I think the easiest test you can do is to allow permissions to Everyone on this share and maybe also configure Advanced permissions for Everyone to allow Full rights to "This folder, subfolders and files"
Confirm that a client machine can browse to the Evidence folder as a UNC path from the Run command e.g. \\<ipaddress>\evidence_folder and once you have opened the share, confirm if the client can write to it e.g. try to create a document or notepad file in this share.
Once confirmed, then try to reproduce the issue which generates the evidence on this client and see if you can then access the evidence from the DLP Monitor.
It is very likely that the issue is permissions.
Evidence is not replicating since the agent state is offline.
Please set the Default gateway in Network connections and check. This should solve the issue. Please let me know if this helps
as I mentioned in the previous post. after adding the default gateway, problem was solved.
Buy I was wondering why should I specifiy the default gateway, since the server and client reside the in same network. (192.168.10.xx)..
Any further explanation with this?
in another forum Malathi gave me an answer on this question:
"If the gateway is left blank, agent will be able to communicate to DC using the cached DC data. DLP agent tries to connect to DC ignoring the cache and since gateway is not specified, it fails to connect to DC. Hence the events will be offline.
Hope this clarifies
IMHO this is a bug. In theory DLP agent can use the cached DC data to define DC availability. Thats why this is only a question of realization of this functionality in DLP agent.
I am don`t know how dlp agent v9 affected this situation. Today I am test it.
I do understand if the client will communicate to the DC by using DC cached if the DC can't be contacted.
In my opinion, contacting the DC has nothing to do with default gateway. If the DC reside in the different network, of course we need to specify default gateway in the client side, to know where the DC is. But if the DC reside in the same network like the client, I dont think we need to specify the default gateway to let the client know where the DC is. In my opinion, the one that client should know correctly is the DC IP address. As long as the client can connect to that IP address, regarless of the default gateway is, it shouldnt be a problem.
Plese correct me If I am wrong.
I tried both DLP 3 and DLP 9 and came up with the same problem. Lastly, I tried this solution (specify the defaulr gateway) with DLP 9.
maybe it's not common to not specify the gateway. But if the reason why evidence is not replicate to the server just becuase unspecify gateway, I still don't get it. Because from the network point of view, the communication between client and sever has no problem. Client can ping the server either using IP address or Hostname.
client system and the ePO server is in different networks and i can't assign the epo IP as a default gateway then how can i clear the issue..??
Hi priyankay, we had a similar issue. After trying a lot of changes to the permissions and folder settings, the published IP address had to be removed for the ePO server. But still you require the machines to be in the same network as the ePO server for the evidence copy to work.
Hope it helps.