Loading...

Knowledge Center


Data Exchange Layer Client cannot connect to the DXL Broker
Technical Articles ID:   KB89060
Last Modified:  11/6/2019

Environment

McAfee Data Exchange Layer (DXL) 4.x

Symantec Drive Encryption
Other third-party vendor applications

Problem

The DXL Client is successfully installed but can't connect to the DXL Broker, even though there are no connectivity problems or any other issues in the DXL logs.

Cause

The issue is caused by a third-party vendor application injecting a DLL into McAfee services. For example: Symantec Drive Encryption.

You can use Process Explorer to see which DLLs are injected into any given process. For the DXL client, it is dxlservice.exe, and also any service starting with mfe.

Solution

If Endpoint Security 10.5 or higher is installed, these DLLs must be listed under the policy Endpoint Security Common in the Certificates section.

NOTE: This section is only visible if Show Advanced has been selected.

These DLLs must be selected to allow our internal kernel driver to whitelist them. Then, the DXL client can successfully connect to the fabric because the DXL client is also using our internal kernel driver.

Workaround

If the DLLs are not listed under the Common policy, or unsigned DLLs are injected, perform the following steps:
  1. Go to the DXL Client policy and deselect the Self Protection option.
  2. Enforce the new policy on the affected systems.
  3. Open the Task Manager and stop the dxlservice.exe process. The process restarts after five seconds. It can then reconnect to the DXL Broker because it is no longer using the internal kernel driver.

Or, a system restart achieves the same result as terminating the process.

Rate this document

Languages:

This article is available in the following languages:

English United States
Spanish Spain
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.