Support
      Back to home
      1. SecureDynamics Knowledge Base
      2. Support

      πŸ”§ How to Troubleshoot Zscaler Client Connector (ZCC) Logs

      Audience: IT support staff and engineers Purpose: Help you quickly locate and resolve application or connectivity issues using ZCC logs and basic diagnostic tools.

      🧰 Step 1: Orientation Before You Dive In

      Before jumping into logs:

      • Make sure support staff understands PAC files (used for web traffic routing) and how they work with ZCC.

      • Know the basics of Z-Tunnel 1.0 vs 2.0, even if you don’t manage tunnels directly.

      • Understand that PCAPs (packet captures) can be aligned with ZCC logs by timestamp β€” even without deep packet inspection skills.

      πŸ“‚ Step 2: Open and Search ZCC Logs Like a Pro

      Unzip the logs and open the most recent ZSATunnel.log file.

      Use a good text reader β€” Notepad++ is great, but for even easier navigation, try cmtrace.exe (from Microsoft Endpoint Configuration Manager). It’s a lightweight, high-speed log viewer that highlights errors automatically.

      πŸ” Search for keywords:

      • Exception

      • Fail

      • Error

      • Down

      • Crashed

      • Invalid

      • Compromised

      • Detected

      ➑️ Pro Tip: Look 5–10 lines above and below any match β€” the cause often sits nearby.

      🌐 ZIA-Specific Log Checks

      When troubleshooting Zscaler Internet Access (ZIA):

      • Search for FindProxyForURL to see how URLs are routed.

      • Check PAC Parse Host and PAC Parse Action for logic issues in the PAC file.

      πŸ”’ ZPA-Specific Log Checks

      When working with Zscaler Private Access (ZPA) logs, these terms are gold:

      Keyword Why it Matters
      QRY=SRV(33) DNS lookups for Active Directory β€” check against PCAP for match
      mtunnel Core ZPA tunnel status
      NXDOMAIN DNS failure (non-existent domain)
      ERR Connection to ZPN Tunnel routing failure
      100.64.0.6 Sign of firewall or AV interference with SYN packets
      Connection Reset by Peer Session closed by remote system
      ZPA Session Status Codes Always worth reviewing for policy or network mismatches

      πŸ–₯️ Ronnie Meekers, a longtime Zscaler partner, recommends:

      Run netstat -an 1 | find /I "SYN" on Windows or similar commands on macOS to find apps using hardcoded IPs. These often bypass ZPA, especially in legacy VPN environments.

      🧠 Helpful Community Tips

      πŸ“š Original Article: Learning How to Troubleshoot ZCC – Zscaler Community

      πŸ“€ Sharing Logs with Support

      1. Open ZCC > click the gear icon.

      2. Select β€œAbout” > β€œCollect Logs.”

      3. Save the ZIP file and email it to your SecureDynamics engineer or support contact.

      We are Zscaler Delivery Services Authorized, providing the best deployment experience possible.
      Thanks for choosing SecureDynamics, Zscaler's most trusted and comprehensive partner.