Knowledge Center

Data Exchange Layer 3.x Known Issues
Technical Articles ID:   KB87627
Last Modified:  2/28/2019


McAfee Data Exchange Layer (DXL) 3.x


Recent updates to this article
Date Update
February 28, 2019 Changed the related article link for issue 1236251 from KB90499 to KB90036 in the Critical known issues table. Content from KB90499 has been incorporated in KB90036.
November 20, 2018 DXL 3.0.x entries updated as End of Life.
August 13, 2018 Added and updated multiple entries resolved by 
DXL 3.1.0 Hotfix 2 through DXL 3.1.0 Hotfix 14
July 23, 2018 Added release information for DXL 3.1.0 Hotfix 14.
April 16, 2018 Updated to add critical issue 1236251.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Click to expand the section you want to view:

DXL Version Release Date Release Notes
3.1.0 Hotfix 14 July 23, 2018 PD27813
3.1.0 Hotfix 13 March 15, 2018 PD27547
3.1.0 Hotfix 11 January 25, 2018 PD27481
3.1.0 Hotfix 10 November 15, 2017 PD27351
3.1.0 Hotfix 9 October 27, 2017 PD27303
3.1.0 Hotfix 8 September 19, 2017 PD27266
3.1.0 Hotfix 7 August 22, 2017 PD27230
3.1.0 (GA) March 31, 2017 PD26985
3.0.1 Hotfix 9 April 2, 2018 EOL
3.0.1 Hotfix 5 June 7, 2017 EOL
3.0.1 Hotfix 4 April 10, 2017 EOL
3.0.1 Hotfix 3 March 13, 2017 EOL
3.0.1 Hotfix 2 January 30, 2017 EOL
3.0.1 Hotfix 1 November 30, 2016 EOL
3.0.1 (GA) October 31, 2016 EOL
3.0.0 Hotfix 11 March 30, 2018 EOL
3.0.0 Hotfix 7 May 19, 2017 EOL
3.0.0 Hotfix 6 April 10, 2017 EOL
3.0.0 Hotfix 5 March 13, 2017 EOL
3.0.0 Hotfix 4 January 30, 2017 EOL
3.0.0 Hotfix 3 November 21, 2016 EOL
3.0.0  September 22, 2016 EOL

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.
Reference Number Related Article Found in DXL Version Resolved in DXL Version Issue Description
1236251 KB90036 4.x n/a Issue: Unable to check DXL platform.zip package into the ePolicy Orchestrator (ePO) repository. Orion.log records the following error:

Key error details:

  • Exception thrown by ActionBean:
  • SizeLimitExceededException:
  • The request was rejected because its size (282533025) exceeds the configured maximum (262144000)

Solution: See the related article.

Reference Number Related Article Found Version Resolved Version Issue Description
1233789  KB90586 3.0.0 3.1.0 
Hotfix 14
Issue: The DXL client for McAfee ePO times out in large networks with many connection events.
Resolution: This issue was resolved by changing the design used to determine the DXL connection status of devices. For more information, see the related article.
1238332 - 3.0.0 3.1.0 
Hotfix 14
Issue: Nessus scans of the broker appliance show that OpenSSH supports the use of weak DHE key sizes.
1238334 - 3.0.0 3.1.0 
Hotfix 14
Issue: Upgrading a DXL C++ client on a Mac system to DXL 4.1 ( leads to all DXL files being deleted. These include certificates, configuration files, and logs.
1238351 - 3.0.0 3.1.0 
Hotfix 14
Issue: When installing a C++ client on a system with a product that injects the DXL C++ client Installer MSI, the client fails to install if untrusted.
1238353 KB82851 3.0.0 3.1.0 
Hotfix 14
Issue: The DXL Linux MER script is not obtaining all broker logs. 
  • The script only grabs /var/McAfee/dxlbroker/logs/dxlbroker*.log 
  • When it must grab /var/McAfee/dxlbroker/logs/dxlbroker.log*
1238926  - 3.0.0 3.1.0 
Hotfix 14
Issue: Reputation overrides made in Threat Intelligence Exchange are not sent by DXL to endpoints as expected.
1242564 - 3.0.0 3.1.0 
Hotfix 14
Issue: The DXL client does not validate the private key and regenerates certificates if the private key is bad.
1224614  - 3.0.0 3.1.0 
Hotfix 13
Issue: The MLOS kernel required an update to receive security fixes for vulnerabilities related to Spectre (CVE-2017-5753, CVE-2017-5715).
1227711 - 3.1.0 3.1.0 
Hotfix 13
Issue: [DXL Clients] Client connection status before an Agent Wakeup is Connected. But, the Client connection status after an Agent Wakeup is Blank.

Resolution: The DXL connection status is now sent through McAfee Agent properties. In McAfee ePO 5.9.1 and later, the correct DXL client connection status is displayed in the DXL custom properties.
NOTE: For McAfee Active Response and McAfee Threat Intelligence Exchange installations that use the DXL Java client, this resolution Is not available on those clients until a hotfix is released.
1228290 - 3.1.0 3.1.0 
Hotfix 13
Issue: Third-party extensions that use the DXL client never complete.
1229664 - 3.1.0 3.1.0 
Hotfix 13
Issue: The broker ISO cannot be installed on a Dell Server R730.
1231229 - 3.0.0 3.1.0 
Hotfix 13
Issue: The DXL Broker Appliance kernel needed updating to receive security fixes for vulnerabilities related to CVE-2017-000366.
1232933 - 3.1.0 3.1.0 
Hotfix 13
Issue: During an upgrade, the DXL client installer dxlservicemonitor.exe restarts the DXL service (dxlservice.exe), which causes install failures.
1224082 - 3.0.0 3.1.0 
Hotfix 11
Issue: The MLOS kernel needs updating to receive security fixes for vulnerabilities related to Meltdown (CVE-2017-5754).
1218356 - 3.0.0 3.1.0 
Hotfix 11
Issue: OpenSSL needs updating to 1.0.2m to receive security fixes for CVE-2017-3736 and CVE-2017-3735.
1216188 - 3.0.0 3.1.0 
Hotfix 10
Issue: DXL performance issue when 5,000 or more clients receive an event.
1212167  - 3.0.1 3.1.0 
Hotfix 9
Issue: DXL client on a Macintosh operating system shows a status “Not connected” when it is connected.
1213381 - 3.1.0 3.1.0 
Hotfix 9
Issue: An access violation in the DXL library caused communication issues with other services.
1216037  - 3.0.0 3.1.0 
Hotfix 9
Issue: Clients with invalid (out-of-date) certificates cannot connect to DXL brokers.
1216400 - 3.1.0 3.1.0 
Hotfix 9
Issue: DXL C++ client missing 64-bit implementations for Macintosh operating systems.
1216988 - 3.1.0 3.1.0 
Hotfix 9
Issue: DXL C++ API-managed application system crash when the freeDxlApi method is called.
1209111 - 3.1.0 3.1.0 
Hotfix 8
Issue: When performing multiple DXL installs, the mfehidin.exe creates only one ELT file. The first ETL File is overwritten.

Resolution: Now mfehidin.exe creates its own unique logs so that other logs are not overwritten.
1210813  - 3.1.0 3.1.0 
Hotfix 8
Issue: McAfee Active Response certificates and URL needed updating to the new McAfee certificates and URL.
1187839 - 2.2 3.1.0 
Hotfix 8
Issue: DXL system crash when there is more than one API instance for a process.

Resolution. A message is now displayed. No system crash occurs.
1211311 - 3.1.0 3.1.0 
Hotfix 8
Issue: DXL service causes high CPU usage.
1207879 - 3.1.0 3.1.0 
Hotfix 7
Issue: DXL client system crash when the client’s Broker Affinity policy setting is set to a broker that no longer exists.
1208803 - 3.1.0 3.1.0 
Hotfix 7
Issue: DXL broker kernel needed updating to receive security fixes for CVE-2017-1000111 and CVE-2017-1000112.
1000111 - 3.1.0 3.1.0 
Hotfix 7
Issue: A reboot is required if the platform is deployed on an existing broker.
1167073  - - 3.1.0 
Hotfix 2
Issue: DXL unable to connect to multiple McAfee Agent Handlers.
1188297  - 3.1.0 3.1.0 
Hotfix 2
Issue: DXL broker assignment on hop count within MPLS network, causes clients to attach to foreign DXL brokers.

Resolution: When determining a DXL broker to use, the time required to connect to a Broker, or connection speed, is now used in the DXL client logic.
1188447  - 3.1.0 3.1.0 
Hotfix 2
Issue: When switching networks, DXL is slow to detect and reconnect to the new network.
1193469  - 3.1.0 3.1.0 
Hotfix 2
Issue: DXL C++ client does not send correct event messages.
1194161  - 3.1.0 3.1.0 
Hotfix 2
Issue: DXL Topology page takes a long time to display.
1189148 KB89090 3.1.0 n/a Issue: Data Exchange Layer Brokers and Clients require equivalent or greater Extension versions to function correctly.

Solution: Install or upgrade to the equivalent or greater version of all DXL Extensions. See the related article for details.
1183755 KB88931 3.x n/a Issue: Upgrades from DXL 1.x to DXL 3.x fail.

Workaround: Upgrade DXL 1.1 to 2.0, then upgrade to 3.1.0.

NOTE: Any DXL client versions earlier than DXL 2.0 must first be upgraded to DXL 2.0 before they are upgraded to DXL 3.1.
- - DXL 3.0.1 Hotfix 2


3.0.0 Hotfix 4
n/a Issue: Uninstalling DXL Windows client versions older than DXL 3.0.1 Hotfix 2 and DXL 3.0.0 Hotfix 4 fails in the following scenarios (when only the DXL client and McAfee Agent 5.0.5 are installed on the system):
  • When a version of the DXL client earlier than or When McAfee Agent 5.0.5 are the only products on the system, and you are upgrading to DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (
  • When a version of DXL client older than or and McAfee Agent 5.0.5 are the only products on the system and you try to uninstall the DXL client.
The DXL client installation process includes a step to uninstall the previous version of the DXL client, so this issue prevents upgrades in the scenarios described. If other McAfee endpoint products that install the McAfee system core (VSCore) are installed on the system, this issue does not occur.

Solution: There are two ways to resolve this issue:
  • Downgrade McAfee Agent to an earlier version.
    Example: McAfee Agent 5.0.4 or 5.0.3, install or upgrade the DXL client to either DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (, and then upgrade to McAfee Agent 5.0.5.
  • Install a McAfee endpoint component that also installs or upgrades VSCore, and then install or upgrade the DXL client to either DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (
- 3.1.0,
And later
Issue: McAfee Active Response (MAR) occasionally experiences client installation failures because the time required to disconnect from the DXL API causes a timeout.

Cause: The DXL API takes too long to disconnect because the McAfee Agent message bus times out while stopping.

Workaround: MAR 2.0 client installations work correctly as long as there are no outstanding MAR requests for data. If there are outstanding MAR data requests, try again when there are no outstanding MAR data requests and it succeeds.
1164239 -- 3.1.0 DXL
Issue: Certificate-based authentication does not work as expected in multi-ePO environments.

Workaround: To use certificate-based authentication in a multi-ePO environment, you must import the third-party certificates in all ePO instances, and repeat the certificate-based authorization restrictions on each ePO instance manually.
1156706 - 3.0.0 DXL
Issue: When VirusScan Enterprise Common Maximum Protection is set to Block, DXL C++ Client installation fails.

Explanation: The DXL Client is written in C++ and uses the VC++ redistributables. The DXL C++ Client Installer checks whether the VC++ packages are installed on the system and, if not, installs them. The VC++ Installer tries to create the AUTORUN Registry key to ensure it is restarted after a reboot. When Common Maximum Protection is set to Block, the Installer is blocked from installing the VC++ redistributables, and the DXL C++ Client installation fails.

Workaround: When Common Maximum Protection is set to Block, you need to add the following two file names to the Exclusion List:
1143741 - 3.0.0 n/a Issue: When using Internet Explorer 10 and you select an ePO locale different from the one used when the operating system was installed, you see the following problem:

The date format in some areas of the Data Exchange Layer Fabric page does not match the format in other parts of ePO. (Example areas of the Data Exchange Layer Fabric page that do not match are the Last refresh date and DXL Broker, Health, Start Time.)
Resolution: Upgrade to Internet Explorer 11.
1157983 - 2.0.1 Hotfix 1 n/a Issue: DXL might fail to uninstall or upgrade if file scanning software is present. This issue can occur when uninstalling or upgrading from DXL versions later than or equal to DXL 2.0.1 Hotfix 1 and earlier than DXL 3.0.0. The MSI log contains the following error:
Action start 9:53:30: ResetVtpCacheSchedule.
ResetVtpCacheSchedule: getting property: VTPINFOEXE
ResetVtpCacheSchedule: extracting binary stream: mfedxutil64.exe
ResetVtpCacheSchedule: creating temp path: mfedxutil64.exe
ResetVtpCacheSchedule: deleting file: C:\Windows\Temp\mfedxutil64.exe
ResetVtpCacheSchedule: Error 0x80070020: failed to delete file: C:\Windows\Temp\mfedxutil64.exe: The process cannot access the file because it is being used by another process.
CustomAction ResetVtpCacheSchedule returned actual error code 1603 (note, might not be 100% accurate if translation happened inside sandbox)
Action ended 9:53:30: ResetVtpCacheSchedule. Return value 3.
Resolution: Disable file scanning software and then reinstall DXL.
1107302 KB86114 2.0.1 n/a Issue: DXL fails to install on Windows Server 2008. The following error is recorded in the DXL MSI logs:
NOTE: Logs are located in the C:\Windows\Temp\McAfeeLogs
delete_reg_keys: Error 0x800b010a: Failed to open access handle : A certificate chain could not be built to a trusted root authority.
Resolution: See the related article for instructions to manually install the missing Verisign Class 3 Public Primary Certification Authority - G5 certificate.
1082794 - 2.0.0 n/a Issue: The Clients Connected count on the DXL Fabric Visualization page shows the number of connected clients and the number of incoming bridges.
1026559 - 2.0.0 n/a Issue: Bridges can be overlapped on the DXL Fabric Visualization page.
1068538 - 1.1.0 n/a Issue: DXL Remote Management string "dxl.system.notifyAgent.cmd.success" or “dxl.system.requestAgent.cmd.success” appears in the Audit Log.

Explanation: In ePO 5.3, when DXL is installed, ePO uses the Notify Agent Command or the Request Agent Command to contact an Agent to take various actions. This command generates an Audit Log entry with an action of Notify Agents or Request Agents and the "success" message is "dxl.system.notifyAgent.cmd.success" or "dxl.system.requestAgent.cmd.success". These messages are just a string display error with the Notify Agent Command and Request Agent Command where the resource property key it uses for "success" messages is incorrect.
1023923 - 1.0.1 n/a Issue: The DXL client, when deployed through ePO or installed manually, does not start after installation on 64-bit Linux client systems.

Resolution: On the Linux client system, install the needed 32-bit libraries and then start the DXL Client service. (To install the libraries for Red Hat-based distributions, use the command: yum install glibc.i686 libstdc++.i686.)

NOTE: Debian-based distributions are currently not supported.
1003419 - 1.0.1 n/a
Issue: When a user adds a system to a Tag used in the DXL Topic Authorization, the system does not appear in DXL until the Manager DXL Brokers server task runs. This task occurs once per day by default.

Workaround: To see the system in the Tags, manually run the server task Manager DXL Brokers.
987172 KB83123 1.0.1 n/a
Issue: When you install DXL, the DXL MMS service fails to start if Avecto Privilege Guard is installed.

Resolution: This issue occurs when Avecto Privilege Guard tries to "hook" McAfee processes by loading its own code (a DLL) into the McAfee process. See the Knowledge Base article for issue details and resolution options.
973129 - 1.0.1 n/a
Issue: The following OpenSSL error message displays in the DXL log file:
[140360668215328] 01/12/15 13:10:19 [E] OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
Explanation: You can safely ignore the error message. The error occurs because of the way the Java clients ping the DXL Brokers. They perform a socket connect, but do not establish a proper SSL/TLS connection.

Back to Top

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.