WSS Agent user cannot access internet sites via WSS after machines hibernate / sleep
search cancel

WSS Agent user cannot access internet sites via WSS after machines hibernate / sleep

book

Article ID: 245372

calendar_today

Updated On: 07-06-2022

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Users running WSS Agent to access protected resources through WSS.

Hibernating laptops running agents have connectivity issues when resuming next morning.  

WSS Agent UI shows 'connected' state below but without any data center information and users cannot access anything on Internet:

Clicking Reconnect button allows the agent to successfully resume the connection and access protected sites. 

WSS Agent logs indicates that tunnel is actually disconnected:  

(UTC+5:30)
[10:40:00]: Tunnel#20(non-interactive-user) Disconnected:  Nat IP: 10.243.67.197
[10:40:00]: Tunnel#21(BCOM\ABCD123) Disconnected:  Nat IP: 10.242.72.124

 

 

Environment

WSS Agent 7.3.5

Windows platform

Cause

WSS Agent hibernation defect caused tunnel reconnect failure.

Resolution

 Apply WSS Agent 8.1.1 or greater.

Additional Information

When a machine is put to sleep on Windows, it transitions from a "light" form of sleep to a "deep" sleep over a period of time. During this transition, applications are awakened to possibly perform any needed functions before being hibernated.
If the WSS Agent happens to try and send a packet while this transition phase is "active", then we may hit a race condition which leads to the tunnel being closed, but not cleaned up and hence causing our issue. 

This can be reproduced by sleeping a machine for more than (what appears to be) 10 minutes - this is the timeframe when the sleep->hibernate transition appears to happen based off of logs we had. If an application on the host is sending traffic during that same transition, we may hit the scenario. .