WSS Agent user cannot access internet sites via WSS after machines hibernate / sleep
Article ID: 245372
Updated On: 07-06-2022
Products
Issue/Introduction
Users running WSS Agent to access protected resources through WSS.
Hibernating laptops running agents have connectivity issues when resuming next morning.
WSS Agent UI shows 'connected' state below but without any data center information and users cannot access anything on Internet:
Clicking Reconnect button allows the agent to successfully resume the connection and access protected sites.
WSS Agent logs indicates that tunnel is actually disconnected:
(UTC+5:30)
[10:40:00]: Tunnel#20(non-interactive-user) Disconnected: Nat IP: 10.243.67.197
[10:40:00]: Tunnel#21(BCOM\ABCD123) Disconnected: Nat IP: 10.242.72.124
Environment
WSS Agent 7.3.5
Windows platform
Cause
WSS Agent hibernation defect caused tunnel reconnect failure.
Resolution
Apply WSS Agent 8.1.1 or greater.
Additional Information
When a machine is put to sleep on Windows, it transitions from a "light" form of sleep to a "deep" sleep over a period of time. During this transition, applications are awakened to possibly perform any needed functions before being hibernated.
If the WSS Agent happens to try and send a packet while this transition phase is "active", then we may hit a race condition which leads to the tunnel being closed, but not cleaned up and hence causing our issue.
This can be reproduced by sleeping a machine for more than (what appears to be) 10 minutes - this is the timeframe when the sleep->hibernate transition appears to happen based off of logs we had. If an application on the host is sending traffic during that same transition, we may hit the scenario. .
Feedback
