Symantec VIP Enterprise Gateway Validation Server services will not start
search cancel

Symantec VIP Enterprise Gateway Validation Server services will not start


Article ID: 157670


Updated On:


VIP Service


The VIP EG Validation Server service will not start. What can cause the start to fail?


VIP Enterprise Gateway


  • The Validation Server User Store is unable to connect.
  • The Validation Server log file size is >4GB and the application is no longer able to read/write to that file. 



  • Check the validation server log file size. If it is > 4GB, stop the Validation Service from the EG console, then move the log file to another location where it can be deleted at a later time. Do not simply rename the file and leave it in the same folder as the auto-delete process will not clean up the file during log rotation. To reduce the file size, set the logging level to INFO, save the settings, then restart the Validation Server.

  • The validation server will automatically stop if one or more of the User Store(s) connections used by the Validation Server are unable to connect. It will restart after connectivity is re-established. 
    • Run the VIP diagnostic tool on the VIP EGW. The results will indicate if a User Store cannot connect. 
    • Test connectivity from each User Store using the Test User Name button. Edit the connection, verify the search criteria, confirm bind user permissions, SSL connectivity, etc. are set correctly.
      Click TEST to confirm: 


      • In the User Store, click the name of the User Store. 
      • Under the Connections tab, click Edit next to the Connection Name. Repeat these steps for each connection, if necessary. 
        • Ensure the server hostname or IP address in the 'Host' section is accurate and that the VIP EGW server can reach it on the network (ping, nslookup, etc...).
        • If SSL is enabled, check the validity of the SSL certificate. Import the SSL root and intermediate CA into the CA Certificate settings under the Settings tab. You can also try temporarily disabling SSL for the user store and setting the port to non-SSL (typically 389). 
        • Bind User - Verify the user location (AD Distinguished Name) is still accurate (i.e., User object has not been moved or deleted) and that the password has not been changed or expired. Ideally, you want this user to be a service account set to have the "password never expires"
        • Test User - This user account must still be present in Active Directory and meet all of the requirements outlined in the User Filter. If this user is no longer valid, then the initial test will fail and the Radius will not be able to validate the LDAP connection.
      • Under the Search Criteria tab, check the user search criteria configured for the User Store. 
      • Under the User Settings tab, check the optional attributes that help administrators search and identify users in VIP Manager. Users can also be mapped to VIP User Groups that are available in the VIP Service.
      • Under the Password Management tab, check the settings that will help users reset the expired Active Directory password