cancel
Showing results for 
Search instead for 
Did you mean: 

Troubleshooting McAfee Threat Intelligence Exchange

Troubleshoot the Installation

If you experience problems installing and accessing the Threat Intelligence Exchange module for VirusScan Enterprise, server, or the Data Exchange Layer client, follow these steps:

In McAfee ePO, click Menu | System Tree, then select the checkbox for the Threat Intelligence Exchange server.
  a.png
Click Wake Up Agents.  On the Wake Up McAfee Agent page, select the checkbox Force complete policy and task update, then click OK.  This sends the server properties from the Threat Intelligence Exchange appliance to McAfee ePO.

 

b.png


Verify that this task completed in the server task log.

k.png


In the System Tree, click the server name, then click the Products tab. Verify that the following
products are listed:
• McAfee DXL Broker
• McAfee DXL Client
• McAfee Threat Intelligence Exchange Server

 

d.png
 
Click Menu | Automation | Server Tasks and run the task: Apply TIESERVER tags to TIE Server

e.png

In the System tree, verify that the TIESERVER tag has been applied to the system.

f.png


Click Menu | Automation | Server Tasks and run the task: Manage DXL Brokers

g.png

In the System Tree, verify that the DXLBROKER tag has been applied to the system.

  h.png

 
After the tags have been successfully applied, click System Tree, select the Threat Intelligence Exchange server, then click Wake Up Agents.

i.png
 
On the Wake Up McAfee Agent page, select the checkbox Force complete policy and task update, then click OK.

j.png

 
Verify that this task completed in the server task log

k.png
Click Menu | Configuration | Server Settings, then click DXL Client for ePO.  Verify that the Connection State is Connected.

l.png
To verify that the DXL and TIE services are running, on the virtual machine open a Console window, log in and enter service dxlbroker status then enter service tieserver status

You should see both services running.

m.png
In the System Tree, select the Threat Intelligence Exchange server and from the Actions menu, click DXL | Lookup in DXL.

n.png

Verify that the Connection State is Connected 
o.png

 

Logfiles

 

Threat Intelligence Exchange server: /var/McAfee/tieserver/logs/tieserver.log
Threat Intelligence Exchange module for VirusScan Enterprise: %programdata%\McAfee\TIEM
Data Exchange Layer Client: %programdata%\McAfee\Data_eXchange_Layer
Data Exchange Layer Broker: /var/McAfee/dxlbroker/logs/dxlbroker.log

 

Reconfiguring using scripts


Scripts are available to reconfigure the Threat Intelligence Exchange server, Data Exchange Layer brokers, and the McAfee Agent.

Accessing the scripts - The scripts are located in the /home/<username> directory. They must be executed with sudo permissions, for example sudo /home/myname/change‑hostname.

 

Script Name Description Reboot?
change-hostname Changes the host name of the current DXL broker appliance. It restarts the McAfee Agent and the broker. Recommended
change-services Enables or disables the DXL broker.
If the broker was initially disabled during first boot, the script prompts for broker configuration information.
No
reconfig-ca Obtains an updated Certificate Authorities chain from ePolicy Orchestrator (ePO) and stores it in the TIE server. This script is included in TIE server 1.3.0 and later. No
reconfig-cert Sends a new certificate signing request to McAfee ePO and overrides the certificate files at /var/McAfee/tieserver/keystore directory. This script is included in TIE server 1.3.0 and later. No
reconfig-dxl Reconfigures the DXL port. No
reconfig-ma Reconfigures the McAfee Agent.
The agent and DXL broker services are restarted. New keystores are generated when the service starts. See below for full details of the process that occurs after running reconfig-ma: 
  1. By design, running reconfig-ma erases the certificates for both DXL and TIE.
  2. MA will take 90-120 seconds to fully start after being reconfigured.
  3. After DXL is started, it will obtain a GUID from MA.
  4. DXL requests certificates using a Data Channel request.
  5. A full props ASCI (agent-server communication interval) is triggered so the DXL broker shows in the products list in ePO.
  6. The Manage DXL Brokers server task runs so the DXL broker gets tagged as a broker and is in policy.
  7. A full props ASCI is triggered so the DXL broker sees itself (and other brokers, as appropriate) in policy.
  8. Send a new Certificate Signing Request to ePO through DXL to obtain the Certificate, Private Key, and Certification Authorities that will be used for authentication. (TIE server 1.3.0 and later only.)
  9. Bridging occurs as defined by policy.
Recommended
reconfig-network Reconfigures the current network interface (from DHCP to manual, or from manual to DHCP). Required
reconfig-ntp Reconfigures the Network Time Protocol servers. No
reconfig-tie Changes the role of the TIE server. For example, changes the server from a slave to a master, or from a master to a reporter. No
update-sensitive-property.sh Changes the password for database users and other properties. This script is included in TIE server 1.2.1 and later. No
Labels (1)
Tags (2)
Contributors
Version history
Revision #:
2 of 2
Last update:
‎03-15-2018 01:23 PM
Updated by:
 

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community