top of page
© Copyright not allowed
Search
Writer's pictureTechclick co_in
Sep 10, 20222 min read

App Connector upgrade failures

App Connector upgrade failuresApp Connector upgrade failures


if App connector upgrade fail, may be below reasonif App connector upgrade fail, may be below reason


  • 1-Upgrade is in a failed state for more than 24 hours.

  •  2- The image can not download since there is no disk space left.

  • 3- Image can not download due to inconsistent connection between the App

  •  Connector and co2br (App Connector to Public Service Edge endpoint).

  • 4- The Provisioning Key was deleted in the ZPA Admin Portal.



1- Upgrade is in a failed state for more than 24 hrs - we can collect below logs and check


Collect the outputs for the following:

  • sudo cat /opt/zscaler/var/version

  • sudo ls -lrta /opt/zscaler/var/version

  • sudo cat /opt/zscaler/var/updater.version

  • sudo /opt/zscaler/var/image.bin -version

  • sudo ls -lrta /opt/zscaler/var/image



2- 

The image can not download since there is no disk space left - 

Check the disk space for the following directories:

  • sudo df -h /

  • sudo du -h /

  • sudo du -a/| -n -r | head -n

  • Delete any extra directories, except /opt/zscaler, to free up space. Once disk space is available, the image will download to opt/zscaler/var/image.bin

    • 3- 

    Image can not download due to inconsistent connection between the App

     Connector and co2br

                 Verify the App Connector has a stable connection to ZPA Public Service Edge

    journalctl -n1000 | grep zscaler-update

    4- 

    The Provisioning Key was deleted in the ZPA Admin Portal. 


    1. Go to the App Connector page and identify the App Connector’s group.

    2. Go to the Provisioning key page and find the App Connector group. If the group is not listed in the App Connector group column, the key is no longer in the ZPA Admin Portal.

    3. Delete the App Connector and re-enroll it, which will allow you to create a new provisioning key for the App Connector


    if none of 

    above reasons are causing the upgrade failures

    use below steps - 

    -->>Restart the App Connector (stop and start)

    -->> we can check zscaler public service edge dns

    $ dig +short co2br.prod.zpath.net 13.60.119.37 42.68.244.163
    $

    -->> Check if the App Connector can start a TLS connection using the openss1 command. You should receive a certificate subject string returned from the Public Service Edges


    If you receive a certificate subject, proceed to the next step.

    If you do not receive a subject string, there is likely an error with TLS communication

    $ openssl s_client -servername mockcompany.com.server1.net -connect 13.60.119.37:443 2>&1 | grep subject subject=/C=US/ST=California/L=San Jose/O=Zscaler/OU=Emerging Technologies/CN=broker1a.sjc8.prod.zpath.net
    Note- all screenshot of this blog taken by Zscaler Inc
    0 views0 comments

    Recent Posts

    See All

    checkpoint cheatsheet

    Firewalls Commands fw lslogs  display remote machine log-file list fw logswitch  rotate current log file fw lichosts  display protected...

    0 comments

    What is Security Zones.

    What is Security Zones : Security zones refer to network security architecture that divides a network into different security segments or...

    0 comments

    Support us

    Hi Guys,  If this website is helpful for you, please support us to continued our work. UPI -  ram.dixit@ybl

    0 comments
    bottom of page