search cancel

VIP Enterprise Gateway Validation Server will not start

book

Article ID: 174747

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

The Validation Server service fails to start.

Cause

User Store connection issue

Resolution

The validation server relies on the user store(s) associated with that server in order to start. The validation service will not start if connectivity issues are detected with any user store(s) associated with that validation server. (note: always start/stop/restart VIP validation services from the EGW console. Using the Windows Services console to start/stop services bypasses the EGW connectivity pre-checks and could put the service in an unstable state)

 - Run the VIP diagnostic tool on the VIP EGW.

- Test each connection within the User Store using the Test User Name feature to verify the search criteria, bind user permissions, SSL connectivity, etc. 

- In the User Stores page, in the User Stores table, click the name of the User Store to modify the details associated with it. In the Edit User Stores page, do the following:

  • Under the Connections tab, check the connection to the User Store. If necessary, edit the connection associated with the User Store.
    • Domain Controller host - Ensure the name or IP address in the 'Host' section is accurate and that the VIP EGW server can reach it on the network (ping, nslookup, etc...)
      • Note: If the user store uses SSL to secure the connection between VIP Enterprise Gateway and the User Store database, check the validity of the SSL certificate. This can be tested by temporarily disabling SSL for the user store and setting the port to non-SSL (typically 389). 
    • Bind User - Verify the user location (AD Distinguished Name) is still accurate (i.e., User object has not been moved or deleted) and that the password has not been changed or expired. Ideally you want this user to be a service account set to have the "password never expires"
    • Test User - This user account must still be present in Active Directory and meet all of the requirements outlined in the User Filter. If this user is no longer valid, then the initial test will fail and the Radius will not be able to validate the LDAP connection.
  • Under the Search Criteria tab, check the user search criteria configured for the User Store. 
  • Under the User Settings tab, check the optional attributes that help administrators search and identify users in VIP Manager. Users can also be mapped to VIP User Groups that are available in the VIP Service.
  • Under the Password Management tab, check the settings that will help users reset the expired Active Directory password 

Attachments