Users accessing internet via Cloud SWG using WSS Agent hosts successfully.
Users authenticate to Cloud SWG service via SAML Identity Provider.
Users report seeing hundreds of "Whoami request failed" messages within the Agent logs.
Message appears cosmetic as no users seem to be impacted negatively.
PAC files pushed to WSS Agent users to send traffic into ep.threatpulse.net:80.
WSS Agent.
SAML Based authentication.
WSS Agent hosts cannot communicate with client-id.wss.symantec.com.
Make sure that client-id.wss.symantec.com is resolvable locally, and that traffic to this destination is sent into WSS Agent tunnel.
In our case, the PAC file was changed so that requests for this domain went into WSS Agent tunnel.
The WSS Agent logs generated with Symdiag returned the following error each time we saw the "Whoami request failed" message, pointing to the issue.
krn app-driver_win.cpp 3564 EvalTCPPacket 000006F0 0000047C 7 01/20/2023-13:27:04.2744954 Debug OutboundIPPacketClassify: passing through TCP packet for 10.155.63.134
utl http-client_us.cpp 354 HandleResolve 000015BC 00003B84 7 01/20/2023-13:27:04.2754742 Err Error resolving client-id.wss.symantec.com:80 (system:11001)
wss openvpn-comm.cpp 816 RunMonitor 000015BC 0000172C 4 01/20/2023-13:27:04.2755026 Info Received client context response from cloud service, tunnelId 0
log diagnostic-log_us.cpp 351 CreateLogItemForMessage 000015BC 0000172C 4 01/20/2023-13:27:04.2755926 Info DiagnosticLog(): [01-20-2023 14:27:04 (UTC+1:00)]: Whoami request failed (11001)