If you experience problems installing and accessing the Threat Intelligence Exchange module for VirusScan Enterprise, server, or the Data Exchange Layer client, follow these steps:
In McAfee ePO, click Menu | SystemTree, then select the checkbox for the Threat Intelligence Exchange server.
Click Wake Up Agents. On the Wake Up McAfee Agent page, select the checkbox Force complete policy and task update, then click OK. This sends the server properties from the Threat Intelligence Exchange appliance to McAfee ePO.
Verify that this task completed in the server task log.
In the System Tree, click the server name, then click the Products tab. Verify that the following products are listed: • McAfee DXL Broker • McAfee DXL Client • McAfee Threat Intelligence Exchange Server
Click Menu | Automation | ServerTasks and run the task: Apply TIESERVER tags to TIE Server
In the System tree, verify that the TIESERVER tag has been applied to the system.
Click Menu | Automation | ServerTasks and run the task: Manage DXL Brokers
In the System Tree, verify that the DXLBROKER tag has been applied to the system.
After the tags have been successfully applied, click System Tree, select the Threat Intelligence Exchange server, then click Wake Up Agents.
On the Wake Up McAfee Agent page, select the checkbox Force complete policy and task update, then click OK.
Verify that this task completed in the server task log
Click Menu | Configuration | ServerSettings, then click DXL Client for ePO. Verify that the Connection State is Connected.
To verify that the DXL and TIE services are running, on the virtual machine open a Console window, log in and enter service dxlbroker status then enter service tieserver status
You should see both services running.
In the System Tree, select the Threat Intelligence Exchange server and from the Actions menu, click DXL | Lookup in DXL.
Verify that the Connection State is Connected
Threat Intelligence Exchange server: /var/McAfee/tieserver/logs/tieserver.log Threat Intelligence Exchange module for VirusScan Enterprise: %programdata%\McAfee\TIEM Data Exchange Layer Client: %programdata%\McAfee\Data_eXchange_Layer Data Exchange Layer Broker: /var/McAfee/dxlbroker/logs/dxlbroker.log
Reconfiguring using scripts
Scripts are available to reconfigure the Threat Intelligence Exchange server, Data Exchange Layer brokers, and the McAfee Agent.
Accessing the scripts - The scripts are located in the /home/<username> directory. They must be executed with sudo permissions, for example sudo /home/myname/change‑hostname.
Changes the host name of the current DXL broker appliance. It restarts the McAfee Agent and the broker.
Enables or disables the DXL broker. If the broker was initially disabled during first boot, the script prompts for broker configuration information.
Obtains an updated Certificate Authorities chain from ePolicy Orchestrator (ePO) and stores it in the TIE server. This script is included in TIE server 1.3.0 and later.
Sends a new certificate signing request to McAfee ePO and overrides the certificate files at /var/McAfee/tieserver/keystore directory. This script is included in TIE server 1.3.0 and later.
Reconfigures the DXL port.
Reconfigures the McAfee Agent. The agent and DXL broker services are restarted. New keystores are generated when the service starts. See below for full details of the process that occurs after running reconfig-ma:
By design, running reconfig-ma erases the certificates for both DXL and TIE.
MA will take 90-120 seconds to fully start after being reconfigured.
After DXL is started, it will obtain a GUID from MA.
DXL requests certificates using a Data Channel request.
A full props ASCI (agent-server communication interval) is triggered so the DXL broker shows in the products list in ePO.
The Manage DXL Brokers server task runs so the DXL broker gets tagged as a broker and is in policy.
A full props ASCI is triggered so the DXL broker sees itself (and other brokers, as appropriate) in policy.
Send a new Certificate Signing Request to ePO through DXL to obtain the Certificate, Private Key, and Certification Authorities that will be used for authentication. (TIE server 1.3.0 and later only.)
Bridging occurs as defined by policy.
Reconfigures the current network interface (from DHCP to manual, or from manual to DHCP).
Reconfigures the Network Time Protocol servers.
Changes the role of the TIE server. For example, changes the server from a slave to a master, or from a master to a reporter.
Changes the password for database users and other properties. This script is included in TIE server 1.2.1 and later.