Greetings All,

I’ve had a persistent issue for several months with Netskope on macOS that I wanted to throw out here to see if anyone else had come across something similar. Intermittently devices with the Netskope client installed will lose all connectivity to the internet. In the logs I see usually around 50,000 of these messages in a span of just a few seconds

`critical nsDNSProcessor.cpp:149 dnsProcessor Failed to get DNS resolver values`

Usually as this happens all active connections are killed, like ongoing zoom calls, even though those aren’t being steered to Netskope.

Before this I see the DTLS tunnel close down with this flow

npadebuglog.log

```

>info] npaClientHandler.cpp:748:npaClientHandlerStop():0x0 Will shutdown NPA handler and dispatch thread, tunnelId = 7f8b47.
rinfo] tcpclient.cpp:530:shutdown():0x1086a1160 Shutdown socket fd 45
rinfo] npaClientHandler.cpp:755:operator()():0x0 The client handler is stopping and shutting down, userId = 502.
rinfo] tcpclient.cpp:199:handleClose():0x1086a1160 Closing socket m_fd 45 fd 45
rerror] neClientTransportHander.cpp:190:operator()():0x12f45f000 Connection to GW gateway.npa.goskope.com (163.116.132.96) is terminated or failed with len = 0 or isErr = 1.
rinfo] dispatcherBase.cpp:392:stopDispatcherAsync():0x108273870 Set the flag to stop the dispatcher loop.
rinfo] npaClientHandler.cpp:1097:clearConfig():0x0 The NPA policy was unregistered, total = 0, tunnelId = 7f8b47.
rinfo] npaClientHandler.cpp:581:npaStopHandler():0x0 Handler (0x12f45f000, ret:2) is stopped and freed, userId = 502, loopRetryCnt = 0, isShutdown = 1.
rinfo] proxyClientChannel.cpp:36:~ClientChannelBase():0x12f45f3e8 Cleaning up ClientChannelBase
rinfo] L3ClientChannel.cpp:68:destroy():0x12f45f060 Cleaning up l3clientChannel
rinfo] dispatcherBase.cpp:153:~DispatcherBase():0x108273870 The DispatcherBase 0x108273870 is info] npaClientHandler.cpp:626:dispatcherThreadProc():0x0 ======== Exiting dispatcher thread: userId = 502, tunnelId = 7f8b47 ========

```

nsdebuglog.log

```

error nsssl.cpp:972 nsssl DTLS SSL_write failed, err: 0, syserr: 49
error tunnel.cpp:1042 nsTunnel DTLS nsssl_write failed, err: -1
info nsssl.cpp:555 nsssl nsssl_disconnect enter
info nsssl.cpp:1020 nsssl DTLS SSL shutdown
info nsssl.cpp:1044 nsssl DTLS Exit SSL shutdown
info nsssl.cpp:1531 nsssl DTLS Closing sock 12
error nsssl.cpp:2003 nsssl select failed, err: 9
info nsssl.cpp:1794 nsssl set close all connections
info nsssl.cpp:1800 nsssl Closing All connections. 1
info tunnel.cpp:373 nsTunnel DTLS received nsssl_closed, tunnel destroyed
info nsssl.cpp:580 nsssl DTLS Cleanup SSL
error nsssl.cpp:570 nsssl DTLS send failed on sock_pair 1
info nsssl.cpp:573 nsssl nsssl_disconnect exit

```

It’s odd because 14-seconds previous it looks like the tunnel is healthy

```

info tunnel.cpp:502 nsTunnel DTLS sessId 502] Sending PING frame

info tunnel.cpp:605 nsTunnel DTLS sessId 502] Received PING_REPLY frame

```

I think this is caused by something with the nsAuxService as I see this before

`nsAuxiSvc.log`

```

critical nsAuxServiceDelegate.mm:124 nsAuxSvc App Proxy Connection invalidated/closed the connection

error flushDns.cpp:31 nsutilsFlushDNS Flush DNS cache command killall -HUP mDNSResponder error code 0

```

It looks like something is maybe kill the connection to that service or the system extension? I’ve got Crowdstrike running on these machines but I’ve extensively reviewed the exclusions and there are no detections. 

So at the end of it, it looks like Netskope is possibly being killed which leaves my systems in a state recoverable sometimes only with a reboot. Has anyone seen anything like this or done troubleshot anything similar?