iTunes: Troubleshooting security software issues

Products Affected

iTunes

Symptoms

Security software manufactured by companies other than Apple ("third party") can prevent iTunes and other Apple applications from communicating with Apple servers or resources on your computer. Symptoms may include:

Unable to launch iTunes
iOS device, iPod, or Apple TV not seen in iTunes
Unable to connect to, purchase, or download iTunes Store content
Unable to activate, backup, update or restore iOS device or iPods using iTunes
Unable to sync content with an iOS device, iPod, or Apple TV
Unable to use Home Sharing with other computers, iOS devices, or Apple TV
iTunes or computer performance issues while an iOS device is connected, syncing, or backing up
Unable to sync with iOS devices using a Wi-Fi connection

You often can resolve these issues by updating, correctly configuring, or uninstalling security software.

Resolution

Expand All Sections | Collapse All Sections

1. Verify that the issue is a third-party security software issue.

There are some issues that may appear to be related to third-party security software, but may be caused by other circumstances. Before making changes to your security software:

Verify your computer has the correct date, time, and timezone.
Verify you are logged in as an administrative user.
Verify the latest version of iTunes is installed.
Verify the latest Operating System (OS) updates are installed.
Verify your router or modem firmware is up-to-date.
If your PC or router is using proxy settings, try connecting to the iTunes Store without using an internet proxy. See the steps in iTunes for Windows could not establish a secure connection to the iTunes Store.
On a PC you can run the built-in diagnostics in iTunes to test your connections and generate reports. See the steps in Using Network Diagnostics to troubleshoot iTunes store connection issues.

Note: For steps to identify if your security software is blocking a particular port, see the Advanced Steps under the Additional Information section of this article.

2. Update your security software

Security software companies regularly provide updates to their trusted site and application lists. If you have recently updated or installed new versions of Apple software, such as iTunes or Safari, updating your security software may resolve the issue. To update your security software, first determine what security software you have installed.

Here are some means of determining what applications you have installed on your PC:

Click the Start menu (or button) and read through the list of programs.
Check the notification area (the lower-right corner of the task bar) for security applications.
Browse installed applications under Control Panel > Add/Remove.

On a Mac, open the Finder and look in /Applications and /Applications/Utilities.

Find what security software is installed and update it to the latest available version. This may be possible through the application itself, but when in doubt, contact the manufacturer for assistance. Use the following list to identify software you may have installed on your system and to locate available updates.

After updating your security software, run a virus scan.

List of third-party security applications

Product or Manufacturer name	URL
AOL Security Suite	http://daol.aol.com/security/
AVG	http://www.avg.com/
Avast!	http://www.avast.com/
Avira	http://www.free-av.com/
A-squared Free	http://www.emsisoft.com/en/software/free/
BeSecure	http://www.bsecure.com/
BullGuard	http://www.bullguard.com/
CA Internet Security Suite	http://shop.ca.com/
CommTouch	http://www.commtouch.com/
Covenant Eyes	http://www.covenanteyes.com/
CyberPatrol	http://cyberpatrol.com
ESET NOD32	http://www.eset.com/
G Data	http://www.gdatasoftware.com/
Intego	http://www.intego.com/
ioBit	http://www.iobit.com
iolo System Mechanic	http://www.iolo.com/
iolo System Shield	http://www.iolo.com/ss/
Kaspersky security products	http://www.kaspersky.com/
LavaSoft Security Products	http://www.lavasoft.com/
Malwarebytes' Anti-Malware	http://www.malwarebytes.org/
McAfee security products	http://www.mcafee.com/
Norman security products	http://www.norman.com
Norton security products	Configuring Norton security products article
Panda Anti-Virus	http://www.pandasecurity.com/usa/
PC Tools	http://www.pctools.com/
Sophos	http://www.sophos.com/
Stopsign E-acceleration	http://www.stop-sign.com/
Sunbelt Firewall	http://www.sunbeltsoftware.com
Symantec Client and Internet security	http://www.symantec.com/
Spybot Search & Destroy	http://www.safer-networking.org
TDS Internet Security	http://www.tdsbusiness.com/products/internet-and-security/tds-internet-security.aspx#
Trend Micro	http://us.trendmicro.com
Trusteer Rapport	http://www.trusteer.com
[verify-U]	http://www.verify-u.de/
Vipre Antivirus	http://www.vipreantivirus.com/
Virus Security Zero	http://www.sourcenext.com
ZoneAlarm Firewall	http://www.zonealarm.com/

You may need to update, properly configure, disable, or uninstall firewalls and other security software to prevent interference with iTunes. For assistance with this, contact the company that supports the security software you use.

3. Configure your security software

After updating your security software, configure it correctly to allow iTunes to contact Apple. The steps used to properly configure the security software will vary, and to find the exact steps, visit the manufacturer's support website or otherwise contact them for assistance.

Useful information for configuring your security software:

IMPORTANT: iTunes must be allowed to contact Apple using the following ports and servers:

port 80
port 443
phobos.apple.com, deimos3.apple.com, albert.apple.com, gs.apple.com, itunes.apple.com, ax.itunes.apple.com

For a more complete list of ports used by Apple products see "Well known" TCP and UDP ports used by Apple software products.

iTunes also contacts VeriSign servers during an iPhone restore and activation:

evintl-ocsp.verisign.com
evsecure-ocsp.verisign.com

For more information see iOS: Resolving update and restore alert messages.

4. Temporarily disable or uninstall your security software

If the current available version of your security software is incompatible with iTunes, you can disable the security software and test if it is the source of the issue. However, a temporary deinstallation might be required because parts of some security software remain active in the background though they appear to be deactivated. Only temporarily uninstall security software after making sure you can reinstall it and have noted any required licenses.

To reduce any security risks that security software is designed to prevent, consider making sure all files needed to reinstall it are available and disconnect network connections before uninstalling security software. Should this not be possible, such as updating or restoring an iOS device, that required step should be the only process completed without security software. For assistance in checking your configuration, disabling, or uninstalling your security software, please contact the manufacturer.

Once disabled or uninstalled, perform only the steps required to verify your issue has been resolved. Complete whatever update, restore, syncing, back up, activation, or other task you were troubleshooting. Once that task is complete, install and configure compatible security software to ensure your computer is protected.

Additional Information

If you have an issue trying to update or restore your iOS device with iTunes as in this article, try deleting the software restore file or .ipsw file from the location outlined in iTunes: Specific update-and-restore error messages and advanced troubleshooting and re-downloading it with security software uninstalled. Refer back to the article for further steps to resolve restore issues.

There are a number of issues that may appear to be caused by third-party security software, but have another cause. If you receive a specific alert message, search the apple.com/support for alternative resolutions before adjusting security settings. If the steps in an article you find do not resolve the issue then troubleshoot your security software.

"Unable to connect to the iTunes Store" alerts may be due to a variety of reasons other then security software. To learn more, see the steps in Can't connect to the iTunes Store. For a list of other iTunes Store alerts on a PC, see iTunes for Windows: Possible iTunes Store errors.

Even if all necessary ports for a particular feature are open by your PC's security software, you may need to configure your security software to allow specific services to run. For more information about these processes see Background processes installed with iTunes for Windows.

Advanced Steps

Security software may block certain ports that are used by iTunes and other Apple software. If you are a network or computer administrator, you may want to manually find out if certain ports used by Apple software are blocked. See Well known TCP and UDP ports used by Apple software products. Depending on what issue you are having, you can use that article to find out which ports are used by the application or function that is not working properly. Then, follow the below steps to find out whether that port is accessible on your computer or not.

Testing basic connectivity between two computers or devices:

Find the IP address of the Mac, PC, Apple TV, or device you are trying to connect to. Note that many iTunes features that communicate with other computers and devices such as AirPlay, AirTunes, Home Sharing, and Remote require that all computers and devices involved be connected to the same network and same subnet.
- For Mac: Open System Preferences and type "IPv4" into the search field in the upper-right corner of the window and press Return. Note the IPv4 address. (An example is 10.0.1.35)
- For Windows: Choose Start > Run, then type "cmd". Press return to open a Windows Command Prompt. (For Windows Vista and Windows 7, type "cmd" in the search bar then press the return key.) Type "ipconfig", then press Return key. The IP address of the computer you are viewing is displayed next to the line "IPv4 Address". Note this. (An example is 10.0.1.35)
- For Apple TV: Go to the Settings menu on Apple TV, select General > Network. The IP address is displayed.
- For iPhone, iPad, or iPod touch connected via Wi-Fi: Tap Settings > Wi-Fi, and tap the blue arrow next to the Wi-Fi network you are connected to. The IP address will be displayed.
Use Ping to test the basic network connection between your primary computer and the computer or device you are connecting to.

On Mac OS X:

From the Finder, click the Go menu and choose Utilities. Open Network Utility and click the "Ping" tab. Enter the IP address you noted above and click the Ping button. This will confirm that basic network communication with the destination IP address is working. If this fails, you have a basic network connection issue to diagnose See this article for more details on troubleshooting your network connection. Here is an example of a successful ping test:

Here is an example of an unsuccessful ping test:

On Windows:

Choose Start > Run, type "cmd", and press Return to open a Windows Command Prompt. (For Windows Vista and Windows 7, type "cmd" in the search bar and press Return.) Type "ping exampleIP" (without quotations and instead with the IP address you noted above). Press Return; this will confirm that basic network communication with the destination IP address is working. If this fails, you have a basic network connection issue to diagnose. See this Microsoft article for more information. Here is an example of a successful ping test:

Here's an example of an unsuccessful ping test:

Testing specific port communication between two computers or devices:

If you know basic network connectivity is working from using the steps above, the steps below will test specific ports. See Well known TCP and UDP ports used by Apple software products. Depending on what issue you are having, you can use the article to find out which ports are used by the application or function that is not working properly. Then, follow the below steps to find out if that port is accessible on your computer or not:

1.) Test ports on your local computer:

First, test that the desired ports are accessible on the computer you are currently using locally.

For Mac OS X:

From the Finder, click the Go menu and choose Utilities. Open Network Utility and click the Port Scan tab. Enter the IP address "127.0.0.1" (without quotations). Enable the "Only test ports" checkbox and enter the applicable port from this article (such as 3689 for iTunes Music Sharing or AirTunes) in both port number entries. If the issue you are testing involves iTunes, be sure iTunes is open and running in the background. Then, click the Scan button. If you do not see "Open TCP Port:…" (highlighted below) in the scan results, check the security software that is installed on the local computer you are testing on.

Below is an example of a successful local test of port 3689:

successful local test of port 3689 on Mac

Below is an example of an unsuccessful local test of port 3689:

unsuccessful local test of port 3689 on Mac

For Windows:

Open the Command Prompt as follows:

For Windows XP: Click Start > Run then type "cmd" (without quotations). Then, press Return.

For Windows Vista and Windows 7: Click Start, and type "cmd" (without quotations) in the search bar. Then, press Return.
Type "telnet example port" without quotations and instead with the applicable port you wish to test from this article (such as 3689 for iTunes Music Sharing or AirTunes/AirPlay). If the issue you are testing involves iTunes, be sure iTunes is open and running in the background.

Press Return three times in a row.

If the request was successful, you will see a message "400 Bad Request" similar to the following:

If the request was not successful, you will see a "Connect failed" message similar to the image below. If this is the case, check the security software of the Windows PC that is installed on the computer you are testing on.

2.) Test port availability on a different computer on your network:

Test that the desired ports are accessible on a different computer or device on your network. Take note of the IP address of the destination computer or device. (To find the IP address, use the steps above under "Testing basic connectivity between 2 computers or devices".) Identify which port or set of ports you wish to scan, based on which issue your are having. (See Well known TCP and UDP ports used by Apple software products for a list of ports, and take note of the ports pertaining to your issue.)

If the computer used for performing the test has Mac OS X:

Open Network Utility from the Applications > Utilities menu. Click the "Port Scan" tab and enter the IP address of the destination computer or device. (An example may be 10.0.1.35.) Check the "Only test ports…" check box and enter the applicable port from this article (such as 3689 for iTunes Music Sharing, AirTunes/AirPlay) in both port number entries. If the issue you are testing involves iTunes, be sure iTunes is open and running on the destination computer. Then, click the "Scan" button. If you do not see "Open TCP Port:…" (highlighted below) in the scan results, check the security software of the Mac or PC that is installed on the destination computer you tried reaching.

Below is an example of a successful test of port 3689 on a destination computer:

successful test of port 3689 on a destination computer on Mac

Below is an example of an unsuccessful local test of port 3689. If this occurs, test whether or not the same port is accessible by following the steps above under "Test ports on your local computer". If the same port is accessible on the other computer locally, the issue may lie in the network configuration. Check your network settings or network administrator. If the port is not accessible on the other computer locally, check the security software on the destination computer.

Unsuccessful local test of port 3689 on Mac

If the computer used for performing the test has Windows:

Open the Command Prompt as follows:
For Windows XP: Click Start > Run then type "cmd". Press the return key.
For Windows Vista and Windows 7: Click Start, and type "cmd" in the search bar. Press the return key.
Type telnet followed by a space, the IP address of the destination computer or device, (for example, 10.0.1.35), another space, then type the applicable port number you wish to test from this article (such as 3689 for iTunes Music Sharing, AirTunes/AirPlay). If the issue you are testing involves iTunes, be sure iTunes is open and running on the destination computer.
Press the return key 3 times in a row.
If the request was successful, you will see a message "400 Bad Request" similar to the following:

If the request was not successful, you will see a "Connect failed" error, similar to the image below. If this occurs, test whether or not the same port is accessible by following the steps above under "Test ports on your local computer". If the same port is accessible on the other computer locally, the issue may lie in the network configuration. Check your network settings or network administrator. If the port is not accessible on the other computer locally, check the security software on the destination computer.

This document will be updated as more information becomes available.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Rate this article: