Event Code 2317 - Failed to send email notification is seen in the DLP Enforce Console.

This event is a Warning type event and the detail field will read. "Email notification was not sent for Incident xxxx and Policy xxxxxxxx. No recipients specified for incident notification."

From the Enforce tomcat localhost log you will see the same message. The message will look similar to the following:

10 Sep 2019 08:57:23,635- Thread: 1006 WARNING [com.vontu.enforce.domainlayer.events.system.SystemEventLogger] Failed to send incident email notification. Email notification was not sent for Incident "<incident number>" and Policy "<your policy>". No recipients specified for incident notification.

In addition from the History tab of the Incident snapshot page in the Enforce Console you will see the following message:

"No recipients specified for incident notification."

DLP 15.5 and beyond

The issue is caused when an Automated or Smart Response Rule with a "Send Email Notification" action with the "Sender (SMTP Incidents Only)" box is checked is triggered for a non-SMTP type incident.

The events can essentially be ignored because for non-SMTP incidents where an response action is defined for "SMTP incidents Only", no notification should occur.

For all SMTP incidents, email notification should be sent out as defined.

• It is recommended to add the condition "incident type" to the response rule so that this response rule is only triggered when a network incident type is being used. 
• Another option is to use data-owner/data-owner-email for notifying end users they have incidents to remediate.