2 Replies Latest reply on Sep 23, 2016 3:39 AM by gpickers

    TIE Server Installation hangs at 'Waiting for TIE Handshake'


      Hello Community,


      I have experienced some issues this week with deploying TIE in an ePO 5.3.2 managed environment.

      When attempting to deploy the TIE Master Server (from either OVA or ISO) it hang s at the 'Waiting for TIE handshake' stage.


      If we interrupt the installation and reboot the system, we can reconfigure the Linux agent and get the handshake to pass however it appears the certificates are not being transferred correctly.

      For some reason this also seems to stop the Postgresql database from running.

      We can see the DXL broker under DXL Fabric in the ePO, however the McAfee Agent properties in the System Tree are reporting the DXL Status as 'not connected'.


      We have troubleshooted network connectivity between the TIE server and the ePO and there are no issues.

      McAfee Agent wake-ups are successful.


      There are no network/endpoint firewalls handling communication between ePO and TIE Master Server.


      Has anyone experienced similar issues/found a work around for deploying TIE in an ePO 5.3.2 managed environment?


      --------------- Progress Update ------------------


      The TIE server appears to be struggling to perform the Certificate Signing request with the ePO server.


      This is evident from reconfig-cert which appears to hang at sending the Certificate Signing request.

      Additionally when registering the TIE server in ePO the error displayed is: 'SSL Error: Certificate not verified'.


      Kind regards,



        • 1. Re: TIE Server Installation hangs at 'Waiting for TIE Handshake'


          from my side of information this is made by design. The TIE server has a TIE Server Service and a DXL Broker service installed, but no DXL Client.

          - you can see the System under The Data Exchange Layer Fabric because DXL Broker service is running.

          - You can manage the TIE Reputations because any other stuff is okay and the EPO DXL Client is able to do a certificate based authentication on the TIE Database.

          BTW, for bigger installations do not use the DXL Broker Service from TIE, you should use DXL Broker Appliances (own OVA).

          Hope this helps,


          1 of 1 people found this helpful
          • 2. Re: TIE Server Installation hangs at 'Waiting for TIE Handshake'

            Hi Troja,


            Turns out it was a problem with the TIE 1.3 extension, couldn't identify exactly why but we removed and checked the extension into ePO again and the handshake with the TIE master server completed correctly.


            Thanks for the advice, will keep it in mind.