WSS Agent user cannot access internet sites via WSS after machines hibernate / sleep
search cancel

WSS Agent user cannot access internet sites via WSS after machines hibernate / sleep


Article ID: 245372


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Users running WSS Agent to access protected resources through WSS.

Hibernating laptops running agents have connectivity issues when resuming next morning.  

WSS Agent UI shows 'connected' state below but without any data center information and users cannot access anything on Internet:

Clicking Reconnect button allows the agent to successfully resume the connection and access protected sites. 

WSS Agent logs indicates that tunnel is actually disconnected:  

[10:40:00]: Tunnel#20(non-interactive-user) Disconnected:  Nat IP:
[10:40:00]: Tunnel#21(BCOM\ABCD123) Disconnected:  Nat IP:




WSS Agent 7.3.5

Windows platform


WSS Agent hibernation defect caused tunnel reconnect failure.


 Apply WSS Agent 8.1.1 or greater.

Additional Information

When a machine is put to sleep on Windows, it transitions from a "light" form of sleep to a "deep" sleep over a period of time. During this transition, applications are awakened to possibly perform any needed functions before being hibernated.
If the WSS Agent happens to try and send a packet while this transition phase is "active", then we may hit a race condition which leads to the tunnel being closed, but not cleaned up and hence causing our issue. 

This can be reproduced by sleeping a machine for more than (what appears to be) 10 minutes - this is the timeframe when the sleep->hibernate transition appears to happen based off of logs we had. If an application on the host is sending traffic during that same transition, we may hit the scenario. .