I am a networking guy with no real experience with ZScaler. Recently a client wanted me to look at a issue she was having at her home. The home has Aruba access points and a $3k Mikrotik router.
The issue she has is that zscaler disconnects and then reconnects every 10 mins and 5 secs. Its very brief lasting about 6 seconds. There are times when this laptop will suddenly stop having the issue and this can be fine for hours. The same laptop when taken to her buis works perfectly. Every other aspect of every device on the network works flawlessly.
I have tried everything I can think of to mitigate the issue. Watching her wifi connection its exceptionally clean with steady strong continuous connection. No roaming. Aruba is showing a perfect connection. I tried a different home style wifi router and wifi and the issue persisted. So the issue is not the wifi or the router. AT least it does not seem that it is.
I started running multiping at 1sec intervals and saw a very interesting issue. SOMETHING is running every 10 mins and 5 secs that seems to be causing some kind of havoc.
The below chart shows multiping aimed at the zscale running laptop, shows 1.1.1.1 to show the internet connection and pass thru router and has the bottom chart to a HP printer on the same wifi and access point.
So my question is, what is happening every 10 mins and 5 secs on this clients zscale laptop ? That would help me isolate the issue.
Also on googling I see a lot of similar complaints over a period of years but none of them had a resolution. Some people dont have any issue at all, some have this issue badly to a point its unusable and it varies with some by time of day coming and going…
I have isolated the issue and done a work-a-round…
Its DHCP renwal. Both routers I tried had a 10 min rewnal. These were static HDCP assignments. All machines on static rewnal that ran ZScale had huge latency doing the renewal. This resulted in the loss of the assignment and then after it dropped it then got it again rather then doing proper renewal.
On 3 machines that were doing this, moving the renewal out to 1 day solved the issue.
I also experimented and could change the behavior listed above to any interval I wanted by setting HDCP renewal intervals.
I would count this as a bug in Zscape ? Maybe its limited to static DHCP assignment only ?
Its easy to replicate, simply set a DHCP renewal for a short period like 5 mins.
I will continue to monitor the issue.
I have not done PCAP as that is just annoying to sift thru. So I dont now know exactly what is going wrong, or wierd, during short static DHCP renewals.
Before and after at a clients home… Just changed DHCP lease time…
Normally Windows manages DHCP, but in this case somehow ZScaler is affecting DHCP lease renawal behavior. Laptops with Zscaler seem to take over the process and do not renew leases before they expire and then scramble to reconnect causing a 5 sec loss of connection.
This seems to be a very basic bug to me. Or maybe its a “feature” ?
Just set DHCP lease time to a really large value in homes. You most likely will not run out of IPs. So I would set it to 7 days or maybe even 14d…
I admit, I have not come across a device that did not properly do DHCP lease renewal.
We have a similar issue I think, we’re noticing drops on Zscaler, and as we’ve worked backwards from client to core network, I’ve realised changing DHCP renewal from 2 hours to longer affects the disconnection time. At first we thought it was wireless access points dropping
I’ve realised I can’t renew a lease on my device. We are using ZIA and ZPA enforced on trust LAN, 2x AD servers in failover (load balance) Changed at weekend and users are reporting no issues as within office hours, but at 8 hours will no doubt see a disconnection
My lease runs out in 62 minutes and I’m expecting to see L3/IP go down as it drops and rebroadcasts for an address
Aye it was that, generally ok for corp leases of 2 days as users csme back in
But network in question had lease of 2 hours
Realised we couldnt renew, looked at standard profile, added 255.255.255.255 and all good now in office and users at home
Also, found that internal error on zpa at boot seems to disappear with ZCC 4.1.0.82 vs 4.0.0.80, and client doesnt seem to suffer as many dropouts either, if that is of interest to anyone
