Troubleshooting NSS
Main commands
You can use the following commands within the virtual machine (VM) console for your platform in order to configure and troubleshoot NSS. By default, root login is not permitted, so admins must use the sudo
utility to run a command with higher privileges.
Start the service | sudo nss start |
Stop the service | sudo nss stop |
Restart the service | sudo nss restart |
Shut down the operating system | |
Change the network configuration for the service | |
Configure additional interfaces | |
Configure an explicit proxy | |
If you configured additional interfaces using the | |
To remove the network settings that were configured using the | |
To display the configuration file that was changed using the | |
To install NSS certificates from a specified certificate bundle file | |
To check if a new NSS version is available | |
To manually update NSS to the latest version | |
To force NSS to update, regardless of whether a new version is available | |
To check the firewall configuration | This command does active firewall configuration probing by attempting to resolve the DNS names and establishing outbound connections to the Zscaler cloud. This command won't reset the management IP interface, so you can run it on an SSH connection. |
To view troubleshooting help command information | |
To show the active connections on the service IP address | The output is similar to that of the Netstat utility. |
To show the connections and their status | This command will probe the connection status over a period of time and indicate whether the connections are stable or flapping. |
To show the status of the NSS feeds | |
To generate diagnostic information to send to Zscaler Support | |
To reset the network configuration | |
To change the SNMP admin user configuration | |
To change the SNMP trap configuration | |
To automatically start NSS after reboot | |
To disable the automatic start of NSS after reboot |
Enabling remote access
An admin can request remote assistance and allow Zscaler Support to log in to their NSS server without having to open a firewall connection for inbound traffic. This feature is disabled by default and must be enabled explicitly for the duration that remote support assistance is required.
To enable Zscaler Support to access your NSS server | |
To disable Zscaler Support access to your NSS server | |
To check the status of the Zscaler Support access to your NSS server | |
To enable a remote debugging session | |
To disable a remote debugging session |
Error codes
Following are error codes that you might encounter when executing an sudo nss update-now
 command: