Where can I find the Orion.log file. On the epo server?
c:\Program Files\McAfee\ePolicy Orchestrator\Server\Logs
Thanks for your help. Need your help for this also. The audit log is getting flooded with following entry " The user was not authorized to access the requested URL /SoftwareMgmt/navButton.do." Why is it happening? Is there any solution for this?
I was able to copy the file manuall into the evidence location. There is no issue with credentials.
1. Please check in the orion.log file for the copy error. Please try the DLP 11.0 P6 build once as some defects were fixed in latest releases.
2. For the audit error messages:
There was past issue where an unwanted messages was reported in ePOs audit.log:
ePolicy Orchestrator audit log contains excessive "Notify Agent" messages
Technical Articles ID: KB88281
What you see sounds simulare, but the button portion of the messages is unexpected here.
Also refer: https://kc.mcafee.com/corporate/index?page=content&id=KB71458
Thank you for your extensive help. I will try checking the orion log. Currently i do not have access to epo server logs. I will gain access and let you know with the detailed error logs. And also thank you for the help with the audit log issue. Will try updating the DLP 11.0 P6 build also. Will let you know with further steps. Please be in touch. Your help will be needed.
I checked the orion log file. I am getting below logs:
dc.DataChannelAgentMessageListener - com.mcafee.keyserver.exception.KeyserverException: Key re-use not permitted: server setting disabled
service.DataChannelMessageServiceInternal - Error in notifying listeners of message Type EEADMIN_1000_KSGetMachineKeyQry
action.RegisterDocumentsActions - Could not copy files to \\Server IP\folder\regDocs
jcifs.smb.SmbException: Failed to connect: 0.0.0.0<00>/Server IP
jcifs.util.transport.TransportException
java.net.SocketException: Connection reset
What should I do?
The error related to EEADMIN is for McAfee Drive Encryption Product.
The error mentioned related to copy is from DLP. Based on the error mentioned in the log file, its very clear that user does not have permission to perform the copy.
Please perform the below options and check if the issue is resolved.
1. The ePO computer account needs access to the evidence share.
2. Add the user to ”everyone” group to the UNC folder, then the issue would get resolved.
Thanks for your support. If you could help me with the below requirement also; it would be much appreciated.
How to classify pdf containing scanned image?
There is a scanned image in pdf. How can we configure them in DLP to generate alert?
Please create a separte thread for this query as it will mix up the issues.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA