- VIP Enterprise Gateway

- Epic Hyperdrive

VIP Integration Guides for Epic can be found here.

Common Installation Issues

• Installation via msiexec is not recommended.
• When trying to install the VIP Epic Hyperdrive plugin, attempts to click the browse button to select the configuration file will not work. No window appears to browse for the 'EpicConfig.txt' file and installation will not proceed.

  1. Verify that the installation is being done by a user with Windows administrative privileges.

  2. Ensure that the correct version of Visual C++ is installed on the machine as indicated in the prerequisites section of the integration guide. Note: Newer or older versions of Visual C++ will not work.

• Logs are not being generated after installation.

  1. The VIP plugin must have permissions to write to C:\Program Files (x86)\Symantec\EPIC\Logs. This is not automatically set by Windows.

  2. Grant Write permissions on the Logs folder for Administrator or Users groups. Any users logging into the machine who will be using Hyperdrive must have write permissions to this location.

• For other permissions related issues please verify that the installation folder permissions are set as follows (i.e. for Administrator or Users groups):
  
  
  • The C:\Program Files (x86)\Symantec\EPIC folder must have Read, Read & Execute, and List Folder Contents permissions.
  • All DLL files (including SymcEncryptionWrapper.dll) under C:\Program Files (x86)\Symantec\EPIC must have Read and Read & Execute permissions.

Common Certificate Related Issues

• Enable viewing file name extensions and hidden items to confirm actual .P12 and .PEM file extensions. (for example, cert.p12 isn't actually cert.p12.p12,  or cert.pem isn't actually cert.pem.cer). 
  
• Use alphanumeric characters in the cert name. (for example, my.domain.com.p12  → mydomainp12.p12).  
• The SAML issuer URL is a unique identifier for that Epic server instance (your Epic engineer can assist in determining this value).
• The plain text password for the .P12 cert and the RADIUS shared secret cannot contain the following characters prior to using the camouflage.exe tool: " $ =
• It is normal for the camouflaged password to contains non-alphanumeric characters, such as  $ or =. 
• The public key only is required when extracting the .PEM file from the .p12.
  • OpenSSLCommand to extract public certificate from p12:
    

    openssl pkcs12 -in certificate.p12 -out certificate-pub.pem -clcerts -nokeys

    Use any text editor to open the certificate-pub.pem and remove "Bag Attributes" information (example: remove all lines above ----BEGIN CERTIFICATE----)

  • Optional: DigiCert Cert Utility can be used to extract the PEM without the private key.

• The VIP Plugin for Epic will continue to function if the .PEM SAML signing cert expires. Renewing or replacing it is not required regardless of the following error in the log:

   8/26/2025 12:53:33 PM : Radius authentication process started for user : BROADCOM
  
   8/26/2025 12:53:33 PM : ValidateUserPush: Client.OperationResult.Challenge and _state:xxxxxxxxx3539
  
   8/26/2025 12:53:33 PM : Radius authentication process started for user : BROADCOM
  
   8/26/2025 12:53:39 PM : Authenticate: Client.OperationResult.Accept and REPORT_VALIDATION_RESULT.VR_NONE
  
   8/26/2025 12:53:39 PM : Radius authentication process ended for user : BROADCOM
  
   8/26/2025 12:53:39 PM : User BROADCOM authentication successful
  
   8/26/2025 12:53:39 PM : SAML Signing Certificate has expired
  
   8/26/2025 12:53:40 PM : saml assertion is signed successfully

• The VIP Certificate on the VIP Enterprise Gateway must be replaced before it expires (more information here)
• If .P12 path errors are encountered in the Hyperdrive cloud logs, copy the .P12 file to VIP Plugin installation folder as the VIP plugin, then change the path value in the registry to point to the new path. Restart the Epic service.