Knowledge Center

Data Exchange Layer 4.x Known Issues
Technical Articles ID:   KB89741
Last Modified:  9/10/2019


McAfee Data Exchange Layer (DXL) 4.x


Recent updates to this article:
Date Update
September 10, 2019 Added the issues resolved in DXL 4.0.0 Hotfix 10 (RTS) and DXL 4.1.2 Hotfix 4 (RTS): DXLM-3845.
May 7, 2019 Added DXL 4.0.0 Hotfix 9 for the reference numbers: 1262486, 1270186, 1270387.
April 9, 2019 Added the issues resolved in DXL 4.1.2 Hotfix 3 (General Availability release): 1270186, 1270387, and 1270407. Added a reference to a Security Bulletin for the issue 1270186.
March 20, 2019 Link to KB90499 (unpublished) changed to KB90036 (consolidated content).
March 12, 2019 Added the issues resolved in DXL 4.1.2 Hotfix 2 (Release to Support): 1266922 1265827 and 1266219.

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Product release information
DXL Version Release Date Release Notes
DXL 4.1.2 Hotfix 4 (RTS) September 10, 2019
DXL 4.1.2 Hotfix 3 (GA) April 9, 2019 PD28305
DXL 4.1.2 Hotfix 2 (RTS) March 12, 2019
DXL 4.1.2 Hotfix 1 (GA) January 23, 2019 PD28173
DXL 4.1.2 (GA) November 13, 2018 PD28067
DXL (Repost) September 11, 2018 PD27889
DXL (GA) 1 August 7, 2018 (no longer available) n/a
DXL 4.1.0 Hotfix 1 May 31, 2018 PD27789
DXL 4.1.0 (GA) April 24, 2018 PD27560
DXL 4.0.0 Hotfix 10 (RTS) September 10, 2019
DXL 4.0.0 Hotfix 9 (GA) May 7, 2019 PD28307
DXL 4.0.0 Hotfix 8 (GA) November 13, 2018 PD28085
DXL 4.0.0 Hotfix 7 July 23, 2018 PD27814
DXL 4.0.0 Hotfix 5 March 27, 2018 PD27548
DXL 4.0.0 Hotfix 4 February 15, 2018 PD27546
DXL 4.0.0 Hotfix 3 January 31, 2018 PD27422
DXL 4.0.0 Hotfix 2 November 15, 2017 PD27323
DXL 4.0.0 Hotfix 1 October 20, 2017 PD27322
DXL 4.0 (GA) November 13, 2017 (Client)
October 17, 2017 (Server)
GA - General Availability
n/a - not available

1 DXL 4.1.1 was pulled from the Product Downloads site on August 16, 2018. See reference 1228079 in the "Critical known issues" section for more details.

Issue resolutions in updates and major releases are cumulative; Technical Support recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site at http://www.mcafee.com/us/downloads/downloads.aspx.

Click to expand the section you want to view:

Reference Number Related
Issue Description
DXLM-3845 SB10287 4.0.0 DXL 4.0.0 Hotfix 10
DXL 4.1.2 Hotfix 4
Issue: CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 regarding Linux kernel TCP Sad SACK vulnerability.

CVE-2019-11477 - The TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). 

CVE-2019-11478 - The TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences.

CVE-2019-11479 - The Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced.
1270387 SB10272
4.0.0 DXL 4.0.0 Hotfix 9
DXL 4.1.2 Hotfix 3 
Issue: CVE-2019-3598 and CVE-2018-6703 regarding vulnerabilities with McAfee Agent on McAfee Linux Operating System (MLOS). For more information, see the related articles.
1262486 SB10266 4.0.0 DXL 4.0.0 Hotfix 9
DXL 4.1.2
Hotfix 1
DXL 5.0.1
Issue: CVE-2018-0737 regarding an OpenSSL RSA Key generation algorithm vulnerability. For more information, see the related article.
1270186 SB10279 4.0.0 DXL 4.0.0 Hotfix 9
DXL 4.1.2 Hotfix 3 
Issue: CVE-2019-3612 regarding information disclosure vulnerability. For more information, see the related article.
1262141 - 4.1.0 DXL 4.1.2
Hotfix 1
Issue: After an upgrade, multiple dxlsetup.exe processes are found running that never close.
1259156 - 4.0.0 DXL 4.1.2
Hotfix 1
DXL 4.0.0
Hotfix 8
Issue: CVE-2018-15473 regarding an OpenSSH vulnerability.
1254598 - 4.1.0 DXL 4.1.2
Hotfix 1
DXL 4.0.0
Hotfix 8
Issue: Security fixes for the DXL Broker MLOS platform, for vulnerabilities related to CVE-2018-5390 and CVE-2018-5391.
1228079 KB90301 DXL 4.1.1
ENS 10.6
ENS 10.7

DXL 4.1.1
Issue: Blue screen (system crash) occurs when:
  • ENS 10.6.0 Exploit Prevention is enabled.
  • DXL upgrades SysCore.
  • The SysCore upgrade deadlocks with the Exploit Prevention driver.
  • Chrome is closed while the SysCore upgrade is deadlocked.
Resolution: The issue is resolved with the repost of DXL This release:
  • Contains a utility that upgrades the ENS Exploit Prevention driver, if installed.
  • Includes the same version of SysCore included with ENS 10.6.0. Thus, an upgrade to DXL does not result in a SysCore upgrade.
Workaround: See the related article.
1240830 - 4.0 4.1.1
Issue: An update of kernels on an Oracle virtual machine server results in the failure of the system to boot.
1236251 KB90036 4.x n/a Issue: Unable to check DXL platform.zip package into the ePolicy Orchestrator (ePO) repository. Orion.log records the following error:
com.mcafee.orion.core.servlet.SizeLimitExceededException: org.apache.tomcat.util.http.fileupload.FileUploadBase$SizeLimit
ExceededException: the request was rejected because its size (282533025) exceeds the configured maximum (262144000)
Resolution: See the related article.
n/a = not applicable
Reference Number Related Article Found
Issue Description
1270407 - 4.1.0 DXL 4.1.2 Hotfix 3  Issue: When deploying the DXL client on the SUSE Linux Enterprise Server from ePO, the install fails with an error.
1266922   4.1.0 4.1.2 Hotfix 2 Issue: During the ePO certificate migration process, IPE does not connect to the Broker after you restart the service.
1265827   4.1.0 4.1.2 Hotfix 2 Issue: DXL Agent Wake-up fails when the request is sent to multiple systems.
1266219   4.1.0 4.1.2 Hotfix 2 Issue: DXL client fails to install on MLOS and Mac systems.
1256921 KB90963 4.1.1 4.1.2 Issue: The following error is encountered when you try to remove the DXL Client Management extension:
An error has occurred while removing extension DXLClientMgmt
1257035 - 4.1.1
Issue: Unable to uninstall 4.1.1 DXLClient Extension because of a null pointer issue. Reported errors:
  • Error running uninstall script for DXLClient. log:
  • [echo] Uninstall called for DXLClient (version
1255335 - 4.1.0 4.1.2 Issue: Upgrades fail because of a sequence of updates in the Broker MLOS platform. Reported error:
"error: Failed dependencies:
Kernel >= 4.9.79-1 is needed by intel-ucode-20180807-2.mlos2.x86_64"
1257375 - 4.1.0 4.1.2
Issue: DXL C++ client failed to pass all responses for a synch request to integrated applications on 64-bit Linux systems.
Reported tieserver.log errors:
  • ERROR [DxlServiceRequest-default-thread-6] (RequestRunner.java:80)
  • Error sending response. com.mcafee.dxl.client.exception.DxlException
  • Error publishing message: Connection lost: Broken pipe (Write failed)
1255765 - 3.1.0 4.1.2 Issue: Java client does not reconnect after a network interruption.
1251073 - 4.1.0
Issue: Performance issue when you access the ePO System Tree. Deadlock errors recorded in the server log.
Resolution: Added a unique constraint to the index
"IX_DXLClientCustomProps_ParentID" in the "DXLClientCustomPropsMT" table.
1233789 KB90586 3.1.0 4.1.1
Issue: The DXL client for ePO timed out in large networks with many connection events.
1238332 - 4.0 4.1.1
Issue: Nessus scans of the broker appliance show that OpenSSH supports the use of weak DHE key sizes.
NOTE: This issue was previously resolved by DXL 4.0 HF7 and DXL 4.1 HF1.
1238334 - 4.0 4.1.1
Issue: An upgrade of a DXL C++ client on a Mac system to DXL 4.1 ( leads to all DXL files being deleted. These include certificates, configuration files, and logs.
NOTE: This issue was previously resolved by DXL 4.0 HF7 and DXL 4.1 HF1.
1238351 - 4.0 4.1.1
Issue: When you install a C++ client on a system with a product that injects the DXL C++ client Installer MSI, the client fails to install if untrusted.
NOTE: This issue was previously resolved by DXL 4.0 HF7 and DXL 4.1 HF1.
1238353 KB82851 4.0 4.1.1
Issue: The DXL Linux MER script does not obtain all broker logs. The script only grabs:
/var/McAfee/dxlbroker/logs/dxlbroker*.log when it must grab: /var/McAfee/dxlbroker/logs/dxlbroker.log*
NOTE: This issue was previously resolved by DXL 4.0 HF7 and DXL 4.1 HF1.
1238926 - 4.0 4.1.1
Issue: ENS endpoints do not receive the reputation change event through DXL.
NOTE: This issue was previously resolved by DXL 4.0 HF7 and DXL 4.1 HF1.
1242564 - 4.0 4.1.1
Issue: Some DXL clients stay in a not connected state after an upgrade to 4.0.x. These client systems do not have any pem files under the folder:
Logs state the following error:
DxlMQTTConnection: error creating SSL context
DxlMQTTConnection: use private key failed
NOTE: This issue was previously resolved by DXL 4.0 HF7 and DXL 4.1 HF1.
Workaround: Reinstall the DXL client.
- 4.1.0
Hotfix 1
Issue: After you install DXL 4.1.0 with Hotfix 1 on a combined McAfee Active Response (MAR) and Threat Intelligence Exchange (TIE) appliance, the following error displays when you perform a DXL lookup:
The system cannot be looked up in DXL because it does not have a DXL Client installed.
1239573 - 4.1.0 4.1.1
Issue: Repeated flushing of the System dxl_service.log during the boot cycle.
1243477 - - 4.1.1
Issue: System crash on macOS Mojave 10.4 running in true 64-bit mode with the error:

Crash details:
Process: dxlsetupconfig [2927]
Path: /opt/McAfee/*/dxlsetupconfig
Identifier: dxlsetupconfig
Version: ???
Code Type: X86-64 (Native)
Parent Process: ??? [2926]
Responsible: dxlsetupconfig [2927]
User ID: 0

Termination Reason: EXEC, [0xd] This binary requires 32-bit x86 support, which has been disabled with boot-arg: -no32exec.
1246227 - 4.1.0 4.1.1
Issue: DXL Client Management extension upgrade fails with error: "Cannot insert duplicate key in object 'dbo.DXLClientEpoPropsMT'. The duplicate key value is (986)."
- 4.0 4.1.0 Issue: The DXL C++ client stops working, or crashes, after it is upgraded to version 4.0.0 on a Hyper-V host.

Cause: This issue exists in VScore 15.7.

Resolution: Upgrade to the DXL 4.1.0 client, which uses VScore 15.8.
- - - 4.0
Hotfix 8
Issue: Support for Microsoft Windows 10 Version 1809 (October 2018 Update).
1164239 - 3.1.0 4.0 Issue: Certificate-based authentication does not work as expected in multi-ePO environments.

Workaround: To use certificate-based authentication in a multi-ePO environment, you must import the third-party certificates in all ePO instances and repeat the certificate-based authorization restrictions on each ePO instance manually.
- 3.0.0 MA


and later
Issue: MAR occasionally experiences client installation failures because the time required to disconnect from the DXL API causes a timeout.

Cause: The DXL API takes too long to disconnect because the McAfee Agent message bus times out while it stops.

Workaround: MAR 2.0 client installations work correctly as long as there are no outstanding MAR requests for data. If there are outstanding MAR data requests, try again when there are no outstanding MAR data requests and it succeeds.
1156706 - 3.0.0 3.0.1 Issue: When VirusScan Enterprise Common Maximum Protection is set to Block, DXL C++ Client installation fails.

Explanation: The DXL Client is written in C++ and uses the VC++ redistributables. The DXL C++ Client Installer checks whether the VC++ packages are installed on the system and, if not, installs them. The VC++ Installer tries to create the AUTORUN Registry key to ensure it is restarted after a reboot. When Common Maximum Protection is set to Block, the Installer is blocked from installing the VC++ redistributables, and the DXL C++ Client installation fails.

Workaround: When Common Maximum Protection is set to Block, you need to add the following two file names to the Exclusion List:

1263569 - EPR - Issue: The Endpoint Product Removal (EPR) tool does not remove all versions of Data Exchange Layer. The EPR tool is a utility customers might use to uninstall all McAfee endpoint products. Because the tool might not fully remove all components and registry items related to a product, customers might experience install or upgrade issues after using the EPR tool. These issues are possible if references to their product or the components they use were not removed, for example, VSCore.
1260610 - 5.0 - Issue: When you install DXL on macOS systems, the installer does not detect if a newer version of DXL is installed. The older version is installed even if there is a newer version present. This issue occurs on all versions of DXL that support macOS.
1232934 KB90521 4.1 - Issue: When you try to install a DXL Broker on an Oracle VM Server, the installation fails and the following error displays at the Installer Setup:
Loading Xen Virtualization modules...
modprobe: can't load module xen-acpi-processor (kernel/drivers/xen/xen-acpi-proc - ssor.ko):
No such device modprobe
can't load module xen-pciback (kernel/drivers/xen/xen-pciback/xen-pcib ck.ko): No such device

Resolution: Engineering is investigating this emerging issue, and it will be resolved in a future product release or hotfix.

To subscribe for updates to this issue, see the related article.
1205832 KB89839 4.0 n/a Issue: The DXL client installer for Microsoft Windows might fail if a policy is enforced during a DXL install or upgrade.

Key error details found in the MSI log:
Process returned non-zero return code : (null)

Key error details found in the VSCore log, ...
- AAC is not installed. err=170
- ERROR! Failed to create AAC Control. err=170

Cause: This issue occurs when a product tries to update the AAC policy, but AAC is disabled because of a VSCore upgrade.

Resolution: To recover the system, press and hold the power button to force a hard restart. Correct behavior is the system restarts normally and continues to install DXL. See the related article for details.
1236251 KB90036 4.1 n/a Issue: The DXL platform.zip fails to check in to ePO.

Cause: The platform.zip size has increased to 269 MB because the largest packages were added to address the Spectre and Meltdown CVEs.

Resolution: Edit the \Server\conf\epo\epo.properties file, change the File.upload.limit size to 300. To make the change active, restart the ePO services.
1189148 KB89090 3.1.0 n/a Issue: Data Exchange Layer Brokers and Clients require equivalent or later Extension versions to function correctly.

Resolution: Install or upgrade to the equivalent or later version of all DXL Extensions. See the related article for details.
- - DXL 3.0.1 Hotfix 2


DXL 3.0.0 Hotfix 4
n/a Issue: Uninstallation of DXL Windows client versions older than DXL 3.0.1 Hotfix 2 and DXL 3.0.0 Hotfix 4 fails in the following scenarios. The failure occurs when only the DXL client and McAfee Agent 5.0.5 are installed on the system:
  • A version of the DXL client earlier than or and McAfee Agent 5.0.5 are the only products on the system. Then, you upgrade to DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (
  • A version of DXL client older than or and McAfee Agent 5.0.5 are the only products on the system, and you try to uninstall the DXL client.
The DXL client installation process includes a step to uninstall the previous version of the DXL client, so this issue prevents upgrades in the scenarios described. If other McAfee endpoint products that install the McAfee system core (VSCore) are installed on the system, this issue does not occur.

Resolution: There are two ways to resolve this issue:
  • Downgrade McAfee Agent to an earlier version (for example, McAfee Agent 5.0.4 or 5.0.3). Install or upgrade the DXL client to either DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 ( Then upgrade to McAfee Agent 5.0.5.
  • Install a McAfee endpoint component that also installs or upgrades VSCore. Then install or upgrade the DXL client to either DXL client 3.0.0 Hotfix 4 ( or DXL client 3.0.1 Hotfix 2 (
1143741 - 3.0.0 n/a Issue: When you use Internet Explorer 10, if you select an ePO locale different from the locale with which the operating system was installed, a date format issue occurs. The date format in some areas of the Data Exchange Layer Fabric page does not match the date format in other parts of ePO. For example, Last refresh date and DXL Broker, Health, Start Time.
Workaround: Upgrade to Internet Explorer 11.
1157983 - DXL 2.0.1 Hotfix 1 n/a Issue: DXL might fail to uninstall or upgrade if file scanning software is present. This issue can occur when you uninstall or upgrade from DXL versions later than or equal to DXL 2.0.1 Hotfix 1 and earlier than DXL 3.0.0. The MSI log contains the following error:
ResetVtpCacheSchedule: getting property: VTPINFOEXE
ResetVtpCacheSchedule: extracting binary stream: mfedxutil64.exe
ResetVtpCacheSchedule: creating temp path: mfedxutil64.exe
ResetVtpCacheSchedule: deleting file: C:\Windows\Temp\mfedxutil64.exe
ResetVtpCacheSchedule: Error 0x80070020: failed to delete file: C:\Windows\Temp\mfedxutil64.exe : The process cannot access the file because it is being used by another process.
CustomAction ResetVtpCacheSchedule returned actual error code 1603 (note this might not be 100% accurate if translation happened inside sandbox)
Action ended 9:53:30: ResetVtpCacheSchedule. Return value 3.
Resolution: Disable file scanning software and then reinstall DXL.
1107302 KB86114 2.0.1 n/a Issue: DXL fails to install on Windows Server 2008. The DXL MSI log (C:\Windows\Temp\McAfeeLogs) contains the following error:
delete_reg_keys: Error 0x800b010a:
Failed to open access handle : A certificate chain could not be built to a trusted root authority.
Resolution: See the related article for instructions to manually install the missing Verisign Class 3 Public Primary Certification Authority - G5 certificate.
1082794 - 2.0.0 n/a Issue: The Clients Connected count on the DXL Fabric Visualization page shows the number of connected clients and the number of incoming bridges.
1026559 - 2.0.0 n/a Issue: Bridges can be overlapped on the DXL Fabric Visualization page.
1068538 - 1.1.0 n/a Issue: DXL Remote Management string "dxl.system.notifyAgent.cmd.success" or "dxl.system.requestAgent.cmd.success" appears in the Audit Log.

Explanation: In ePO 5.3, when DXL is installed, ePO uses the Notify Agent Command or the Request Agent Command to contact an Agent to take several actions. This operation generates an Audit Log entry with an action of Notify Agents or Request Agents and the "success" message is:


This message is just a string display error with the Notify Agent Command and Request Agent Command where the resource property key it uses for "success" messages is incorrect.

1023923 - 1.0.1 n/a Issue: The DXL client, when deployed through ePO or installed manually, does not start after installation on 64-bit Linux client systems.

Resolution: On the Linux client system, install the needed 32-bit libraries (for Red Hat-based distributions, use the command: yum install glibc.i686 libstdc++.i686) and then start the DXL Client service.
NOTE: Debian-based distributions are not currently supported.
1003419 - 1.0.1 n/a
Issue: When a user adds a system to a Tag used in the DXL Topic Authorization, the system does not appear in DXL until the Manager DXL Brokers server task runs. This action occurs once per day by default.

Workaround: To see the system in the Tags, manually run the server task Manager DXL Brokers.
987172 KB83123 1.0.1 n/a
Issue: When you install DXL, the DXL MMS service fails to start if Avecto Privilege Guard is installed.

Resolution: This issue occurs when Avecto Privilege Guard tries to "hook" McAfee processes by loading its own code (a DLL) into the McAfee process. See the related article for issue details and resolution options.
973129   1.0.1 n/a
Issue: The following OpenSSL error message displays in the DXL log file:
[E] OpenSSL Error: error:140940E5:SSL routines:
SSL3_READ_BYTES:ssl handshake failure
Explanation: You can safely ignore the error message. The error occurs because of the way the Java clients ping the DXL Brokers. They perform a socket connect, but do not establish a proper SSL/TLS connection.
n/a = not applicable

Back to top

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.