and access any resouces under it.

Solutions

First, the scope of the problem as mentioned earlier, is iCloud not available on all browsers on the PC or just some?

In case that all browsers can't access

  • Review hosts file
  • Review DNS
  • Review Internet security software

In case that certain browser can't access

  • Review browser's extensions, especially Ad Blocke

In either case, ensure that not only name reslution properly work, but also NOT explicitly reject accessing to certain sub domain as black list.

Review hosts file

Hosts file has prior than DNS in name resolution. As long as hosts file includes record to prevent accessing to certain domain, a user can't reach there even if name resolution on DNS properly works.

Unless there is a special reason, DNS should provide name resolution of sub domain such as "appleid.cdn-apple.com". In other words, hosts file should not include records for sub domain without a special reason. If there is records related "appleid.cdn-apple.com", they should be removed or comment out.

Review DNS

Regardless of what DNS is used, there is possibility that name resolution for certain sub domain doesn't work properly. Example, using DNS services with security option as Ad blocking, it may prevent from accessing cetain sub domain.

If name resolution for "appleid.cdn-apple.com" doesn't work properly, DNS service should be switched to other appropriate one.

Review Internet security software

There is possibility that firewall prevents from accessing to certain domain. Review whethere "appleid.cdn-apple.com" is blocked.

Simple way is to access iCloud with turning firewall OFF. If accessible, turning firewall on, and search and delete firewall policy related "appleid.cdn-apple.com".

Review browser's extensions

Browser extensions, especially for Ad blocking may prevent from accessing to certain domain. Review whethere "appleid.cdn-apple.com" is blocked.

Simple way is to access iCloud with turning extension OFF one by one. If not accessible, that extension is the root cause. Turn that extension off, or remove it. Or contact its developer to request its improvement.

*1:support.apple.com

*2:discussions.apple.com