Over the weekend following the installation of MS updates thousands of notifications for event ID 37008 "MOVE-OSS is disconnected from TIE Server" were logged in EPO referencing the SVM's that were rebooted. It affected four different SVM's, and one of those did not stop spitting out the notifications until I manually rebooted the server. The affected SVM's are running Move 188.8.131.526 multiplatform, VirusScan 8.8 with Patch 13, McAfee Agent 184.108.40.206. I do not have a SVM Manager, and I do not have TIE functionality enabled in the policy catalog under Shared Cloud Solutions. I'm not sure why rebooting the servers over the weekend would have caused these SVM's to generate eight thousand notifications about the "MOVE-OSS is disconnected from TIE Server" even after the system reboots completed. Is this a known bug? I can't find any KB's about it.
Hi, couple of thoughts
Do you have the VSE TIEM module installed on the SVM ?
If present VSE TIE logs = %programdata%\McAfee\TIEM
Typically review TIEMVE.log first
RDP to the McAfee MOVE AntiVirus SVM system.
System tray, click, select About
Under McAfee Data Exchange Layer, does it confirm DXL Connected Status is "Connected" ?
Kb= How to prevent DXL clients from connecting to a broker after installing McAfee Agent 5.6 . Technical Articles ID: KB91155
I opened a ticket for this issue (Service Requests 4-20164476961) which you can review. The ticket was closed. Since I'm not currently using DXL my only option was to disable Event 37008 in EPO. I was told MOVE engineering is aware of the issue however they consider it a cosmetic logging problem for people using McAfee Agent 220.127.116.11 but not utilizing TIE, and have marked it as a "Will not fix" issue since DXL is becoming more prevalent and is going to be further integrated in future releases.