The validation server will stop and cannot be restarted if one or more of the User Store(s) used by that Validation Server is not connecting to LDAP. Test each User Store connection the Validation Server is using. (note: Always start/stop/restart VIP services from the EGW console and not the VIP Services Console):

Run the VIP diagnostic tool on the VIP EGW. The results will indicate if a User Store cannot connect. 

To test connectivity from each User Store using the Test User Name feature, Edit the connection, verify the search criteria, bind user permissions, SSL connectivity, etc. are set correctly. Click TEST to confirm. 

DETAILS:

• In the User Store, click the name of the User Store. 
• Under the Connections tab, click Edit next to the Connection Name. Repeat these steps for each connection, if necessary. 
  • Ensure the server hostname or IP address in the 'Host' section is accurate and that the VIP EGW server can reach it on the network (ping, nslookup, etc...).
  • If SSL is enabled, check the validity of the SSL certificate. Import the SSL root and intermediate CA into the CA Certificate settings under the Settings tab. You can also try temporarily disabling SSL for the user store and setting the port to non-SSL (typically 389). 
  • Bind User - Verify the user location (AD Distinguished Name) is still accurate (i.e., User object has not been moved or deleted) and that the password has not been changed or expired. Ideally you want this user to be a service account set to have the "password never expires"
  • Test User - This user account must still be present in Active Directory and meet all of the requirements outlined in the User Filter. If this user is no longer valid, then the initial test will fail and the Radius will not be able to validate the LDAP connection.
• Under the Search Criteria tab, check the user search criteria configured for the User Store. 
  • • For additional help with the User Store Filter and connection configurations, please refer to this KB article:  https://knowledge.broadcom.com/external/article?articleId=163791
• Under the User Settings tab, check the optional attributes that help administrators search and identify users in VIP Manager. Users can also be mapped to VIP User Groups that are available in the VIP Service.
• Under the Password Management tab, check the settings that will help users reset the expired Active Directory password