Error 18530 indicates an invalid RADIUS request was sent to the RADIUS Validation Server.
ERROR "2022-04-19 13:56:47.146 GMT-0600" 0.0.0.0 MCP:1812 0 18530 "text=Error 18530 occurred at VSValidationServer.cpp:910. Description: VSValidationServer._receiveRequest() -- Invalid request received - -1" Thread-7492 VSValidationServer.cpp
VIP Enterprise Gateway
The VIP Enterprise Gateway allows a load balancer/NAS to send RADIUS health checks to the Validation Server(s) for status monitoring. These requests require a username, a password, and a shared secret string with each 'Authentication Request' using the RADIUS PAP protocol. Healthcheck or heartbeat requests from a NAS or load balancer can also use a 'Status Server' request. Invalid request types or request with invalid or missing data will fail with error 18530. Refer to your specific vendor for health check configuration instructions.
SASMonitor is the user ID reserved for use by the Enterprise Gateway for healthcheck\hearbeat requests from a load balancer\firewall\NAS. Requests with this user ID aren't written to INFO-level logs. When the log level is set to Debug, requests appear as response: Access-Reject. Message:{hostname:x.x.x.x][ DB cnxn ctx pool entries: 1, capacity: 1]
.
SASMonitor transactions minimize server load by not processing through LDAP or the VIP Cloud, thus reducing any unnecessary load on the VIP EG server.
(Connectivity to the VIP Cloud from the VIP Enterprise Gateway is monitored separately by the VIP Health Check service. If business continuity mode in the Validation Server settings is set to automatic and connectivity to the VIP Cloud is lost, the Health Check service will put the validation server in business continuity mode (details here).)
To enable or modify the SASMonitor user ID for load balance/NAS health monitoring:
Windows:
VIP 9.9.x or earlier = C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\Validation\servers\<Validation Server Name>\conf\
VIP 9.10 or later = C:\Program Files\Symantec\VIP_Enterprise_Gateway\Validation\servers\<Validation Server Name>\conf\
Linux:/opt/Symantec/VIP_Enterprise_Gateway/Validation/servers/<Validation Server Name>/conf/
# VIPEGServerSpec section:
server.monitor.enabled = true
server.monitor.username = SASMonitor (case sensitive. can be modified to use a different name.)
To perform an authentication test against the monitor user using the vsradiusclient test tool:
On Windows:
On Linux:
/opt/Symantec/VIP_Enterprise_Gateway/tools/vsradiusclient_test --server-host <IP> --server-port 1812 --secret <RADIUS shared secret> --client-ip <IP> --user-name SASMonitor --password 123456
Sample Output (seen in DEBUG mode):
** --server-host: ###.###.###.### --server-port: 1812 --client-ip: ###.###.###.###
Received Access-Reject
Attribute: 'Reply-Message' of len 71 [[hostname: VIP4-RHEL-XX-XX][DB cnxn ctx pool entries: 1, capacity: 1]]
Rejection
If text=Error 18530 occurred at VSValidationServer is still seen in the logs:
More about the VIP Enterprise Health Check for cloud connectivity:
The VIP Enterprise Gateway Health Check service monitors the EG to VIP Cloud Services connectivity. If connectivity is lost, VIP EG validation servers with business continuity set to 'automatic' will begin querying the Health Check service. This triggers the healthcheck service begin cloud connectivity tests with a username consisting of SASMonitor+<ServerHostName> or SASMonitor+<ServerFQDN>. (example, SASMonitor_Example. or SASMonitor_Example.example.com). These are not the same usernames sent by the load balancer. If connectivity is lost and the health check threshold settings are exceeded, a signal is sent to the validation server to enter business continuity mode. When connectivity is re-established, the Health Check service sends another signal to resume normal mode. (Reference documentation here: Configuring Health Check Settings )
LDAP connectivity is monitored separately, and if lost, any Validation Server pointing to that user store will auto-stop until the connection is re-established. The IDP and LDAP Services may also stop if they are being used. For your security, a lost LDAP connection will not trigger business continuity mode.
SASMonitor users used by the Health Check service are created when the source Enterprise Gateway 'Health Check' service is started and a 'SYHC' credential ID is assigned. If the user already exists, VIP Manager will show 'user already exists' error. This is expected. SASMonitor Health Check users no longer used by any VIP EG can safely be deleted from the VIP cloud.
F5 creating a UDP Monitor:
https://my.f5.com/manage/s/article/K30713256