After modifying the Protect.properties in Symantec Data Loss Prevention (DLP) Enforce by enabling the incident externalization and setting the externalization directory, the Enforce server reports the following error after restarting the services.
Error code 1758 Incident attachment external storage directory is not accessible.
Note: Incidents will also have YSOD and RSOD while viewing them.
File: Enforce\logs\debug\IncidentPersister_0.log
Level: SEVERE
Thread: 156
Source: com.vontu.util.filesystem.DirectoryPermissionsDeterminer.verifyDirectoryPermissions
Message: Directory setting is invalid.
File: Enforce\logs\debug\IncidentPersister_0.log
Level: SEVERE
Thread: 156
Source: com.vontu.incidenthandler.message.persist.IncidentPersistingThread.run
Message: Throwable while persisting incident.
java.lang.NullPointerException
The value used for the com.symantec.dlp.incident.blob.externalization.dir setting in the SymantecDLP\Protect\config\Protect.properties file may contain back slashes.
For example:
com.symantec.dlp.incident.blob.externalization.dir = E:\DLPstorage
Convert the backslashes to forward slashes.
For example, change:
com.symantec.dlp.incident.blob.externalization.dir = E:\DLPstorage
to:
com.symantec.dlp.incident.blob.externalization.dir = E:/DLPstorage
For example, if the destination's remote path is \\<server>\<share>\<directory>
, try the following settings:
//<server>/<share>/<directory>
or
<server>/<share>/<directory>
If the fully qualified name does not work then try converting it to an IP address.
Note: The "SymantecDLP" user needs access to the remote location. See About the incident attachment external storage directory
.
In some cases, a backslash may be unavoidable, for example when accessing a DFS share. In this case, you can use a symbolic link instead of specifying the network path.
In Windows, use the following command:
mklink /D E:\DLP_Attachments \\<server>\<share>\<directory>
Then in the Protect.properties specify:
com.symantec.dlp.incident.blob.externalization.dir = E:/DLP_Attachments
For more information, see About the incident attachment external storage directory
.