Policy update failes intermittently

Hello folks,

all of our user experience intermittently policy updates since some days. When manually refreshing policy via button in ZCC we got the following error:

image

Sometimes it works instantly, sometime we need 3-10 retries. After repeated pressing “refresh policy” it eventually works. We use ZCC V3.5.0.108.

Any ideas? Hints? ZPA/ZIA are running fine, we even tried forcefully remove one client and competely reauth ZCC, which worked without issues.

Thanks and BR
Manuel

We have been facing this issue too, noticed it in versions prior to 3.5.108 also

Hi Manuel,
Have you tried to connect the same laptop to another network and update the policy? Normally this error indicates a network issue to communicate with our backend servers.
Try to ping -t for mobile.[cloudname].net, login.[cloudname].net and see if there is any timeout

Hey Jamil,

thanks, but it happens for all of our users. Different clients, different locations (mostly homeoffices).
IMHO seems to be a issue caused by something != network connection.

BR
Manuel

Yes, see same error in different networks. GRE tunnel, Tunnel 2, Off/On trusted networks. Ping to both mobile.[cloudname].net, login.[cloudname].net is good, no timeouts

Also tried the mentioned pings without any issues.

Have you tested another Client Connector versions? You might need to report the issue to the support team to investigate it further and take it to the engineering if needed.

No, did not test any other client yet. I would like to avoid downgrading issues…
At least I found some hints in ZSATray-Logs:

Working:

2021-09-08 14:17:36.170903(+0200)[3752:11904] INF UI: Main Form, Update Policy Label Clicked
2021-09-08 14:17:36.174903(+0200)[3752:11312] INF Keep alive req rpc sent
2021-09-08 14:17:37.746631(+0200)[3752:19796] INF RPC notification code: ZSATRAYMANAGER_INSTALL_FIREFOX_CERT
2021-09-08 14:17:37.760631(+0200)[3752:18812] INF Installing certificates for FireFox
[...]
2021-09-08 14:17:38.367632(+0200)[3752:15556] INF Pulling tray policy.
2021-09-08 14:17:39.262699(+0200)[3752:4412] INF RPC notification code: ZSATRAYMANAGER_SEND_KEEPALIVE_RESPONSE
2021-09-08 14:17:39.262699(+0200)[3752:11312] INF sendKeepAliveResponse: {"error":0,"errorMessage":"","logFetchTs":0,"loginName":"USERNAME","success":true}

Not Working:

2021-09-08 14:18:54.910859(+0200)[3752:11904] INF UI: Main Form, Update Policy Label Clicked
2021-09-08 14:18:54.914855(+0200)[3752:19796] INF Keep alive req rpc sent
2021-09-08 14:18:55.306341(+0200)[3752:10492] INF RPC notification code: ZSATRAYMANAGER_SEND_KEEPALIVE_RESPONSE
2021-09-08 14:18:55.306341(+0200)[3752:18812] INF sendKeepAliveResponse: {"error":0,"errorMessage":"","logFetchTs":0,"loginName":"USERNAME","success":false}
2021-09-08 14:18:55.307071(+0200)[3752:18812] INF Keep Alive failed: {"error":0,"errorMessage":"","logFetchTs":0,"loginName":"USERNAME","success":false}

Everytime when ZCC pulls Firefox Certs for some reason (?) it works. Looks like an application issue to me.

BR
Manuel

Ticket opened, ID 03023186.

BR
Manuel

JFYI: confirmed as a known bug (ticket MO-4412). Affects zscloud and one other Zscaler cloud. Support stated it is now a P1 Prio and fix should arrive soon.

BR
Manuel

1 Like