Error 1758 When attempting to enable incident externalization
search cancel

Error 1758 When attempting to enable incident externalization

book

Article ID: 173583

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

After modifying the Protect.properties in Symantec Data Loss Prevention (DLP) Enforce by enabling the incident externalization and setting the externalization directory, the Enforce server reports the following error after restarting the services.

Error code 1758 Incident attachment external storage directory is not accessible.

Note: Incidents will also have YSOD and RSOD while viewing them.

File: Enforce\logs\debug\IncidentPersister_0.log
Level: SEVERE
Thread: 156
Source: com.vontu.util.filesystem.DirectoryPermissionsDeterminer.verifyDirectoryPermissions
Message: Directory setting is invalid.
File: Enforce\logs\debug\IncidentPersister_0.log
Level: SEVERE
Thread: 156
Source: com.vontu.incidenthandler.message.persist.IncidentPersistingThread.run
Message: Throwable while persisting incident. 
java.lang.NullPointerException

Cause

The value used for the com.symantec.dlp.incident.blob.externalization.dir setting in the SymantecDLP\Protect\config\Protect.properties file may contain back slashes.

For example:

com.symantec.dlp.incident.blob.externalization.dir = E:\DLPstorage

Resolution

Convert the backslashes to forward slashes.

For example, change:

com.symantec.dlp.incident.blob.externalization.dir = E:\DLPstorage

to:

com.symantec.dlp.incident.blob.externalization.dir = E:/DLPstorage

For example, if the destination's remote path is \\<server>\<share>\<directory>, try the following settings:

//<server>/<share>/<directory>

or

<server>/<share>/<directory>

If the fully qualified name does not work then try converting it to an IP address.

Note: The "SymantecDLP" user needs access to the remote location. See About the incident attachment external storage directory

.

Workaround for Remote Storage

In some cases, a backslash may be unavoidable, for example when accessing a DFS share. In this case, you can use a symbolic link instead of specifying the network path.

In Windows, use the following command:

mklink /D E:\DLP_Attachments \\<server>\<share>\<directory>

Then in the Protect.properties specify:

com.symantec.dlp.incident.blob.externalization.dir = E:/DLP_Attachments

For more information, see About the incident attachment external storage directory

.