You have an issue with some of the clients using the SEP/SES agent with SEP NTR status showing:
"Network Traffic Redirection Failed to Authenticate. Wait while the client tries to reconnect"
- There is no internet connectivity
- Pac File mode / redirect
- Disabling / Re-enabling NTR does not help / Symantec Endpoint Protection Local Proxy service is running
The request for https://client-id.wss.symantecc.com:443/sso was attempting to be send directly. It needs to be send to WSS or else authentication will fail.
The customer had bypassed the IP behind the hostname by adding it to their 'Bypassed Traffic' section in WSS portal, so SEP WTR was trying to route the request directly.
Ensure that the hostname client-id.wsss.symantec.com or the IP 220.127.116.11 is not bypassed from WSS.
The seamless identification involves the process of identifying the endpoint organization and negotiating a session key to encrypt an authorization token for each requests sent to WSS. This process is done seamlessly between the agent and secure gateway handling the web-traffic over the WSS ingress data-path. As such, you need to ensure that the client-id url is not bypassing WSS.