Parameters being passed to a custom script, as defined by Plugins.properties, are presenting the above error in the IncidentPersister log. The error indicates that the incident attributes include a non-permitted character, as indicated by TECH219114.
This can occur if multiple lookup chains are in place. Verify the list of parameters associated with the lookup plug-ins, which are defined in the properties associated with the plugins in the Enforce management console.
The base list of defaults includes: attachment, incident, message, policy, recipient, sender, server, status; but each of these properties contains larger sub-sets of attributes which can be individually selected. Determine which attributes are essential for lookups, and delimit those that are causing the script to err.
For instance, the "sender" parameter includes a subset with the following attributes:
If the "endpoint-user-name" is returning a disallowed character (such as "WinNT://domain/username"), then one can instead set the following parameters specifically:
More information is also available in the chapter on "Implementing lookup plug-ins" in the DLP Admin Guide.