How to turn on service status via command line


If somebody turn off the Zscaler service status manually, how to turn on via command line?
I know how to forbid user do it by set a password. I wonder how to enable it via command line once user turn it off. Thanks.

Hi @huang_clack ,

If you go to below path in registry,

You will find below key:
ZPA_State = For Private Access’s service
ZWS_State = For Internet Security’s service

and, below are key Value:
OFF = User intentionally off the service
NONE_FORWARDING = User in trusted network, and service auto configure to turn off in Trusted Network
TUNNEL_FORWARDING = Service is working fine
SERVER_AUTH_ERROR = Service stuck at authentication (MFA, account selection, etc)

But, from my own testing and experience, changing the registry value key doesn’t bring up the Zscaler service.

Short answer - Through Registry you cannot start ZPA/ZIA service.

Hi @huang_clack ,

So deleting the device from the mobile portal doesnt help either ?
Sounds like a strong argument for to enable ‘STRICTENFORCEMENT’ during next ZCC upgrade.

Hi G-Man8,

Yes. It works. Thanks for your help. Force remove device from Zscaler portal and ask user to re-authenticated again, its status will move to enable. It should be better if can do via command line.

Glad it helped !
Command line has it’s challenges too because it increases the attack vector on ZCC but I do understand your request. With ZCC >= 3.7 you can now see the service status/health of ZIA, ZPA & ZDX.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.