When a user goes to download an app the app just sits at waiting/installing. Eventually it times out. When I grep the access logs it shows the ipad bouncing from one apple server to another. If I give the ipad a static ip address that goes around the ironport the app will install so I am pretty certain the problem on the WSA. We have a S670 running a version of 7.7.
I have the same issue, on a 5508 WLC. Apple devices trying to download/upgrade apps just hang and never download. I just installed the lasted software 22.214.171.124 on my WLC hoping that would help but the issue still exists. Then I tried the Field Upgrade Image 126.96.36.199 as well, and still not working. I am going to open a TAC case and if I get any answers I will post them here.
Ok so I opened a TAC case and all they could do is confirm it wasn't my wireless controller. I did however find out what was plaguing my network and hopefully this will help someone else. I found that there was a Mac OS X cache server on my network. For details on this see, http://www.nbalonso.com/os-x-server-caching/ Basically it registers with apple using our public IP and then any apple device on our network that try to download from apple from that same IP apple then points it back to the cache server on our network. The problem was that there were no routes back to that cache server as it was in someones lab. I was able to track down the server using a packet capture on my ASA to find out which device on my network was trying to reach lcdn-registration.apple.com/lcdn/register you can do an nslookup to see what the IP is, i don't know if it changes. Once I had the cache servers IP address I was able to trace the mac address back to the source and shutdown his network port. iOS downloads are now able to work again. The main problem was that iTunes, Mac, and even iOS 7 would try this but time out and then go download from apple anyways, iOS 8 however would never do get past looking for the cache server and the download would never start. Like I said I hope this helps someone else out there, apple implementation of a cache server is very poorly designed in my opinion if it can lead to this type of disruptive behavior.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...