search cancel

The Symantec Enterprise Gateway LDAP Directory Synchronization Service will not start on a windows server.

book

Article ID: 173955

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

The Windows Services console shows two identical services for VIP LdapSync. Both show as 'starting' but the service never starts. The service appears to be in a hung state. 

Resolution

(This issue was addressed in VIP Enterprise Gateway 9.10. If unable to upgrade, verify minimum hardware requirements for VIP Enterprise Gateway 9.9.x is 8Gb RAM and 40Gb disk space. 16Gb or more RAM recommend when LDAP synchronization is enabled.) This issue can often be resolved with a server reboot. If that fails to resolve the issue, follow these steps:

  • Disable memory sharing if the server is a VM (see here).
  • In Windows Services, set all Symantec LDAP services to startup type DISABLED, then reboot the server. 
  • Open an administrator command prompt and navigate to <VIPEG_installPath>\VIP_Enterprise_Gateway\LdapSync\bin
  • Remove the existing VIP LDAP services by typing:

    ldapremoveservice.exe -all
    (note: 3 different LDAP services will be removed. If the service does not exist, an error is normal. You should see at least 1 success in the results.)

  • Navigate to <VIPEG_installPath>\VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf
  • Remove the existing LDAP sync settings by deleting all files and folders. Do not delete the actual conf folder. 
  • Reboot the server.
  • Confirm that no Symantec LDAP services are seen in Windows Services. 
  • Launch the VIP EG console. Click User Store > LDAP Directory Synchronization, then set LDAP Directory Synchronization to Yes. Do not start the service at this time. 
  • Click the Run Simulation button and allow an LDAP Sync Simulation to complete, indicated by Sync Done...End in details window:
  • Windows Services will show Symantec Ldap Sync Service running while the sync simulation is in process. 
  • Click the Stop Simulation button, and click Continue to confirm. The Symantec Ldap Sync Service will disappear from the Windows Services console. 
  • Turn the LDAP Directory Synchronization to ON.
  • Windows Services will show Symantec Ldap DirSync Service as running and the startup type as Automatic.  (note: this is the service responsible for actual LDAP synchronizations):

Important: Always stop and start VIP Enterprise Gateway LDAP services from the VIP console. Forcing LDAP services to start from Windows Services will bypass pre-start checks put in place to ensure the service starts in a stable state. 

Attachments