The validation server won't start if an assigned User Store used by that Validation Server cannot connect to LDAP. (note: Start, stop, and restart VIP services from the EGW console whenever possible)

Note: If the host server is Linux, see Using a crontab to automatically restart VIP Enterprise Gateway services on Linux

To test:

• Run the VIP diagnostic tool on the VIP EGW. The results will indicate if a User Store cannot connect to the LDAP database it is pointing to. 
• Review the Validation Server settings to determine the User Store(s) assigned to the Validation Server:
  
  
• Select the User Store tab, then click Edit next to the User Store Name. 
  

• Under the Connections tab, click Edit next to the Connection Name
  
• Click the Test button:
  
  (note: This test is performed using a Java applet. When the service is started, the actual LDAP connection occurs at the operating system level via native Windows or Linux LDAP APIs.)
  
  • If the test is successful, repeat the same steps for each connection within each User Store.
  • If the test fails, confirm the settings are correct:
    • Host and Port
    • If SSL is enabled, the LDAP certificate issuing root and intermediate CA certs must be imported into the CA Certificate settings under the Settings tab. If your network supports it, try temporarily disabling SSL and setting the port to 389. 
    • Bind User location (AD Distinguished Name) is accurate (i.e., User object has not been moved or deleted), and the password has not been changed or expired. Using a service account with the password set to "password never expires" can avoid password expiration issues.
    • Test User must be a valid user object that successfully satisfies the filters on the Search Criteria tab. If invalid, initial tests will fail and may prevent the service from starting. 
    • Click the search Criteria tab and confirm these settings are correct. For additional help with the User Store Filter and connection configurations, refer to this KB article:  https://knowledge.broadcom.com/external/article?articleId=163791 
    • (if applicable) Under the User Settings tab, check the VIP User Attributes and VIP User Group Mapping settings. If enabled, confirm the settings are correct. (These are optional fields for adding additional attributes to users in VIP Manager and for adding users to VIP User Groups in VIP Manager.
    • (if applicable) Under the Password Management tab, check the settings that will help users reset the expired Active Directory password 
  • If the test is successful but the validation server still does not start, the issue is most likely at the host operating system level:
    • Add the LDAPS server certificate's root and intermediate CA certs to the VIP EG host machine (reboot required). 
    • Change the Validation Server logging level to DEBUG. Attempt to start the service.
    • Locate and resolve the reason code for the LDAP connection failure in the log. (See also: LDAP Wiki -- This 3rd-party link is provided for reference only)
    • Use a packet capture tool such as Wireshark to analyze the root cause of the connection failure.