You cannot create a DLP policy in an Exchange Server 2013 environment

Applies to: Exchange Server 2013 EnterpriseExchange Server 2013 Standard Edition


When you try to create a data loss prevent (DLP) policy from a template, in some non-English locales (languages), you receive an error message that is similar to the following:
Error while executing a script policy DLP. Most often, this error occurs because of an attempt to create more than one policy, based on the same template: crash when running the cmdlet New-TransportRule-name "Name": check letters of administration. Outside is great. number of "-DlpPolicy" fgddfgdfg "-SentToScope NotInOrganization-MessageContainsDataClassifications @ {Name =" Credit Card Number "; minCount =" 10 "}, @ {Name =" U.S. Bank Account Number "; minCount =" 10 "}, @ {Name =" U.S. your Individual Identification Number (ITIN); minCount = "10"}, @ {Name = "U.S. Social Security Number (SSN) minCount =" "; 10}-SetAuditSeverity High-NotifySender RejectUnlessExplicitOverride-RejectMessageReasonText" unable to deliver your message. To override this setting, add the word "override" in the subject line. " A positional parameter cannot be found that the argument ' override accepts in the subject line. "
Additionally, the Chinese (Simplified and Traditional) and Norwegian locales are not localized correctly. These locales incorrectly contain English language text in DLP policy templates, descriptions, transport rule names, and content. This issue does not affect the classification definitions that are used in these locales. This issue only affects the data that is displayed in the EAC.

The following table contains more information about the affected languages:
LanguageCodeNumber of affected templatesNumber of affected templates that cannot be used to create DLPs
Hebrewhe-IL8U.S. Federal Trade Commission (FTC) Consumer Rules

U.S. Financial Data

U.S. Gramm-Leach-Bliley Act (GLBA)

U.S. Health Insurance Act (HIPAA)

U.S. Patriot Act

U.S. Personally Identifiable Information (PII) Data

U.S. State Breach Notification Laws

U.S. State Social Security Number Confidentiality Laws
Kannadakn-IN2France Data Protection Act

Germany Personally Identifiable Information (PII) Data
Portuguesept-BR1Australia Personally Identifiable Information (PII) Data
Chinese (Simplified, PRC)cn-ZH 40All
Portuguese (Portugal)pt-PT40All
Amharic (Ethiopia)am-ET40All


This issue occurs because there are invalid characters in the localized part of the DLP policy templates.

Note The DLP content detection functionality is not affected by the invalid characters in the DLP policy templates.


To resolve this issue, install the updated DLP policy templates. To do this, follow these steps:
  1. Download the updated templates. To do this, go to the following Microsoft website:
  2. Run the following commands from Exchange Management Shell to import template. (In these commands, the file is saved to C:\Temp\KB12321321-OOB-dlpPolicyTemplates.xml.)
    Get-dlppolicytemplate | foreach { Remove-DlpPolicyTemplate $_.Name -Confirm:$false}

    $template = Get-Content -Encoding byte -ReadCount 0 -Path C:\Temp\KB12321321-OOB-dlpPolicyTemplates.xml

    Import-DlpPolicyTemplate -FileData $template
Note This procedure first removes all the existing DLP policy templates from Exchange Server. If you have any custom DLP policy templates, you must save them and then reimport them to Exchange Server after you follow the procedure in this section.


To work around this issue, use a locale that is not listed in the table in the "Symptoms" section, such as English. This workaround creates templates that have English names, descriptions, and transport rules. However, this workaround does not affect the DLP content detection functionality. After you create the DLP policies from the templates, you can revert to the language that you want. After you revert to your original language, the template data remains in English.