Symantec VIP Enterprise Gateway Validation Server services will not start
search cancel

Symantec VIP Enterprise Gateway Validation Server services will not start

book

Article ID: 157670

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

The VIP EG Validation Server service will not start. What can cause the start to fail?

Environment

VIP Enterprise Gateway

Cause

  • The Validation Server User Store is unable to connect.
  • The Validation Server log file size is >4GB and the application is no longer able to read/write to that file. 

 

Resolution

  • Check the validation server log file size. If it is > 4GB, stop the Validation Service from the EG console, then move the log file to another location where it can be deleted at a later time. Do not simply rename the file and leave it in the same folder as the auto-delete process will not clean up the file during log rotation. To reduce the file size, set the logging level to INFO, save the settings, then restart the Validation Server.

  • The Validation Server will not start if one or more of the User Store(s) connections used by the Validation Server cannot connect.
  • The Validation Server will automatically stop if the connection to all specified user stores cannot connect. 
  • The Validation Server will not automatically stop if some User Store connection cannot connect as long as at least one can connect. However, the Validation Server will not restart until all specified User Stores can connect, such as after a reboot during server updates or patching. 
  • Determine which User Store cannot connect to LDAP: 
    • Run the VIP diagnostic tool on the VIP EGW. The results will indicate if a User Store cannot connect. Check the vipdiagnostics.log for details.  
    • Use the Test User Name button.
      • In the User Store, click the name of the User Store. 
      • Under the Connections tab, click Edit next to the Connection Name. Enter a valid Test User Name and click the TEST button. Repeat these steps for each User Store and connection.
      • If the test fails:
        • Ensure the server hostname or IP address in the 'Host' section is accurate and that the VIP EGW server can reach it on the network (ping, nslookup, etc...).
        • If SSL is enabled, check the validity of the SSL certificate. Import the SSL root and intermediate CA into the CA Certificate settings under the Settings tab. You can also try temporarily disabling SSL for the user store and setting the port to non-SSL (typically 389). 
        • Bind User - Verify the user location (AD Distinguished Name) is still accurate (i.e., User object has not been moved or deleted) and that the password has not been changed or expired. Ideally, you want this user to be a service account set to have the "password never expires"
        • Test User - This user account must still be present in Active Directory and meet all of the requirements outlined in the User Filter. If this user is no longer valid, then the initial test will fail and the Radius will not be able to validate the LDAP connection.
      • Under the Search Criteria tab, check the user search criteria configured for the User Store. 
      • Under the User Settings tab, check the optional attributes that help administrators search and identify users in VIP Manager. Users can also be mapped to VIP User Groups that are available in the VIP Service.
      • Under the Password Management tab, check the settings that will help users reset the expired Active Directory password