After a server reboot it was found that the DLP services will not start.

When attempting to evaluate the issue it was found that no logs have been written since the last known time when DLP was operating normally.

However if the DLP service user is added to the local administrator group all services begin to work normally, and logging commences as normal.

Windows

Upon checking permissions of the local folders in Windows it was found that the DLP service user was no longer there, instead there was a GUID

As it turns out someone had deleted the DLP Service user, and then attempted to recreate it.

This will break the local permissions not allowing the DLP service user access to write to its own directories.

After recreating the DLP service user and resetting the passwords in Windows/Services it is imperative that you grant the service user access rights to the directories in which it needs to work.

The default directories where the DLP service user should have full control are:

Install Drive:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<version>
Install Drive:\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\<version>
Install Drive:\Program Files\Symantec\DataLossPrevention\ContentExtractionService

If using external storage you may also need to give access to that path as well.

Giving access at a higher level will also suffice. Aka:

Install Drive:\ProgramData\Symantec\DataLossPrevention
Install Drive:\Program Files\Symantec\DataLossPrevention