The DLP Agent gets to know about being online/offline if it can/cannot connect to its Windows Domain
Controller (Which contains the Active directory).The Agent configuration settings has the "Refresh online
Status interval" set to 30 sec.If the Agent machine is not able to contact the DC for more than 30 seconds,
the machine is recognized as Offline by DLP.
Please ensure your Agent machine is able to connect to the DC for online events.
yes, the client is wihtin the domain. it can contact the domain controller (contain Active Directory and DNS) with no problem.
I can ping the ePO server by using hostname without any problem. and the McAfee agent monitor shows no error while communicating with the ePO server. is there any other issue that might cause this?
I think the easiest test you can do is to allow permissions to Everyone on this share and maybe also configure Advanced permissions for Everyone to allow Full rights to "This folder, subfolders and files"
Confirm that a client machine can browse to the Evidence folder as a UNC path from the Run command e.g. \\<ipaddress>\evidence_folder and once you have opened the share, confirm if the client can write to it e.g. try to create a document or notepad file in this share.
Once confirmed, then try to reproduce the issue which generates the evidence on this client and see if you can then access the evidence from the DLP Monitor.
It is very likely that the issue is permissions.
actually i was not thinking by adding the default gateway might solve the problem becuase from the network point of view, these server and client reside in the same segment, thus doesnt need gateway to be specified. And as I said earlier, communication between server and client has no problem (able to ping either using IP or hostname, no update problem).
But unfortunately, after I added the server IP address as a gateway, evidence file from client site replicated to the server and now the connection state is "online" and the evidence is available from the DLP Monitor.
Does anyone has further explanation with this.? why do we have to speficy the default gateway eventhough the server and client reside in the same segment.?
anyway, many thanks for the help.