WSS Agent logs continuously reporting "Whoami request failed” messages
search cancel

WSS Agent logs continuously reporting "Whoami request failed” messages

book

Article ID: 258983

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Users accessing internet via Cloud SWG using WSS Agent hosts successfully.

Users authenticate to Cloud SWG service via SAML Identity Provider.

Users report seeing hundreds of "Whoami request failed" messages within the Agent logs.

Message appears cosmetic as no users seem to be impacted negatively.

PAC files pushed to WSS Agent users to send traffic into ep.threatpulse.net:80.

 

Environment

WSS Agent.

SAML Based authentication.

Cause

WSS Agent hosts cannot communicate with client-id.wss.symantec.com.

Resolution

Make sure that client-id.wss.symantec.com is resolvable locally, and that traffic to this destination is sent into WSS Agent tunnel.

In our case, the PAC file was changed so that requests for this domain went into WSS Agent tunnel.

 

Additional Information

The WSS Agent logs generated with Symdiag returned the following error each time we saw the "Whoami request failed" message, pointing to the issue.

krn  app-driver_win.cpp                   3564 EvalTCPPacket                           000006F0 0000047C 7  01/20/2023-13:27:04.2744954 Debug    OutboundIPPacketClassify: passing through TCP packet for 10.155.63.134
utl  http-client_us.cpp                   354  HandleResolve                           000015BC 00003B84 7  01/20/2023-13:27:04.2754742 Err      Error resolving client-id.wss.symantec.com:80 (system:11001)
wss  openvpn-comm.cpp                     816  RunMonitor                              000015BC 0000172C 4  01/20/2023-13:27:04.2755026 Info     Received client context response from cloud service, tunnelId 0
log  diagnostic-log_us.cpp                351  CreateLogItemForMessage                 000015BC 0000172C 4  01/20/2023-13:27:04.2755926 Info     DiagnosticLog(): [01-20-2023 14:27:04 (UTC+1:00)]: Whoami request failed (11001)