Client Connector does not authenticate with Windows public network setting Enabled

Client Connector does not authenticate with the Windows public network configuration Enabled, however, with the private network configuration the authentication is performed completely, what are the possible solutions?

Davi - What does “not authenticate” mean? Is there an error message? Is it a Windows, browser, or ZCC error message? ZIA auth from ZCC occurs prior to the ZPA configuration, so I would assume you at least have some response from your IdP for the login to progress to ZPA and complete it.

Once you’ve confirmed what is meant by “does not authenticate…”, I would start troubleshooting with the apps in your IdP. There is a separate app enabled in your IdP configuration for ZIA. Make sure you have both ZIA and ZPA added to the IdP. Secondly, I would check SSO URL used with your ZIA authentication configuration to make sure it can be accessed on its own and if so, check the SSL cert you uploaded to auth config as well.

Hope this helps and reply if you get a little further or need to clarify what the actual error is or if you’re seeing an error at all.


Hi Davi,

Agree with Mark but have you also followed these firewall exceptions?

  • ZSATunnel.exe: Inbound
  • ZSATunnel.exe: Outbound
  • ZSATray.exe: Outbound
  • ZSATrayManager.exe: Outbound
  • ZSAUpdater: Outbound
  • ZSAService.exe: Outbound
  • Zscalerappupdater.exe: Outbound

But kindly share more details as requested by Mark