Happy New Year!<\/p>\n
If you are an exchange admin you may want to check out the notice from Microsoft. But you probably already have considering it started in the beginning of the new year: Email Stuck in Exchange On-premises Transport Queues – Microsoft Tech Community<\/a><\/p>\n So you probably already implemented this fix.<\/p>\n We have now created a solution to address the problem of messages stuck in transport queues on Exchange Server 2016 and Exchange Server 2019 because of a latent date issue in a signature file used by the malware scanning engine within Exchange Server.\u00a0Customer action is required to implement this solution.<\/strong>\u00a0When the issue occurs, you\u2019ll see errors in the Application event log on the Exchange Server, specifically event 5300 and 1106 (FIPFS), as illustrated below:<\/p>\n Edge Transport servers are unaffected by this issue. You can run this script on multiple servers in parallel. After the script has completed, you will see the following output:<\/p>\n In lieu of using the script, customers can also manually perform steps to resolve the issue and restore service. To manually resolve this issue, you must perform the following steps on each Exchange mailbox server in your organization that downloads antimalware updates. Edge Transport servers are unaffected by this issue.<\/p>\n Verify the impacted version is installed Remove existing engine and metadata<\/strong> Update to latest engine<\/strong> Verify engine update info<\/strong> After updating the engine, we also recommend that you verify that mail flow is working and that FIPFS error events are not present in the Application event log.<\/p>\n If you want to know why this happened here’s a answer from the comments:<\/p>\n John_C_Kirk – “This wasn’t due to a change on 31st Dec. The problem is caused by an integer overflow error: the anti-malware component is converting the date\/time into “YYMMDDHHMM” format and storing it as a signed 32-bit number (max value\u00a02147483648). So, in Dec 2021, the number would start with “2112…” (below the threshold). In Jan 2022, the number would start with “2201…” (above the threshold).”<\/p>\n Two Thumbs up on implementation.<\/p>\n","protected":false},"excerpt":{"rendered":" Happy New Year! If you are an exchange admin you may want to check out the notice from Microsoft. But you probably already have considering it started in the beginning of the new year: Email Stuck in Exchange On-premises Transport Queues – Microsoft Tech Community So you probably already implemented this fix. We have now … <\/p>\nLog Name: Application \r\nSource: FIPFS \r\nLogged: 1\/1\/2022 1:03:42 AM \r\nEvent ID: 5300 \r\nLevel: Error \r\nComputer: server1.contoso.com\r\nDescription: The FIP-FS \"Microsoft\" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert \"2201010001\" to long.<\/pre>\n
Log Name: Application \r\nSource: FIPFS \r\nLogged: 1\/1\/2022 11:47:16 AM \r\nEvent ID: 1106 \r\nLevel: Error \r\nComputer: server1.contoso.com \r\nDescription: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.<\/pre>\n
<\/span>Using the Automated Solution<\/span><\/span><\/h2>\n
\n
[PS] C:\\Program Files\\Microsoft\\Exchange Server\\V15\\Scripts>.\\Reset-ScanEngineVersion.ps1\r\nEXCH1 Stopping services...\r\nEXCH1 Removing Microsoft engine folder...\r\nEXCH1 Emptying metadata folder...\r\nEXCH1 Starting services...\r\nWARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...\r\nWARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...\r\nWARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...\r\nWARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...\r\nWARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...\r\nEXCH1 Starting engine update...\r\nRunning as EXCH1-DOM\\Administrator.\r\n--------\r\nConnecting to EXCH1.CONTOSO.com.\r\nDispatched remote command. Start-EngineUpdate -UpdatePath http:\/\/amupdatedl.microsoft.com\/server\/amupdate<\/a>\r\n--------\r\n[PS] Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.\r\n--------\r\n[PS] C:\\Program Files\\Microsoft\\Exchange Server\\V15\\Scripts>Get-EngineUpdateInformation\r\n<\/strong>\r\nEngine \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : Microsoft<\/strong>\r\nLastChecked <\/strong>\u00a0 \u00a0 \u00a0\u00a0: 01\/01\/2022 08:58:22 PM -08:00<\/strong>\r\nLastUpdated <\/strong>\u00a0 \u00a0 \u00a0\u00a0 : 01\/01\/2022 08:58:31 PM -08:00<\/strong>\r\nEngineVersion \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : 1.1.18800.4<\/strong>\r\nSignatureVersion \u00a0\u00a0\u00a0\u00a0 : 1.355.1227.0<\/strong>\r\nSignatureDateTime \u00a0\u00a0\u00a0 : 01\/01\/2022 03:29:06 AM -08:00<\/strong>\r\nUpdateVersion \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 : 2112330001 (note: higher version number starting with 211233... is also OK)<\/strong>\r\nUpdateStatus <\/strong>\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0: UpdateAttemptSuccessful<\/strong><\/pre>\n
<\/span>Using the Manual Solution<\/span><\/span><\/h2>\n
\n<\/strong>Run Get-EngineUpdateInformation and check the UpdateVersion information. If it starts with “22…” then proceed. If the installed version starts with “21…” you do not need to take action.<\/p>\n
\n1. Stop the Microsoft Filtering Management service.\u00a0 When prompted to also stop the Microsoft Exchange Transport service, click Yes.
\n2. Use Task Manager to ensure that updateservice.exe is not running.
\n3. Delete the following folder: %ProgramFiles%\\Microsoft\\Exchange Server\\V15\\FIP-FS\\Data\\Engines\\amd64\\Microsoft.
\n4. Remove all files from the following folder: %ProgramFiles%\\Microsoft\\Exchange Server\\V15\\FIP-FS\\Data\\Engines\\metadata.<\/p>\n
\n1. Start the Microsoft Filtering Management service and the Microsoft Exchange Transport service.
\n2. Open the Exchange Management Shell, navigate to the Scripts folder (%ProgramFiles%\\Microsoft\\Exchange Server\\V15\\Scripts), and run\u00a0Update-MalwareFilteringServer.ps1 <server FQDN><\/em>.<\/p>\n
\n1. In the Exchange Management Shell, run\u00a0Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell<\/em>.
\n2. Run\u00a0Get-EngineUpdateInformation<\/em>\u00a0and verify the UpdateVersion information is 2112330001 (or higher)<\/p>\n