search cancel

The Symantec Enterprise Gateway LDAP Directory Synchronization Service will not start on a windows server.


Article ID: 173955


Updated On:


VIP Enterprise Gateway


The Windows Services console shows two identical services for VIP LdapSync. Both show as 'starting' but the service never starts. The service appears to be in a hung state. 


(Minimum hardware requirements for VIP Enterprise Gateway 9.9.x is 8Gb RAM and 40Gb disk space. 16Gb or more RAM recommend when LDAP synchronization is enabled.)

  • Disable memory sharing if the server is a VM (see here).
  • In Windows Services, set all Symantec LDAP services to startup type DISABLED, then reboot the server. 
  • Open an administrator command prompt and navigate to <VIPEG_installPath>\VIP_Enterprise_Gateway\LdapSync\bin
  • Remove the existing VIP LDAP services by typing:

    ldapremoveservice.exe -all
    (note: 3 different LDAP services will be removed. If the service does not exist, an error is normal. You should see at least 1 success in the results.)

  • Navigate to <VIPEG_installPath>\VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf
  • Remove the existing LDAP sync settings by deleting all files and folders. Do not delete the actual conf folder. 
  • Reboot the server.
  • Confirm that no Symantec LDAP services are seen in Windows Services. 
  • Launch the VIP EG console. Click User Store > LDAP Directory Synchronization, then set LDAP Directory Synchronization to Yes. Do not start the service at this time. 
  • Click the Run Simulation button and allow an LDAP Sync Simulation to complete, indicated by Sync Done...End in details window:
  • Windows Services will show Symantec Ldap Sync Service running while the sync simulation is in process. 
  • Click the Stop Simulation button, and click Continue to confirm. The Symantec Ldap Sync Service will disappear from the Windows Services console. 
  • Turn the LDAP Directory Synchronization to ON.
  • Windows Services will show Symantec Ldap DirSync Service as running and the startup type as Automatic.  (note: this is the service responsible for actual LDAP synchronizations):

Important: Always stop and start VIP Enterprise Gateway LDAP services from the VIP console. Forcing LDAP services to start from Windows Services will bypass pre-start checks put in place to ensure the service starts in a stable state.