KB: Cannot install or use Altium possibly due to url and ports being blocked

Altium Designer Altium Designer
Starting in version: 18 Up to Current
Error messages like "Ciiva - The underlying connection was closed...", "Ciiva - An exception occurred during a WebClient request.", and "Push notifications service was not properly initialized" infers that your organization has strict firewall rules and/or antivirus running, that some URLs and ports need to be opened or whitelisted. If there is difficulty with installing or running Altium while connected to a VPN, but disconnecting from the VPN resolves the issues, then most likely it is due to the blockage of such network traffic.

Solution Details

Sometimes when connected to a VPN, data traffic intended to go to an internet location will try to access the internet through the VPN rather than your local internet provider.  When this happens, the traffic is subject to the rules and filters of the VPN.  If things stop working while connected your organization's VPN, your IT support may need to unblock some network traffic.  Give them this information and see if they can make a change for you.

If your local area network is "hardened" (made more secure than default) it may be necessary to have your IT department open some ports and white list some website addresses to allow proper communications for the online installer, database connectivity, parts and supplier information, etc.
 
These addresses need to be unblocked to use the online installer and sign in: 

http://appregistry.api.altium.com/
http://appregistry.live.altium.com 
http://vaultinstallation.live.altium.com 
http://vaultinstall.altium.com  
http s// prd-v3.alt ium.com
godaddy.com (for security certificates)

amazontrust.com (To access an On-Demand license)
 
And these for updates:
"vaultinstall.altium.com", "appregistry.live.altium.com", "vaultinstallation.live.altium.com", "install.altium.com", "installation.altium.com "
 
 
To download and run  Altium Designer: In addition to disabling heuristic scanning for your Antivirus, you may need to have the following ports configured (unblocked) in Windows or your network software / hardware firewall: 
 
Internet Ports:
     (http):
80
9495 (used by Content Cart)
9880 (used for HTTP and SOAP requests)
9843 is used for encrypted authentication with SSH.
     (https/SSL):
443 (Used by Altium Designer client, Altium License Manager and the AltiumVaults).
 
VPN Ports: 1194 and 1723 (Used by Virtual Private Network software and relates to users trying to connect to their company network server over a VPN connection from a remote (off site) location.
 
Network ports: 
TCP 9780 and 9785 (Used for communications between the Altium Infrastructure Server License manger and the client software)
TCP 21001 and UDP 20001 & 20002 (Used for the Legacy Altium Private Server License manager)
HTTP Port - 9780
HTTPS Port - 9785
Synchronization Service Port - 9791
LDAP Service Port - 9790
Websocket Port - 4649
Firebird Server Port - 3050
SVN Port - 3690
 
 
Http addresses that may need to be unblocked: *.altium.*, *.compute-1.amazonaws.com, s3.amazonaws.com,  *.cloudfront.net, *.marketo.*, OctoPart.com
For example: (http://installation.altium.com), (http://activation.altium.com), (https://workspaces.altium.com) (portal2.altium.com), (portal2.altium.eu), (portal2.altium.com.cn) , (portal1.altium.com), (portal1.altium.eu), (portal1.altium.com.cn), (Portal365.Altium.com), (*.api.altium.com), (payments.altium.com), (firmware.altium.com), (live.altium.com), (blog.live.altium.com)
 
For  Techdocs (also Key "F1") in Altium client: "techdocs.altium.com", "altium.com/documentation"", "munchkin.marketo.net", "app-sjf.marketo.com", "google-analytics.com", "tag.bounceexchange.com", "api.bounceexchange.com", "googletagmanager.com", "googleadservices.com", "a.adroll.com", "*.mktoresp.com" and "connect.facebook.net"
 
If you are running a Proxy server for network access, this documentation has information to support the use of a Proxy Server with an on-site managed content server:
https://www.altium.com/documentation/altium-concord-pro/support-proxy-server
 
Supplier & Part Searches 
For communication between Altium Designer or an on-site managed content server and the Altium Parts Provider, verify that the following sites/ports are allowed:
 
As a minimum:
api.ciiva.com:443
api3.ciiva.com:443
ciiva.com:443
ids.live.altium.com (for licenses functionality)
ids.api.altium.com
ids.altium.com

More generally:
vault.live.altium.com:80
partcatalog.altium.com:80
http://partcatalog.webservice.altium.com:80

All URLs necessary for on-site managed content servers are also described in the
LocalVault.ini config-file, which is located in the server's default installation root folder path – typically: 
C:\Program Files (x86)\Altium\[Altium Concord Pro]or[Altium NEXUS Server]or[Altium Vault]\
Some key ones to note:
IndentityCloudServiceUrl=http://ids.live.altium.com/ids?cls=soap
For using the BOM in the web ui, these URL's are required:
VaultContentServiceURL=http://vault.live.altium.com?cls=soap
GlobalPartCatalogServiceUrl=https://partcatalog.api.altium.com/PartCatalogService.svc
If you find an issue, select the text/image and pressCtrl + Enterto send us your feedback.