When browsing Web sites on a computer configured to use the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR) component, instead of receiving the requested Web content, a Web Security Service (WSS) roaming log on portal is displayed.
Web browsers display the following message:
Corporate Network Credentials Required
Web access from this device or location requires that you enter your credentials.
Be advised, your corporate security service opens all secure (HTTPS) Web requests for the purpose of validating your identity, enforcing WEb use policy and scanning Web content form malware.
Reason for challenge: Credentials are missing.
This problem happens when the SEP client is unable to authenticate the user with the Seamless Identification server at https://client-id.wss.symantec.com. The most common reasons for this to happen are:
The SEP client Integrations policy doesn't specify a Symantec Endpoint Suite Integration token from the WSS service
A network device between the client and the WSS ins blocking access to the Seamless Identification URL
The downstream PAC file includes logic that directs the client to send requests to the Seamless Identification URL direct instead of through the WSS
The WSS policy includes either the symantec.com domain, the Seamless Identification URL, or the IP address(es) of the Seamless Identification service in the Bypassed Sites list
All Web clients connecting to the WSS must be authenticated to ensure the client is authorized to access the service, and to apply the required policies for the customer tenant the client is associated with. If a Web client is unable to authenticate to the WSS, the service will return a roaming logon page to the Web client in effort to authenticate the client manually.