Validation requests fail with:

ERROR "2024-07-15 16:32:01.170 GMT0000" 10.2.3.4 Netscaler:1812 0 0 "text=VSValidationPacketizerProcess() -- Can't get Message-Authenticator attribute" Thread-10024 VSValidationPacketizer.cpp
ERROR "2024-07-15 16:32:01.170 GMT0000" 10.2.3.4 Netscaler:1812 0 0 "text=VSValidationServer._sendResponse()  -- Message-Authenticator attribute is either missing or invalid. Discarding the request." Thread-10024 VSValidationServer.cpp

When the Enterprise Gateway Validation Server setting for Radius Packet Security Mode: is set to Compliant, it expects incoming RADIUS requests to contain the message-authenticator attribute in the packet (Message-Authenticator attribute is used to sign/validate the integrity of the packet). If missing, the Validation Server discards the packet and the transaction silently fails. 

Switching to Compatible mode will allow the Validation Server to process request if the message-authenticator attribute is missing. 

Note: When the Radius Packet Security Mode is in compliant mode then it is expected that your RADIUS clients should have the capability to send the Message-Authenticator attribute as part of the radius request. Consult with your application vendor to determine if this is possible.