The EDM policies were not working until the DLP REST API virtual appliance server was restarted. 

The EDMs shows as OK in the detection server view in the Enforce console. 

Release : 15.8

1. Incorrect permissions applied to the DLP service user that is used for the Monitor Controller service has full control permissions to the index folder and all of its sub-files can be a cause of such issues. 

2. EDM indexes can fail to replicate because the EDM profiles are not populated with source data. In this instance you would see the following in the Enforce server's MonitorController0.log: 

14-Jun-2023 17:40:42 com.vontu.monitor.controller.replicatorcommlayer.applications.connection.GatewayConnector initiateConnect
INFO: Creating a new connection for ConnectionIdentifierId [hostName=xxxxxxxxxxx, port=8110]
14-Jun-2023 17:40:42 com.symantec.dlp.communications.applicationcommunicatorlayer.ApplicationCommunicatorActivityNotifiableImpl onCreateHandshaker
INFO: Creating handshaker for dataconnection C-57
14-Jun-2023 17:40:44 com.symantec.dlp.services.csgconnection.ConnectionStateManager onConnected
INFO: Connection to ConnectionIdentifierId [hostName=xxxxxxxxxxx, port=8110] is established.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5574 not found.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5575 not found.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5576 not found.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5577 not found.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5574 not found.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5575 not found.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5576 not found.
14-Jun-2023 17:40:44 com.symantec.dlp.services.policy.task.PolicyPublisherTask addItemsToShippingPackage
WARNING: Content for object type CommandInstructionObjReference with id 5577 not found.
14-Jun-2023 17:40:44 com.vontu.logging.LocalLogWriter write
SEVERE: Replication failed. Replication of database profile "COM_Forms" version 1 to server   failed.
Please re index the profile.
Check the detection server controller log for more details.
14-Jun-2023 17:40:44 com.symantec.dlp.services.profile.ProfileDataObjectProvider handleFileNotFoundException
SEVERE: Unable to get input stream for data id DataSource.1.304.1.rdx.2. Reason: D:\SymantecDLP_15_8\EnforceServer\15.8.00000\..\..\ServerPlatformCommon\15.8.00000\index\DataSource.1.304.1.rdx.2 (The system cannot find the file specified). Please reindex the profile.
14-Jun-2023 17:40:44 com.vontu.logging.LocalLogWriter write
SEVERE: Replication failed. Replication of document profile "DisclosureForms" version 1 to server   failed.
Please re index the profile.

Even if these particular indexes are not used by the appliance they will still cause the replication to fail for all indexes because all the indexes are sent to the appliance even if they are not used in the appliance policies. 

Even if all indexes are replicated to on-premise standard DLP detection servers, we can still encounter problems on the appliance since it works differently. The objects, i.e. indexes, policies, settings, etc. are encapsulated in a package and once deposited on the appliance it can send back an acknowledgment of receipt however if the enforce can't package the objects together to post it to the appliance and aborts the whole thing, therefore it can't replicate the indexes and fails. Whereas with the standard detection server it can send the index files individually and we can even manually copy the files to the index folder without issue. On the appliance the indexes are only delivered in a one time send http replication.

On the Enforce server, anything under the DLP folder, the DLP service MUST have rights to it. Currently it appears that you have the DLP services running with a domain user account that doesn't have the permissions to it's own folders which is not a supported configuration. You have to at the very least mirror the local DLP service account to domain account to unofficially allow permissions.

1. Correct the permissions for the DLP service user used by the Monitor Controller service ensuring it has full control permissions to the index folder and all of its sub-files. 

2. Clean up the EDM profiles in your Enforce console, remove all EDM profiles without source data or those which do not have a valid index created. 

3. Restart the appliance.