# Usage guide: Zscaler troubleshooting

## Introduction

This library pack will help you monitor, manage, and enhance the Zscaler experience across your landscape to ensure employees can access all their Zscaler functionalities and connect effectively without frustration. This page will guide you through the structure of the content and how it can be used.

Please keep in mind this is a guide and represents just some of the potential insight and actions you can take. There are many use cases and specific troubleshooting scenarios that you might uncover in your environment.

Ensure you library pack is properly configured by following the steps highlighted in its configuration guide:

{% content-ref url="/pages/9X8cMQRyITvWFsXVfb8G" %}
[Configuration guide: Zscaler troubleshooting](/platform/library-packs/network-and-connectivity/zscaler-troubleshooting/configuration-guide-zscaler-troubleshooting.md)
{% endcontent-ref %}

## Pack structure

**Visibility**

The **"Zscaler troubleshooting"** [live dashboard](https://docs.nexthink.com/platform/user-guide/live-dashboards) acts as the starting point of this library pack. It provides visibility into your Zscaler landscape to easily monitor and uncover any issues and/or areas of improvement.

Additional visibility into the overall health and reliability of the web and desktop client can be accessed from your [Applications](https://docs.nexthink.com/platform/user-guide/applications) module using the **Zscaler and Zscaler network** applications.

**Advanced troubleshooting and remediation**

For more in-depth investigations, you can rely on the results of specific data-gathering remote actions.

**Get Zscaler status:** The remote action reports the statuses listed below.

* Running - This output shows whether Zscaler is currently running or not on the endpoint
* ZNW\_state - Zscaler Client Connector network state of device (indicates that the device is connected to a trusted network or an untrusted network)
* ZPA\_state - Zscaler Private Access connection state of device (Indicates that the device is either connected or not connected to ZPA)
* ZWS\_state - Zscaler Workload Segmentation state of the workload protection service (Indicates that the ZWS service is either active or inactive).

{% hint style="info" %}
This data-gathering remote action is used to populate the live dashboard and should already be [scheduled](https://docs.nexthink.com/platform/user-guide/remote-actions/managing-remote-actions). You can query the results by [investigating KPIs from the Live dashboard](https://docs.nexthink.com/platform/latest/using-live-dashboards) or from [your own investigations](https://docs.nexthink.com/platform/latest/investigations).
{% endhint %}

The “Devices with Zscaler Not Running” KPI widget on the “Zscaler Troubleshooting” dashboard reports devices where the Zscaler service is not running. If the Zscaler service is detected as not running, execute the “Start Zscaler” remote action:

* **Start Zscaler:** Creates a scheduled task on the target system to start the Zscaler main service (ZSAService) in a given time provided by the input parameter TaskSchedulerTimeDelay (60 to 3600 seconds).

The "Start Zscaler - Notification" campaign is used with its RA to notify users of the that Zscaler is starting and that they may need to re-authenticate.

## Use cases

**Identify areas of improvement**

In the dashboard's Overview tab, you can access a helicopter view of where you might have problematic areas. Based on this information, you can navigate to the respective tab to troubleshoot in more detail.

The filters above the dashboard can help you focus your visibility on a specific area, device or platform type. The time picker can also be used to look at your data on more granular or longer-term time scale.

<figure><img src="/files/uhvYt5W5ewlcpSbY4Zc1" alt=""><figcaption></figcaption></figure>

**Troubleshoot Zscaler connectivity issues**

The dashboard's connectivity tab identifies potential connectivity issues. This information can be used to inform support teams and to assist in making appropriate decisions, such as upgrading Zscaler older versions before analyzing any other root causes of poor connectivity.

Trend information is displayed on a line chart to help track improvements over time to see if any taken actions have been effective.

The **Zscaler network application** is designed to analyze connectivity health and traffic. It allows for detailed examination of individual destination domains and ports to assess performance. In this example, the domain **zscloud.net** and port **443** are selected as the destination, which handles the majority of Zscaler tunneled data. Monitoring the connectivity health of this segment of the network is particularly important.

<figure><img src="/files/4MX6Ln8QlEtfJPLpTHJK" alt=""><figcaption><p>Zscaler network application</p></figcaption></figure>

<figure><img src="/files/SyovPMPXGKM1BuwHJWtT" alt=""><figcaption><p>Zscaler network view</p></figcaption></figure>

**Ensure a stable Zscaler landscape**

The dashboard stability tab provides widgets to inform you about the various errors your Zscaler Client Connector is facing within your landscape. An overview of some of the more common errors is provided, but a general view of Zscaler Private Access (ZPA) and Zscaler Internet Access (ZIA) is provided at the top for quick viewing. For more information about Zscaler Client Connector errors, consult the official documentation [here](https://help.zscaler.com/z-app/zscaler-app-registry-keys).

The **Zscaler desktop application** offers valuable insights into the stability of the system. It reports on crashes and the health of Zscaler binaries, providing detailed information that can be further analyzed. This data can be leveraged for in-depth investigations using e.g. [binary profiling](https://docs.nexthink.com/platform/user-guide/alerts-and-diagnostics/getting-started-with-diagnostics/binary-profiling) product feature.\\

<figure><img src="/files/vg9d8U2jCkTazFiRH5lB" alt=""><figcaption><p>Zscaler desktop application</p></figcaption></figure>

**Manage compliance**

We suggest updating Zscaler to the latest version available whenever possible to reduce vulnerability to security issues or exposure to bugs.

The Compliance tab of the dashboard provides information regarding various versions of the ZSA Service running within your landscape and its distribution across regions and operating systems. One of the essential widgets on this tab is the “*Devices with unsupported Zscaler versions”* KPI. This KPI returns the number of devices whose ZSA Service version is below currently supported version. It is imperative that the “*Devices with unsupported Zscaler versions*“ KPI be updated to filter for newly unsupported versions. You can find out more about supported versions [here](https://help.zscaler.com/eos-eol/supported-versions).

***

RELATED TOPICS

* [Manage Dashboards](https://docs.nexthink.com/platform/user-guide/live-dashboards)
* [Manage Campaigns](https://docs.nexthink.com/platform/user-guide/campaigns/managing-campaigns)
* [Manage Remote Actions](https://docs.nexthink.com/platform/user-guide/remote-actions/getting-started-with-remote-actions)
* [Manage Applications](https://docs.nexthink.com/platform/user-guide/applications)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nexthink.com/platform/library-packs/network-and-connectivity/zscaler-troubleshooting/usage-guide-zscaler-troubleshooting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.