I found an interesting reason for a “Blocked due to Server Probe Failure”:
Users is a road warrior, who uses a PAC file with dedicated proxy port
SSL Inspection is disabled
SAML authentication is used
User has no authentication cookie and the source IP from the unknown location has not yet been “whitelisted”.
If the user now tries to access an https site, the redirect to the IDP does not work and the access is blocked (error message of browser, not a Zscaler block message) with “Blocked due to Server Probe Failure” indicated in the log file.
Solution: User has to access a http site to get the IP “whitelisted” for 2h. If the user cannot Access http sites, it might be possible that the browser DNS Cache / browser history has already stored an automatic redirect from http to https. To remove this, the user has to clear the histroy of the browser.
This will make the redirect to the IDP working.