Since we are collecting evidence in HDLP 9, we are receiving in our DLP Monitor a lot of administrative events with the title "Evidence Replication Failed".
When you look at the details panel for those events, the problem seems to be related to the access rights on the hidden share Evidence$. Indeed the details mention "Access is denied., Error Code : 5
But, when you browse the contents of this share, everything is OK and files and folder are well present.
The security on the folder "Evidence" has been applied according the exact instructions coming from the installation guide.
Anybody know what's the problem?
try to run cmd as local system (http://blogs.msdn.com/adioltean/articles/271063.aspx) on a client hdlp system and execute "echo 123 >> \\server\evidence folder\123.txt" file appeared on the server?
How many domains in your environment?
Workstations running DLP agent and the server ePO are indeed in different domains.
Can I use the command "psexec.exe -i -s Cmd.exe" to check the rights on the folder Evidence using the command "echo 123 >> ......"?
Try once with giving everyone access and see if you still get the same error!
It's more of a windows access control issue than HDLP.