Zscaler stuck signing into wrong account

My situation is that I’m working as a consultant for a client who use Zscaler. I do have an account created at that client, and have previously been able to log in and use Zscaler without problems.

What I do is

1. Open zscaler and enter my credentials i have from the Client
2. Press next
3. I get an error saying ‘Sorry, but we’re having trouble signing you in’.
   From the message it looks as if it is trying to log in my not with the email i used in step 1 but with my own company account, which I’m logged into Windows with.

What to do? Any ideas?

Hi Tobias,

Welcome to the community forum!

Could you tell us more about the authentication? is this happening within the Zscaler Client Connector (Z-APP)?

Regards,

Michiel

Yes it’s happening within the Zscaler client connector app.

On the first screen i enter the mail of the account i have with the client and press Login.

I then get the error described in step 3 where it seems like it tries to login with another account than the one i entered on the previous screen.

Hi Tobias,

It sounds a little bit like your ZCC was deployed with with the installation option called “USERDOMAIN” This fixes the domain to which a user authenticates and helps normally with Integrated Windows Authentication to get a seamless logon to ZCC.

My first guess would be to reinstall the ZCC manually as these deployment options are part of the installation itself.

If you link me your current ZCC version I can share you a link to download the ZCC.

Regards,

Michiel

OK sounds promising.

I did install it recently and don’t recall setting anything up regarding the domain. But i can give it a shot. What would the right setting me for me in my case?

My current version is 3.1.0.96

Hi Tobias,

Did you at that time install it manually yourself? or did you get an .MSI from your employer?

Please make sure to uninstall the current release first before installing it again.
https://d32a6ru7mhaq0c.cloudfront.net/Zscaler-windows-3.1.0.96-installer.exe

Regards,

Michiel

It was an .exe file.

I just uninstalled and installed the file you linked to. During the installatation i was not promted foranything regarding domain. And when starting it up i arrived at the same startup screen asking for username or email.

I enter and get back to the same problem i had originally. See screenshot below for that error.

The yellow hidden part is my employer account (logged in through Windows) and the black part is the client I’m trying to work for.

Imgur: The magic of the Internet

Client connector is calling APIs to your OS default browser. If that browser and your IdP have been configured for SSO/IWA it may be trying to sign in as the account you’ve logged into the workstation. It’s also very possible that the browser has cached authentication information with your Azure AD. For example, you may have logged into an Azure AD Authenticated application with user@server.company.com and then selected (or defaulted to) remember this and keep me signed in. Thus, if those cached details are still valid, Azure AD is trying to do that again. That account does not have the ZIA or ZPA applications assigned to it. Try clearing the cookies/etc in your Internet Explorer if that’s the case.

So i cleared all caches files in Microsoft Edge (default browser) as well as Google Chrome.

Result was the same in Zscaler unfortunately

Please try Internet Explorer. unfortunately some things even in windows 10 still reside in there. If that doesn’t resolve your issue, then you should do two things. 1) Open a support ticket so we can allocate the best TAC Engineers for you, and 2) submit the Client Connector logs to the ticket (which can be retrieved from your ZCC App under MORE and Export Logs). Note that the export to ZIP may take a few minutes depending on how many logs and captures are in there.

Cleared the data in Edge, Chrome, Firefox and IE but still the same result unfortunately.

In order to create a support ticket and extract the logs i would have to be able to get to this page right?

Troubleshooting | Zscaler

Problem is, that is not possible for me. When i open the app it starts here. And when i enter my credentials there, that’s when my error starts

Any other ways to report?

You can also extract the logs by right clicking the Zscaler icon in the system tray and selecting export logs.

You may want to loop in your client and ask them to open the ticket with zscaler for you. While I can send you details on opening a ticket directly, there will be details needed about the zscaler tenant which you won’t have.

Okay I’ll try. Thank you for your help.

The image does as Mike mentioned suggest your Windows credentials get submitted to the AAD portal. Likely this is due to IWA being enabled. You could try to disable it in the internet explorer IWA setting and see if it still happens.

image406×517 85.1 KB

Please note a reboot is needed to take effect.

If this does the trick you can enable it again. ZIA (unlike ZPA) by default only does Auth once

Regards,

Michiel

Tobias,

If you’re using multiple Azure AD accounts in your daily work, then try to connect your Client-provided username to your Windows 10 as a Work/School entry here:

Start | Settings | Accounts | Access work or school | + Connect.

Above may trigger that you will be asked which Azure AD account you wish to use.

/Jesper

Hi Jesper

Thanks for the tip. I have done this some time ago. It solved it for some time, but not it consistently never works.

Thanks for the suggestion. I tried it but unfortunately without luck.

I’ve asked the client if they can help me report a problem and send them the log files.