Knowledge Center

Data Exchange Layer 3.x Known Issues
Technical Articles ID:   KB87627
Last Modified:  4/16/2018


McAfee Data Exchange Layer (DXL) 3.x


Recent updates to this article
Date Update
April 16, 2018 Updated to add critical issue 1236251.
April 6, 2018 Updated Release information table.
March 1, 2018 Updated to add expand/collapse titles.
July 31, 2017 Corrected typo.
July 28, 2017 Updated Release Information table.

Click to expand the section you want to view:

3.1.0 Release to World (RTW) Date Release Notes
Hotfix 13 March 15, 2018 PD27547
Hotfix 11 January 25, 2018 PD27481
Hotfix 10 November 15, 2017 PD27351
Hotfix 9 October 27, 2017 PD27303
Hotfix 8 September 19, 2017 PD27266
Hotfix 7 August 22, 2017 PD27230
3.1.0 March 31, 2017 PD26985
3.0.1 Release to World (RTW) Date Release Notes
Hotfix 9 April 2, 2018 PD27607
Hotfix 5 June 7, 2017 PD27082
Hotfix 4 April 10, 2017 PD26965
Hotfix 3 March 13, 2017 PD26927
Hotfix 2 January 30, 2017 PD26867
Hotfix 1 November 30, 2016 PD26795
3.0.1 October 31, 2016 PD26744
3.0.0 Release to World (RTW) Date Release Notes
Hotfix 11 March 30, 2018 PD27605
Hotfix 7 May 19, 2017 PD27083
Hotfix 6 April 10, 2017 PD26966
Hotfix 5 March 13, 2017 PD26926
Hotfix 4 January 30, 2017 PD26868
Hotfix 3 November 21, 2016 PD26790
3.0.0 September 22, 2016 PD26667

Reference Number Related Article Found in DXL Version Resolved in DXL Version Issue Description
1236251 KB90499 4.x   Issue: Unable to check DXL platform.zip package into the ePO repository.

Orion.log records the following error:

Exception thrown by ActionBean:

com.mcafee.orion.core.servlet.SizeLimitExceededException: org.apache.tomcat.util.http.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected because its size (282533025) exceeds the configured maximum (262144000)

Solution: See the Related Article.

Reference Number Related Article Found in DXL Version Resolved in DXL Version Issue Description
1189148 KB89090 3.1.0 n/a Issue: Data Exchange Layer Brokers and Clients require equivalent or greater Extension versions to function correctly.

Solution: Install or upgrade to the equivalent or greater version of all DXL Extensions. See the related article for details.
1183755 KB88931 3.x See the related article Issue: Upgrades from DXL 1.x to DXL 3.x fail.

Workaround: Upgrade DXL 1.1 to 2.0, then upgrade to 3.1.0.

NOTE: Any DXL client versions earlier than DXL 2.0 must first be upgraded to DXL 2.0 before they are upgraded to DXL 3.1.
    DXL 3.0.1 Hotfix 2 and DXL 3.0.0 Hotfix 4   Issue: Uninstalling DXL Windows client versions older than DXL 3.0.1 Hotfix 2 and DXL 3.0.0 Hotfix 4 fails in the following scenarios (when only the DXL client and McAfee Agent 5.0.5 are installed on the system):
  • When a version of the DXL client earlier than or and McAfee Agent 5.0.5 are the only products on the system, and you are upgrading to DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (
  • When a version of DXL client older than or and McAfee Agent 5.0.5 are the only products on the system and you try to uninstall the DXL client.
The DXL client installation process includes a step to uninstall the previous version of the DXL client, so this issue prevents upgrades in the scenarios described. If other McAfee endpoint products that install the McAfee system core (VSCore) are installed on the system, this issue does not occur.

Solution: There are two ways to resolve this issue:
  • Downgrade McAfee Agent to an earlier version (for example, McAfee Agent 5.0.4 or 5.0.3), install or upgrade the DXL client to either DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (, and then upgrade to McAfee Agent 5.0.5.
  • Install a McAfee endpoint component that also installs or upgrades VSCore, and then install or upgrade the DXL client to either DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (
  3.1.0, 3.0.0   Issue: McAfee Active Response (MAR) occasionally experiences client installation failures because the time required to disconnect from the DXL API causes a timeout.

Cause: The DXL API takes too long to disconnect because the McAfee Agent message bus times out while stopping.

Solution: This issue will be resolved in a future McAfee Agent release.

Workaround: MAR 2.0 client installations work correctly as long as there are no outstanding MAR requests for data. If there are outstanding MAR data requests, try again when there are no outstanding MAR data requests and it succeeds.
1164239   3.1.0   Issue: Certificate-based authentication does not work as expected in multi-ePO environments.

Solution: This issue will be resolved in a future product release.

Workaround: To use certificate-based authentication in a multi-ePO environment, you must import the third-party certificates in all ePO instances, and repeat the certificate-based authorization restrictions on each ePO instance manually.
1156706   3.0.0   Issue: When VirusScan Enterprise Common Maximum Protection is set to Block, DXL C++ Client installation fails.

Explanation: The DXL Client is written in C++ and uses the VC++ redistributables. The DXL C++ Client Installer checks whether the VC++ packages are installed on the system and, if not, installs them. The VC++ Installer tries to create the AUTORUN Registry key to ensure it is restarted after a reboot. When Common Maximum Protection is set to Block, the Installer is blocked from installing the VC++ redistributables, and the DXL C++ Client installation fails.

Workaround: When Common Maximum Protection is set to Block, you need to add the following two file names to the Exclusion List:
1143741   3.0.0   Issue: When using Internet Explorer 10 and you select an ePO locale different from the one used when the operating system was installed, the date format in some areas of the Data Exchange Layer Fabric page does not match the format in other parts of ePO. (Example areas of the Data Exchange Layer Fabric page that do not match are the Last refresh date and DXL Broker, Health, Start Time.)
Workaround: Upgrade to Internet Explorer 11.
1157983   DXL 2.0.1 Hotfix 1   Issue: DXL might fail to uninstall or upgrade if file scanning software is present. This issue can occur when uninstalling or upgrading from DXL versions later than or equal to DXL 2.0.1 Hotfix 1 and earlier than DXL 3.0.0. The MSI log contains the following error:
Action start 9:53:30: ResetVtpCacheSchedule.
ResetVtpCacheSchedule:  getting property: VTPINFOEXE
ResetVtpCacheSchedule:  extracting binary stream: mfedxutil64.exe
ResetVtpCacheSchedule:  creating temp path: mfedxutil64.exe
ResetVtpCacheSchedule:  deleting file: C:\Windows\Temp\mfedxutil64.exe
ResetVtpCacheSchedule:  Error 0x80070020: failed to delete file: C:\Windows\Temp\mfedxutil64.exe : The process cannot access the file because it is being used by another process.
CustomAction ResetVtpCacheSchedule returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 9:53:30: ResetVtpCacheSchedule. Return value 3.
Workaround: Disable file scanning software and then reinstall DXL.
1107302 KB86114 2.0.1   Issue: DXL fails to install on Windows Server 2008. The DXL MSI log located in the C:\Windows\Temp\McAfeeLogs folder contains the following error:
delete_reg_keys: Error 0x800b010a: Failed to open access handle : A certificate chain could not be built to a trusted root authority.
Workaround: See the related article for instructions to manually install the missing VeriSign Class 3 Public Primary Certification Authority - G5 certificate.
1082794   2.0.0   Issue: The Clients Connected count on the DXL Fabric Visualization page shows the number of connected clients and the number of incoming bridges.
1026559   2.0.0   Issue: Bridges can be overlapped on the DXL Fabric Visualization page.
1068538   1.1.0   Issue: DXL Remote Management string "dxl.system.notifyAgent.cmd.success" or “dxl.system.requestAgent.cmd.success” appears in the Audit Log.

Explanation: In ePO 5.3, when DXL is installed, ePO uses the Notify Agent Command or the Request Agent Command to contact an Agent to take various actions. This command generates an Audit Log entry with an action of Notify Agent(s) or Request Agent(s) and the "success" message is "dxl.system.notifyAgent.cmd.success" or "dxl.system.requestAgent.cmd.success". These messages are just a string display error with the Notify Agent Command and Request Agent Command where the resource property key it uses for "success" messages is incorrect.
1023923   1.0.1   Issue: The DXL client, when deployed through ePO or installed manually, does not start after installation on 64-bit Linux client systems.

Resolution: On the Linux client system, install the needed 32-bit libraries (for Red Hat-based distributions, use the command: yum install glibc.i686 libstdc++.i686) and then start the DXL Client service.

NOTE: Debian-based distributions are currently not supported.
1003419   1.0.1  
Issue: When a user adds a system to a Tag used in the DXL Topic Authorization, the system does not appear in DXL until the Manager DXL Brokers server task runs. This task occurs once per day by default.

Workaround: To see the system in the Tags, manually run the server task Manager DXL Brokers.
987172 KB83123 1.0.1  
Issue: When you install DXL, the DXL MMS service fails to start if Avecto Privilege Guard is installed.

Resolution: This issue occurs when Avecto Privilege Guard tries to "hook" McAfee processes by loading its own code (a DLL) into the McAfee process. See the Knowledge Base article for issue details and resolution options.
973129   1.0.1  
Issue: The following OpenSSL error message displays in the DXL log file:
[140360668215328] 01/12/15 13:10:19 [E] OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
Explanation: You can safely ignore the error message. The error occurs because of the way the Java clients ping the DXL Brokers. They perform a socket connect, but do not establish a proper SSL/TLS connection.

Back to Top


The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.