App connector child not starting

Memli · February 23, 2022, 6:09pm

Hi all,

I am new in Zscaler and trying to deploy my first connectors on ESXi VM. I am able to see the provision_key under the /opt/zscaler/var, but zpa connector child is not starting. Please see the errors below

I would greatly appreciate if someone could give me some hints to solve this:

Loaded: loaded (/usr/lib/systemd/system/zpa-connector.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-02-23 14:08:52 UTC; 45min ago
Main PID: 1905 (zpa-connector)
CGroup: /system.slice/zpa-connector.service
└─1905 /opt/zscaler/bin/zpa-connector

Feb 23 14:39:32 zpa-connector zpa-connector[1905]: zscaler-update: TCP connection timed out to zpa-updates.prod.zpath.net: 165.225.197.252:443
Feb 23 14:39:32 zpa-connector zpa-connector[1905]: zscaler-update: Could not connect to dist.private.zscaler.com via zpa-updates.prod.zpath.ne

Jamie_Brown · February 24, 2022, 8:10am

I’ve seen that a few times before and just starting again from scratch seems to fix it. From my (hazy) memory you can also stop the connector, delete all the files from the directory apart from the binary and then start it again. Hope that helps.

sjaffrey · February 28, 2022, 6:41am

Hello,

Since TCP connection is timing out, I would also recommend to make sure firewall rules are configured to allow the IPs required to connect to the ZPA cloud.
https://config.zscaler.com/private.zscaler.com/zpa

Regards,
Shujaat

Memli · March 5, 2022, 7:12am

Thank you very much for the hints! FW whitelist rules helps the App connectors to establish the connection with the ZPA Cloud.