Symantec VIP Enterprise Gateway Validation Server will not start
search cancel

Symantec VIP Enterprise Gateway Validation Server will not start

book

Article ID: 174747

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

The Validation Server service fails to start.

Environment

VIP Enterprise Gateway

Cause

User Store connection issue

Resolution

The validation server won't start if an assigned User Store used by that Validation Server cannot connect to LDAP. (note: Start/stop/restart VIP services from the EGW console)

To test:

  • Run the VIP diagnostic tool on the VIP EGW. The results will indicate if a User Store cannot connect to LDAP. 
  • Determine the User Store(s) assigned to the Validation Server:

  • Click the User Store tab, then test connectivity from each User Store using the Test User Name feature by clicking Edit next to the connection. Verify the search criteria, bind username permissions, SSL connectivity, etc. are correct, then click TEST
  • Select the User Store tab, then click Edit next to the User Store Name. 
  • Under the Connections tab, click Edit next to the Connection Name

  • Confirm all fields are correct:
    • Host and Port
    • If SSL is enabled, the issuing root and intermediate CA certs from the LDAP SSL cert are imported into the CA Certificate settings under the Settings tab. You can try temporarily disabling SSL as a test if your network supports non-SSL LDAP traffic (typically port 389). 
    • Bind User location (AD Distinguished Name) is accurate (i.e., User object has not been moved or deleted), and the password has not been changed or expired. Using a service account with the password set to "password never expires" can avoid password expiration issues.
    • Test User must be a valid user object that successfully satisfies the filters on the Search Criteria tab. If invalid, initial tests will fail and may prevent the service from starting. 
  • Click the Test button:
  • If the connection is successful, repeat for each connection within each User Store. 
  • If the connection fails, click the fields on the Search Criteria tab and click Test (this will use the username set in the connection settings). For additional help with the User Store Filter and connection configurations, please refer to this KB article:  https://knowledge.broadcom.com/external/article?articleId=163791 
  • (if applicable) Under the User Settings tab, confirm correct settings for VIP User Attributes and VIP User Group Mapping. These are optional fields for populating additional attributes to users in VIP Manager, and for mapping user to VIP User Groups in VIP Manager.
  • (if applicable) Under the Password Management tab, check the settings that will help users reset the expired Active Directory password 

Attachments

Powered by Wolken Software