The validation server won't start if an assigned User Store used by that Validation Server cannot connect to LDAP. (note: Start, stop, and restart VIP services from the EGW console whenever possible)
Note: If the host server is Linux, see Using a crontab to automatically restart VIP Enterprise Gateway services on Linux
- Run the VIP diagnostic tool on the VIP EGW. The results will indicate if a User Store cannot connect to LDAP.
- Review the Validation Server settings to determine the User Store(s) assigned to the Validation Server:
- Select the User Store tab, then click Edit next to the User Store Name.
- Under the Connections tab, click Edit next to the Connection Name
- Click the Test button:
- If the connection is successful, repeat the same steps for each connection within each User Store.
- If the connection fails, confirm the settings are correct:
- Host and Port
- If SSL is enabled, the LDAP certificate issuing root and intermediate CA certs must be imported into the CA Certificate settings under the Settings tab. If your network supports it, try temporarily disabling SSL and setting the port to 389.
- Bind User location (AD Distinguished Name) is accurate (i.e., User object has not been moved or deleted), and the password has not been changed or expired. Using a service account with the password set to "password never expires" can avoid password expiration issues.
- Test User must be a valid user object that successfully satisfies the filters on the Search Criteria tab. If invalid, initial tests will fail and may prevent the service from starting.
- Click the search Criteria tab and confirm these settings are correct. For additional help with the User Store Filter and connection configurations, refer to this KB article: https://knowledge.broadcom.com/external/article?articleId=163791
- (if applicable) Under the User Settings tab, confirm the settings for VIP User Attributes and VIP User Group Mapping. These are optional fields for populating additional attributes to users in VIP Manager, and for mapping users to VIP User Groups in VIP Manager.
- (if applicable) Under the Password Management tab, check the settings that will help users reset the expired Active Directory password