Symantec VIP Enterprise Gateway Load Balancer health check configuration, error 18530
search cancel

Symantec VIP Enterprise Gateway Load Balancer health check configuration, error 18530


Article ID: 176615


Updated On:


VIP Service


Error 18530 indicates an invalid RADIUS request was sent to the RADIUS Validation Server. 

ERROR "2022-04-19 13:56:47.146 GMT-0600" MCP:1812 0 18530 "text=Error 18530 occurred at VSValidationServer.cpp:910. Description: VSValidationServer._receiveRequest() -- Invalid request received - -1" Thread-7492 VSValidationServer.cpp


VIP Enterprise Gateway


The VIP Enterprise Gateway allows a load balancer/NAS to send RADIUS health checks to the Validation Server(s) for status monitoring.  These requests require a username, a password, and a shared secret string with each 'Authentication Request' using the RADIUS PAP protocol. Healthcheck or heartbeat requests from a NAS or load balancer can also use a 'Status Server' request. Invalid request types or request with invalid or missing data will fail with error 18530. Refer to your specific vendor for health check configuration instructions. 

SASMonitor is the user ID reserved for use by the Enterprise Gateway for healthcheck\hearbeat requests from a load balancer\firewall\NAS. Requests with this user ID aren't written to INFO-level logs. When the log level is set to Debug, requests appear as response: Access-Reject. Message:{hostname:x.x.x.x][ DB cnxn ctx pool entries: 1, capacity: 1].

SASMonitor transactions minimize server load by not processing through LDAP or the VIP Cloud, thus reducing any unnecessary load on the VIP EG server.

(Connectivity to the VIP Cloud from the VIP Enterprise Gateway is monitored separately by the VIP Health Check service. If business continuity mode in the Validation Server settings is set to automatic and connectivity to the VIP Cloud is lost, the Health Check service will put the validation server in business continuity mode (details here).)

To enable or modify the SASMonitor user ID for load balance/NAS health monitoring:

  1. Backup the radserv.conf file located in the following directory:


  • VIP 9.9.x or earlier = C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\Validation\servers\<Validation Server Name>\conf\
  • VIP 9.10 or later = C:\Program Files\Symantec\VIP_Enterprise_Gateway\Validation\servers\<Validation Server Name>\conf\


/opt/Symantec/VIP_Enterprise_Gateway/Validation/servers/<Validation Server Name>/conf/

  1. Edit the following lines in radserv.conf

 # VIPEGServerSpec section:
server.monitor.enabled = true
server.monitor.username = SASMonitor (case sensitive. can be modified to use a different name.)

  1. Restart the validation server.

To perform an authentication test against the monitor user using the vsradiusclient test tool

On Windows:

  • VIP 9.9.x or earlier = C:\Program Files (x86)\Symantec\VIP_Enterprise_Gateway\tools\vsradiusclient_test.exe --server-host <IP> --server-port 1812 --secret <RADIUS shared secret> --client-ip <IP> --user-name SASMonitor --password 123456
  • VIP 9.10 or later = C:\Program Files\Symantec\VIP_Enterprise_Gateway\tools\vsradiusclient_test.exe --server-host <IP> --server-port 1812 --secret <RADIUS shared secret> --client-ip <IP> --user-name SASMonitor --password 123456

On Linux:

/opt/Symantec/VIP_Enterprise_Gateway/tools/vsradiusclient_test --server-host <IP> --server-port 1812 --secret <RADIUS shared secret> --client-ip <IP> --user-name SASMonitor --password 123456

Sample Output (seen in DEBUG mode):

** --server-host: ###.###.###.### --server-port: 1812 --client-ip: ###.###.###.###
Received Access-Reject
Attribute: 'Reply-Message' of len 71 [[hostname: VIP4-RHEL-XX-XX][DB cnxn ctx pool entries: 1, capacity: 1]]

If text=Error 18530 occurred at VSValidationServer is still seen in the logs:

  • Confirm the username in the radserv.conf file matches the RADIUS healthcheck from your load balancer\firewall matches. 
  • RADIUS PAP protocol must be used (TCP and MS-CHAP is not supported). 
  • The IP address of the source is exposed in the logs -- check that server for additional data.
  • Enable verbose logging in the VIP EG Validation Server settings by setting the log level to DEBUG level and restarting the service.
  • VSRadiusClient_test tool can be used to test validation server functionality.

More about the VIP Enterprise Health Check for cloud connectivity:

The VIP Enterprise Gateway Health Check service monitors the EG to VIP Cloud Services connectivity. If connectivity is lost, VIP EG validation servers with business continuity set to 'automatic' will begin querying the Health Check service. This triggers the healthcheck service begin cloud connectivity tests with a username consisting of SASMonitor+<ServerHostName> or SASMonitor+<ServerFQDN>. (example, SASMonitor_Example. or These are not the same usernames sent by the load balancer. If connectivity is lost and the health check threshold settings are exceeded, a signal is sent to the validation server to enter business continuity mode. When connectivity is re-established, the Health Check service sends another signal to resume normal mode. (Reference documentation here: Configuring Health Check Settings )

LDAP connectivity is monitored separately, and if lost, any Validation Server pointing to that user store will auto-stop until the connection is re-established. The IDP and LDAP Services may also stop if they are being used. For your security, a lost LDAP connection will not trigger business continuity mode.

SASMonitor users used by the Health Check service are created when the source Enterprise Gateway 'Health Check' service is started and a 'SYHC' credential ID is assigned. If the user already exists, VIP Manager will show 'user already exists' error. This is expected. SASMonitor Health Check users no longer used by any VIP EG can safely be deleted from the VIP cloud.

Additional Information

F5 creating a UDP Monitor: