Email Stuck in Exchange On-premises Transport Queues

Published Jan 01 2022 11:39 AM 628K Views

We have addressed the issue causing messages to be stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019. The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself. This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.

We have now created a solution to address the problem of messages stuck in transport queues on Exchange Server 2016 and Exchange Server 2019 because of a latent date issue in a signature file used by the malware scanning engine within Exchange Server. Customer action is required to implement this solution. When the issue occurs, you’ll see errors in the Application event log on the Exchange Server, specifically event 5300 and 1106 (FIPFS), as illustrated below:

Log Name: Application 
Source: FIPFS
Logged: 1/1/2022 1:03:42 AM
Event ID: 5300
Level: Error
Computer: server1.contoso.com
Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long.
Log Name: Application 
Source: FIPFS
Logged: 1/1/2022 11:47:16 AM
Event ID: 1106
Level: Error
Computer: server1.contoso.com
Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.

Using the Automated Solution

  • Download the script here: https://aka.ms/ResetScanEngineVersion 
  • Before running the script, change the execution policy for PowerShell scripts by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
  • Run the script on each Exchange mailbox server that downloads antimalware updates in your organization (use elevated Exchange Management Shell).

Edge Transport servers are unaffected by this issue. You can run this script on multiple servers in parallel. After the script has completed, you will see the following output:

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1
EXCH1 Stopping services...
EXCH1 Removing Microsoft engine folder...
EXCH1 Emptying metadata folder...
EXCH1 Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
EXCH1 Starting engine update...
Running as EXCH1-DOM\Administrator.
--------
Connecting to EXCH1.CONTOSO.com.
Dispatched remote command. Start-EngineUpdate -UpdatePath http://amupdatedl.microsoft.com/server/amupdate
--------
[PS] Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.
--------
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-EngineUpdateInformation

Engine                : Microsoft

LastChecked       : 01/01/2022 08:58:22 PM -08:00
LastUpdated        : 01/01/2022 08:58:31 PM -08:00
EngineVersion         : 1.1.18800.4
SignatureVersion      : 1.355.1227.0
SignatureDateTime     : 01/01/2022 03:29:06 AM -08:00
UpdateVersion         : 2112330001 (note: higher version number starting with 211233... is also OK)
UpdateStatus          : UpdateAttemptSuccessful

Using the Manual Solution

In lieu of using the script, customers can also manually perform steps to resolve the issue and restore service. To manually resolve this issue, you must perform the following steps on each Exchange mailbox server in your organization that downloads antimalware updates. Edge Transport servers are unaffected by this issue.

Verify the impacted version is installed
Run Get-EngineUpdateInformation and check the UpdateVersion information. If it starts with "22..." then proceed. If the installed version starts with "21..." you do not need to take action.

Remove existing engine and metadata
1. Stop the Microsoft Filtering Management service.  When prompted to also stop the Microsoft Exchange Transport service, click Yes.
2. Use Task Manager to ensure that updateservice.exe is not running.
3. Delete the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\amd64\Microsoft.
4. Remove all files from the following folder: %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\metadata.

Update to latest engine
1. Start the Microsoft Filtering Management service and the Microsoft Exchange Transport service.
2. Open the Exchange Management Shell, navigate to the Scripts folder (%ProgramFiles%\Microsoft\Exchange Server\V15\Scripts), and run Update-MalwareFilteringServer.ps1 <server FQDN>.

Verify engine update info
1. In the Exchange Management Shell, run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.
2. Run Get-EngineUpdateInformation and verify the UpdateVersion information is 2112330001 (or higher)

After updating the engine, we also recommend that you verify that mail flow is working and that FIPFS error events are not present in the Application event log.

FAQ

I'm not sure if this issue affects my organization. How do I find out?
Run the latest release of the HealthChecker script (https://aka.ms/ExchangeHealthChecker) on every Exchange server in your organization and check for the FIP-FS warning which will be shown if your server is affected and further actions are required.

Is the solution for this problem automated?
Implementation of the solution requires customer actions, and it will take some time to make the necessary changes, download the updated files, and clear the transport queues. Actions can be automated with the scan engine reset script from https://aka.ms/ResetScanEngineVersion or they can be performed manually. Whether you perform the steps automatically or manually, they must be performed on every on-premises Exchange 2016 and Exchange 2019 server in your organization. If you use the automated script, you can run it on multiple servers in parallel.

How long will running of automated script take?
Depending on the size of your organization, the script might take some time to run; please be patient.

How long will it take to clear up the queues after the script has been run?
Depending on the number of messages that were queued up and the amount of new messages transport has to process, the time might vary. Please be patient and monitor those queues are draining (number of messages are decreasing) by using Get-queue command.

We are in Exchange Hybrid environment. What do we need to do?
If you are using your on-premises Exchange server to send email (for example using Centralized Mailflow or sending messages from on-premises devices), please follow this blog post and use the script to change configuration on your on-premises servers used for email transport. If you are using Exchange on-premises only for management of Exchange recipients, you do not need to take any action.

What are the services that the script is stopping?
The following services will be restarted: Microsoft Filtering Management and Microsoft Exchange Transport.

We have temporarily disabled antimalware. Should it be enabled after following this blog post?
If you have temporarily disabled the antimalware service, you should enable it after you have followed this blog post (use the Enable-AntimalwareScanning.ps1 script). The solution described in this post is a full solution for this problem and will result in transport queues clearing and antimalware engine working as expected.

The version of the updated scan engine starts with 2112330001 (or higher); is this right? Should we be concerned that it seems to reference a date that does not exist?
The newly updated scanning engine is fully supported by Microsoft. While we need to work on this sequence longer term, the scanning engine version was not rolled back, rather it was rolled forward into this new sequence. The scanning engine will continue to receive updates in this new sequence.

What if my Exchange servers do not have access to the Internet?
If your Exchange mailbox servers do not download antimalware updates from the Internet, you do not need to perform any manual action. In that case, the servers have not been downloading antimalware updates to begin with, and the problem described here will not exist.

We have an Exchange 2013 server and while there are no crashes, I see the server has the problem engine version starting with "22...". What should we do?
Exchange Server 2013 is not impacted by transport crashes so there will be no buildup of email in transport queues. If your Exchange 2013 server took the antimalware update and it is now on version starting with "22..." you should use the automated or manual steps in this blog post to get your server on an engine version "21..." to continue getting the antimalware updates. Update 1/11/2022: Exchange 2013 customers - before running the script, please check if the engine got updated automatically to version 21... additional mechanism exists that updates the engine to the latest version and by now, your Exchange 2013 servers should have auto-corrected the version.

Script generates error “WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize” metadata. Please try to run the cmdlet again later.
For the Exchange servers accessing Internet via proxy:

  • Launch Exchange Management Shell
  • Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell
  • Set-ProxySettings -Enabled $true -Server <ProxyServer> -Port <proxy.port>
  • Re-run the script

If still not resolved:

  • Copy msvcr110.dll from c:\windows\system32 to %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Bin and %ProgramFiles%\Microsoft\Exchange Server\V15\Bin
  • Restart the Exchange server
  • Re-run the script

I have many Exchange servers in my environment; is there a way to locally distribute the definition files?

  • Use the steps in this article and download update files to a server. Example: Update-Engines.ps1 -EngineDirPath C:\ScanEngineUpdates\
  • Share the folder on which the update files were copied, for example \\server1\amware
  • Run the following command on all remaining servers that need to copy the update files: Set-MalwareFilteringServer -PrimaryUpdatePath \\server1\amware -Identity mail1.contoso.com
  • Re-run the reset scan engine script on all the servers.

 

Major changes to this blog post:

  • 1/11: Added more information to Exchange 2013 FAQ regarding engine auto-update
  • 1/4: Added a FAQ on how to find impacted servers using Health Checker script
  • 1/3: Added a FAQ for local distribution of updates within the organization
  • 1/3: Added a FAQ related to Proxy configuration and script error
  • 1/3: Added a FAQ for Exchange 2013 servers
  • 1/3: Addition of Add-PSSnapin to automated process; various other smaller changes
  • 1/2: Clarified the exact process to run the automated script solution; various other smaller changes and clarifications
  • 1/2: Added the FAQ section to the blog post
  • 1/1: Major update mentioning our manual and scripted solution for this problem; disablement of Antimalware service as a workaround has been removed
  • 1/1: Original release

The Exchange Team

161 Comments
Senior Member

@Ricardo Costa da Silva Thanks I will try restarting once things settle down a bit...

 

Senior Member

@Nino Bilic  Thank you for the info.

 

@MSchwe do not utilize any kind of proxy service, our servers are permanently banned from connecting to Internet. ( I guess for the safety of the servers :) )

 

Visitor

@AhmadBilal  Yes we did multiple restarts to confirm. We tried the manuel steps before and after placing the dll file. I can confirm, that the folders

 

"D:\ExchangeServer\FIP-FS\Data\Engines\amd64" does not contain a folder named "Microsoft"

"D:\ExchangeServer\FIP-FS\Data\Engines\metadata" is empty

 

Before running the engine update we confirmed that the services "FMS" and "MSExchangeTransport" are running

 

Both the manual steps and the automatic script fail at the point of updating the engine, with the error:

 

Unable to process update request because engine metadata is not available. Attempting to synchronize
metadata. Please try to run the cmdlet again later.

 

Any ideas?

New Contributor

Microsoft,

 

First off thank you all for coming up with quick workarounds and a solution to this unfortunate issue.  It has been a long year of emergency fixes/security patches for Exchange.

 

This brings up the question about the retirement of Exchange hybrid servers.  We've heard for a very long time of a future replacement for Exchange hybrid so we don't have to maintain an on-premise Exchange server which is required for O365 support with Azure AD Connect.    We are tired of patching these hybrid servers and we see customers retiring such servers even though they move to an "unsupported" state.

 

When will there be another supported way to manage Exchange attributes on-premise and a substitute to more easily allow systems/devices to relay off an internal email server?

 

It is long overdue Microsoft and hoping someone from the Exchange team can comment on the plans to simplify our IT lives so we don't have have to upgrade/patch Exchange hybrid servers every 2 to 6 months to stay in support and stay secure.

 

thank you,

Larry Heier

Regular Visitor

Download errors observed - notice the difference in time stamps of engine updates and in UpdateVersions post-update (on my first run) what is on the system and what is available online:

 

<...>
--------
Attempted to divide by zero.
At C:\Reset-ScanEngineVersion.ps1:102 char:25
+ ... $percentComplete = ($transfer.BytesTransferred * 100 / $t ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], RuntimeException
+ FullyQualifiedErrorId : RuntimeException

[PS] C:\>
[PS] C:\>Get-EngineUpdateInformation


Engine : Microsoft
LastChecked : 01/03/2022 01:01:14 PM -05:00
LastUpdated : 01/01/2022 03:03:04 AM -05:00
EngineVersion : 1.1.18800.4
SignatureVersion : 1.355.1224.0
SignatureDateTime : 12/31/2021 08:03:32 PM -05:00
UpdateVersion : 2201010004
UpdateStatus : UpdateAttemptNoUpdate


[PS] C:\>

 

Rerunning the script:

 

<...>
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R

<server-name> UpdateVersion: 2112330003
<server-name> This server is not impacted. Add -Force to proceed anyway.


Oh yes, it is.


[PS] C:\>.\Reset-ScanEngineVersion.ps1 -force


<server-name> Downloading scan engines
0 / 0
[oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo]


I can see where the Divide by zero error is coming from when download was timing out.


<server-name> Downloading scan engines
0 / 179030563
[                                                                ]

 

And then download restarted at around 11,4xx,xxx out of 179,xxx,xxx engine updates on the counter.

Check your UpdateVersion after update run for LastChecked and LastUpdated to match, and your UpdateVersion to be at least 2112330003.

 

Visitor

This "fix" has worked on the messages trapped and undelivered in the queues, but none of my mobile users are receiving Email to their Outlook mobile apps. Is there another "fix" for that? All users could send and receive mail on Outlook mobile before the incident that caused the mail queue transport failure.

Microsoft

@Marcus0115 Sending / receiving email from Outlook mobile clients is completely unrelated to this issue, as far as I know. What we are talking about is that the transport queues on servers get backed up because transport service crashes.

Visitor

We came back from vacation to realize we had no emails since 01/01/2022. We're executing the script and doing the update now. Hopefully, we'll be back running this afternoon.

Occasional Contributor

We have a hybrid server being used only for SMTP relaying for on premise devices such as scanners, as well as object/attribute management.

 

Checking our version, we look to be on something really old (1603190004).

We therefore don't look to be having any issues with mail flow, but given the version, I'm not sure if;

A. The AV engine is even relevant in our scenario

B. We should follow the guidance to apply this fix and update our version

 

Thanks

James

Established Member

Can we expect a formal patch anytime soon?  Or is this workaround going to be the only solution going forward?

Microsoft

@Eds1989 Which version of server is this? Bottom line is - if you are not seeing crashes and you do not have the version starting with 22... on Exchange 2013, then you do not need to worry about this.

@Ericwa999 This is considered a "permanent solution". We plan to eventually address the sequence (this will take time) but using the antimalware with version 211233... is the way forward. That is the only version that will keep getting antimalware updates.

Occasional Visitor

For anyone getting the error "Cannot stop process" in relation to the updateservice.exe located in the FIP-FS. The solution for me was to make sure the account I was using had "Debug programs" rights under the Local Group Policy, otherwise the process will not terminate and the script fails to run.

Occasional Contributor

@Nino Bilic It's Exchange 2016.

If the scanning engine is involved even during simple SMTP relaying, it feels like I should probably follow the mitigation steps, so we get a more up to date version of the engine but also avoid this issue after an update?

 

Cheers

James

Occasional Visitor

We have mail flow monitoring and we didn't get any alert.  I do see some 5300/1106 errors on 12/31/2021 but nothing after that and the queues look good.    We disabled the malware agent, so the problem should not affect us?   Do we need to do anything manually or the Microsoft will soon push out the fix from the update?

[PS] C:\windows\system32>Get-transportagent

Identity Enabled Priority
-------- ------- --------
ScanMail Routing Agent True 1
ScanMail SMTP Receive Agent True 2
Transport Rule Agent True 3
DLP Policy Agent True 4
Retention Policy Agent True 5
Supervisory Review Agent True 6
Malware Agent False 7
Text Messaging Routing Agent True 8
Text Messaging Delivery Agent True 9
System Probe Drop Smtp Agent True 10
System Probe Drop Routing Agent True 11

Frequent Visitor

After installing new antimalware engine and enable antimalware scanning with script enable-antimalwarescanning.ps1 I have to restart Microsoft Filtering Management Service and MSExchangeTransport Service. This solved my problem with stucking emails in queue.

YOU WILL GET A TIMEOUT IF YOU DO NOT USE THESE COMMANDS.

 

copy the Reset-ScanEngineVersion.ps1 into the folder C:\Program Files\Microsoft\Exchange Server\V15\Scripts
Run as Administrator Power Shell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
cd "C:\Program Files\Microsoft\Exchange Server\V15\Scripts"
.\Reset-ScanEngineVersion.ps1

Should look like this when you type it:
C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1

 

 

Occasional Contributor
 
 

Same problem here.   Exchange 2016 hybrid setup with centralized transport enabled.

The filtering service is stopping with the presented error but my mail flow is not impacted. The service will start but then stops about 5 minutes later.

 

We are using a third party scanning service on the on-premises so that is why I am thinking my mail queues are not impacted.

 

What did you end up doing? 

 

Occasional Visitor

I have a client with a DAG of two servers, I applied the Fix,  re-enable the Malware agent, and have a lot of errors related,  the emails get stucks in submission queue like for 15 minutes then finally released, so i think the fix really isn´t fixing the all problem, still i see a lot of FIPFS and antimalware errores in the event viewer, i did roll back and disable the malware agent again an the server goes back to normal performance.

 

MS need to go deep on this and release a fix the really solve the issue.

This was my fix that was the alternative fix.  - I have the way to reverse it too.  REPLACE SERVERNAME.DOMAIN.LOCAL WITH YOUR FQDNSERVERNAME

We used AppRiver for an email filter and did not use the Microsoft Spam filter in addition to the filtering process.  Test it and undo it if this does not work for you.

To break local email filtering do this, but it allows the emails to come through because the emails contain a date that cannot be recognized after 12312021

Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $true
Restart-Service MSExchangeTransport


To put it back do this
Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $false
Restart-Service MSExchangeTransport

 

This was my fix that was the alternative fix.  - I have the way to reverse it too.  REPLACE SERVERNAME.DOMAIN.LOCAL WITH YOUR FQDNSERVERNAME

We used AppRiver for an email filter and did not use the Microsoft Spam filter in addition to the filtering process.  Test it and undo it if this does not work for you.

To break local email filtering do this, but it allows the emails to come through because the emails contain a date that cannot be recognized after 12312021

Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $true
Restart-Service MSExchangeTransport


To put it back do this
Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $false
Restart-Service MSExchangeTransport

Occasional Visitor

I found issue causing messages to be stuck in queues 2k more items
my site effected on Jan 3/2022 around 3 pm.

I follow  Using the Automated Solution

Problem has been resolved.

Thank you

 

rkghothotmailcom are you using anti-malware based transport rule by any chance? If yes, check if disabling such transport rule helps

Occasional Visitor

I tried the Automated Solution 

 

Using the Automated Solution

  • Download the script here: https://aka.ms/ResetScanEngineVersion 
  • Before running the script, change the execution policy for PowerShell scripts by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
  • Run the script on each Exchange mailbox server that downloads antimalware updates in your organization (use elevated Exchange Management Shell).

Edge Transport servers are unaffected by this issue. You can run this script on multiple servers in parallel. After the script has completed, you will see the following output:

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1
EXCH1 Stopping services...
EXCH1 Removing Microsoft engine folder...
EXCH1 Emptying metadata folder...
EXCH1 Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
EXCH1 Starting engine update...
Running as EXCH1-DOM\Administrator.
--------

Connecting to EXCH1.CONTOSO.com.
Dispatched remote command. Start-EngineUpdate -UpdatePath http://amupdatedl.microsoft.com/server/amupdate
--------

till this step and I didn't apply this command
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-EngineUpdateInformation
but it works for me and the exchange send and receive now

many thanks
Occasional Contributor

After restarting both the services:

 

- Microsoft Filtering Management

- Microsoft Exchange Transport

 

It still didn’t work (even after waiting 15 minutes).

 

After restarting the Exchange Server it worked.

 

This post helped me:

https://www.alitajran.com/exchange-mail-flow-breaks/

New Contributor

Disable-AntimalwareScanning.ps1 has been used on all servers to make the mail flow. In the download script, I do not see a function referencing enable-antimauwarescaning.ps1. Is it necessary to enable the Antimalware Scanning with Enable-AntimalwareScanning.ps1 first before applying the downloads patch script? 

Regular Visitor

@azuser We did the same here and as far as I can see you need to run the enable script to re-enable antimalware scanning. I ran the downloaded reset script to resolve the issue first and then ran the enable-antimalware after just to be sure. I then also had to manually restart the transport service. Beware the enable script appears to cause a re-download of the signatures in the background and so sits with no output for a good 30 mins. 

Senior Member

Hi team,

If on server execution policy was set to unrestricted, then I got 2 errors.

Would you please assist, if it was ok to have this policy and why I got 2nd error:

You cannot call a method on a null-valued expression. (on line 32)

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1
******server****** UpdateVersion: 2201010001
******server****** Stopping MSExchangeTransport, FMS, and updateservice...
******server****** Removing Microsoft engine folder...
******server****** Emptying metadata folder...
******server****** Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
******server****** Starting engine update...
Running as *****
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by
a policy defined at a more specific scope.  Due to the override, your shell will retain its current effective
execution policy of Unrestricted. Type "Get-ExecutionPolicy -List" to view your execution policy settings. For more
information please see "Get-Help Set-ExecutionPolicy".
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Update-MalwareFilteringServer.ps1:85 char:34
+ ... Invoke-Command -ScriptBlock {Set-ExecutionPolicy RemoteSigned}  -Erro ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException
    + FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
--------
Connecting to ******server******.*****.
Dispatched remote command. Start-EngineUpdate -UpdatePath http://amupdatedl.microsoft.com/server/amupdate
--------
You cannot call a method on a null-valued expression.
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Reset-ScanEngineVersion.ps1:110 char:25
+                     if ($null -ne $transfer.BytesTotal -and
+                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-EngineUpdateInformation


Engine            : Microsoft
LastChecked       : 01/04/2022 10:50:13 AM +02:00
LastUpdated       : 01/04/2022 10:50:24 AM +02:00
EngineVersion     : 1.1.18800.4
SignatureVersion  : 1.355.1377.0
SignatureDateTime : 01/03/2022 11:36:20 PM +02:00
UpdateVersion     : 2112330013
UpdateStatus      : UpdateAttemptSuccessful

 

 

 

 

Senior Member

@Andrejs Soboļevs 

In line 26 there is a PermissionDenied

Do you run the EMS in elevated mode?

 

Frequent Visitor
I continue to have problems with my server exchange 2019.

After running the fix, even though everything went well, you still don't get mail.
I am able to send to both internal and external users but I cannot receive from external contacts. Mail stops in the queue and cannot be distributed to individual mailboxes

I don't know what to feel anymore. The version of the malware update is the latest available to date.

This is error relayed in logs file:
Message or connection acked with status Fail and response 554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain internalproxy -> DnsDomainDoesNotExist: InfoDomainNonexistent
451 4.7.0 Temporary server error. Please try again later. PRX2

Can you help me?

smart81_0-1641321177074.png

 

Senior Member

@HansH yes, in elevated. Only execution policy is managed via GPO and set to unrestricted. Therefore ran it as is.

Visitor

We got our servers running back to normal yesterday, only one of the laptops had to remove the exchange email account and reapply it. All PCs are fully functional now. 

Senior Member

@Andrejs Soboļevs 

If you run the following command after the script stops, does the cmdlet retuns anything?

Get-BitsTransfer -AllUsers | Where-Object { $_.DisplayName -like "Forefront_FPS*" }
Frequent Visitor

I tried both automate solution and manual solution, but on one server I still got the error “WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize” 

We do not use Proxy.

Copy System32 msvcr110.dll in the 2 Exchange folders does not change anything, after a server restart, I still got exactly same error during update attempt.

 

Did anybody encountered same issue ?

 

Frequent Visitor

I stop the anti-malware and messages are working well.

Open exchange shell in elevated

 

I tried to update the engine and not solve it yet, the process"updateservice" not stop, access denied.

 

 

 

Senior Member

@HansH 

I think it is already too late to run this, since I ran script once and it did the job. Event log did not contain anymore those error messages for events:

  • 5300, FIPFS;
  • 1106, FIPFS.

This is how it looked like in my scenario.

pic.png

New Contributor

Script generates error “WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize” metadata. Please try to run the cmdlet again later.

 

  • Copy msvcr110.dll from c:\windows\system32 to %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Bin and %ProgramFiles%\Microsoft\Exchange Server\V15\Bin
  • Restart the Exchange server
  • Re-run the script

I do not have a proxy and this does not work.

 

I have downloaded the files to a local drive and tried and also get the same error even when running on elevated prompt.

 

I am not alone looking at above, has anyone got a solution other than bypassing by disabling the antispam.

 

Exchange 2019

 

Regular Visitor

Getting this error on one of my Exchange 2016 servers, whether I use the automated script or run Update-MalwareFilteringServer.ps1 manually.  I'm using an elevated PowerShell running as Domain Admin and member of Organization Management, and my execution policy is RemoteSigned.

C:\Program Files\Microsoft\Exchange Server\V15\scripts\Update-MalwareFilteringServer.ps1 : Error starting the anti-malware engine update.
At line:1 char:1
+ .\Update-MalwareFilteringServer.ps1 -Identity myserver.mydomain. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Update-MalwareFilteringServer.ps1

Suggestions?

 

Update: after the server sat for a while, Get-EngineUpdateInformation starting showing valid definitions, but the update command never did complete without error.  I re-enabled the "Malware Agent" transport agent, which I had disabled to restore mail flow Monday, and everything seems OK.

Frequent Visitor

Somebody get @GRauth a beer please! Thank you!
I've been fiddling with this for quite a while now - neither the Reset-Script nor the manual steps were working out, as "Update-MalwareFilteringServer.ps1" kept failing no matter what I did.
GRauth's instructions saved my day, and frankly that happens way too often: MS instructions get you nowhere so you turn to the community to get s*** fixed.

Senior Member

This patch revolves the issue. Thanks.

Established Member

I am running Exchange Server 2016 On Premise. I went through the manual steps for the fix. My UpdateVersion is 2112330003. When I run the script Enable-AntiMalwareScanning.PS1 and restart the MSExchangeTransport the messages start building in the queue again. What am I missing?

New Contributor

Still stuck with this

Script generates error “WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize” metadata. Please try to run the cmdlet again later.

 

  • Copy msvcr110.dll from c:\windows\system32 to %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Bin and %ProgramFiles%\Microsoft\Exchange Server\V15\Bin
  • Restart the Exchange server
  • Re-run the script

I do not have a proxy and this does not work.

 

I have downloaded the files to a local drive and tried and also get the same error even when running on elevated prompt.

 

I am not alone looking at above, has anyone got a solution other than bypassing by disabling the antispam.

 

I also get this when I run 

$env:ExchangeInstallPath\Scripts\Enable-AntimalwareScanning.ps1

WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize metadata. Please try to run
the cmdlet again later.
Get-ValidEngines : Could not open local universal manifest
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Enable-AntimalwareScanning.ps1:47 char:1
+ Get-ValidEngines | ForEach-Object { if($_.Categories[0] -eq "Antiviru ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ValidEngines], EngineMetadataException
+ FullyQualifiedErrorId : Microsoft.Forefront.EngineUpdates.Service.EngineMetadataException,Microsoft.Forefront.Filtering.Management.P
owerShell.Commands.GetValidEngines

 

Someone must know how to fix this, it only happens on a fully updated Exchange 2019?

 

All the Exchange 2016 servers worked fine

 

@The_Exchange_Team help

Thanks

 

Senior Member

What script is this referring to when it says "use the Enable-AntimalwareScanning.ps1 script"? I don't see any scripts like that in my bin directory. 

Frequent Visitor

@Gregory Jones 
It's here: "C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Enable-AntimalwareScanning.ps1"

Senior Member

I am also getting the following error running in Exchange management shell ,remotely signed as an admin when running the automated script :-

 

 RNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
MAIL Starting engine update...
Running as ****or.
--------
Connecting to *****.

 

C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Update-MalwareFilteringServer.ps1 : Error starting the
anti-malware engine update.
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Reset-ScanEngineVersion.ps1:101 char:13
+ & $updateScriptPath @p
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Update-MalwareFilteringServer.ps1

 

Any  ideas would be greatly received.

Occasional Contributor

@no1welshboyo

 

Try to execute the script manually. You can find the Script under "C:\Program Files\Microsoft\Exchange Server\V15\Scripts" 

Then execute this script: Update-MalwareFilteringServer.ps1 -Identity "YourExchangeServer" -EngineUpdatePath "https://forefrontdl.microsoft.com/server/scanengineupdate"

 

If that didn't work you can try 2 different EngineUpdatePaths:

https://amupdatedl.microsoft.com/server/scanengineupdate/

http://amupdatedl.microsoft.com/server/amupdate/

 

for me it worked after I used http://amupdatedl.microsoft.com/server/amupdate/ as the UpdatePath. 

Senior Member

Thank you ATkai, in the end I had to do the following manually,

  1. Run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell
  2. Run Start-EngineUpdate
  3. Run Get-EngineUpdateInformation

About 45 mins later, and checking the event log I could see it was updating.

I came across the following website which helped me 

Exchange mail flow breaks (Disable AntiMalwareScanning) - ALI TAJRAN

Senior Member

I assume this is not your final permanent solution?  Can we expect MS fixing this in upcoming CU? 

New Contributor

Wanted to come back here and udpate with my experience on our Exchange 2019 Server Core servers running CU11.

 

We orginally disabled the Anti-Malware service using the "Disable-AntimalwareScanning.ps1 -ForceRestart" option on 12/31/21.

 

Deciding to deffer this fix until our monthly maintence window, I proceeded with doing the following on our (2) Exchange servers hosting passive copies of our mailbox databases BEFORE attempting to run the automated script in this post:

 

  • Enable-AntimalwareScanning.ps1

 

I was then presented with several "Checking for Engine Update" messages over the course of 20-30min.

Once the update was completed, I restarted the MSExchangeTransport service as instructed. 

 

When the service finished restarting, I attempted to run the automated script in this post: 

 

  • Reset-ScanEngineVersion.ps1

 

I was then informed that our scanning engine was up to date and that the script was not needed.

 

Performing a "Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell" followed by a "Get-EngineUpdateInformation" provided me with the following results:

 

Engine : Microsoft
LastChecked : 01/13/2022 09:30:31 AM -08:00
LastUpdated : 01/13/2022 06:36:47 AM -08:00
EngineVersion : 1.1.18800.4
SignatureVersion : 1.355.1844.0
SignatureDateTime : 01/13/2022 12:23:00 AM -08:00
UpdateVersion : 2112330084
UpdateStatus : UpdateAttemptNoUpdate

 

At this moment, since out version is "2112330084" which is above the documented "2112330001", we assume there is nothing more that we need to do. There are also no FIPS error messages within the Application event logs.

 

Just thought I would post this as I found it unusual that the automated script was not needed for us to fix this issue, but just a matter of re-enabling the Anti-Malware Scanning and restarting the MSExchangeTransport service.

Occasional Visitor

Running Exchange 2016 on-premise and was affected by the bug. On January 1st, I did the workaround to bypass the malware filter. Today I installed CU22 Security Update January KB5008631. I was planning on running the Reset script and enabling the malware filter. When I attempted to run the Reset-ScanEngineVersion.ps1 I see this:

EXSERVER UpdateVersion: 2112330086

EXSERVER This server is not impacted. Add -Force to proceed anyway

I ran Get-TransportAgent and I see the Malware Agent is set to True even thought I didn't set that yet

 

Is the Reset-ScanEngineVersion.ps1 needed if KB5008631 is installed?

Regular Visitor

@RickDF You are not impacted with version 2112330086 .  The bug was caused when Microsoft issued definitions which had a version number exceeding the maximum value for a 32bit integer (2147483647).  The "fix" is to clean out that version and get a newer version where they adjusted the numbering scheme.  That's what the script Microsoft provided does.

%3CLINGO-SUB%20id%3D%22lingo-sub-3049447%22%20slang%3D%22en-US%22%3EEmail%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049447%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20aware%20of%20and%20working%20on%20an%20issue%20causing%20messages%20to%20be%20stuck%20in%20transport%20queues%20on%20Exchange%20Server%202016%20and%20Exchange%20Server%202019.%20The%20problem%20relates%20to%20a%20date%20check%20failure%20with%20the%20change%20of%20the%20new%20year%20and%20it%20not%20a%20failure%20of%20the%20AV%20engine%20itself.%20This%20is%20not%20an%20issue%20with%20malware%20scanning%20or%20the%20malware%20engine%2C%20and%20it%20is%20not%20a%20security-related%20issue.%20The%20version%20checking%20performed%20against%20the%20signature%20file%20is%20causing%20the%20malware%20engine%20to%20crash%2C%20resulting%20in%20messages%20being%20stuck%20in%20transport%20queues.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20actively%20working%20on%20resolving%20this%20issue%2C%20and%20later%20today%20we%20expect%20to%20release%20details%20on%20how%20to%20resolve%20this%20issue.%20In%20the%20meantime%2C%20if%20your%20organization%20performs%20malware%20scanning%20of%20messages%20outside%20of%20your%20on-premises%20Exchange%20servers%20(for%20example%2C%20by%20routing%20mail%20through%20Exchange%20Online%2C%20or%20by%20using%20a%20third-party%20message%20hygiene%20solution)%2C%20you%20can%20bypass%20or%20disable%20malware%20scanning%20on%20your%20Exchange%20servers%20and%20clear%20your%20transport%20queues.%20You%20should%20use%20one%20of%20these%20workarounds%20only%20if%20you%20have%20an%20existing%20malware%20scanner%20for%20email%20other%20than%20the%20engine%20in%20Exchange%20Server.%20See%20the%20following%20articles%20for%20details%20on%20how%20to%20disable%20or%20bypass%20malware%20scanning%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fantispam-and-antimalware%2Fantimalware-protection%2Fantimalware-protection%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAntimalware%20protection%20in%20Exchange%20Server%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fantispam-and-antimalware%2Fantimalware-protection%2Fantimalware-procedures%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProcedures%20for%20antimalware%20protection%20in%20Exchange%20Server%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOur%20engineers%20were%20working%20around%20the%20clock%20on%20a%20fix%20that%20would%20eliminate%20the%20need%20for%20customer%20action%2C%20but%20we%20determined%20that%20any%20change%20that%20did%20not%20involve%20customer%20action%20would%20require%20several%20days%20to%20develop%20and%20deploy.%20We%20are%20working%20on%20another%20update%20which%20is%20in%20final%20test%20validation.%20The%20update%20requires%20customer%20action%2C%20but%20it%20will%20provide%20the%20quickest%20time%20to%20resolution.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20expect%20to%20have%20this%20update%20to%20you%20shortly%20along%20with%20the%20actions%20required%20by%20you.%20We%20are%20sorry%20for%20any%20inconvenience%20that%20this%20issue%20has%20caused.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E--%20The%20Exchange%20Team%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-3049447%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20aware%20of%20and%20working%20on%20an%20issue%20causing%20messages%20to%20be%20stuck%20in%20transport%20queues%20on%20Exchange%20Server%202016%20and%20Exchange%20Server%202019.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3049447%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%202016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%202019%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn%20premises%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Etransport%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049468%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049468%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20that%20quick%20status%20message.%3CBR%20%2F%3EQuestion%3A%20Exchange%20normally%20removes%20not%20delivered%20messages%20after%2048h%26nbsp%3B%20(%26nbsp%3B%22%3CSPAN%20class%3D%22hljs-parameter%22%3EMessageExpirationTimeout%22%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow%2Fqueues%2Fconfigure-message-intervals%3Fview%3Dexchserver-2019%23configure-the-message-expiration-timeout-interval%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow%2Fqueues%2Fconfigure-message-intervals%3Fview%3Dexchserver-2019%23configure-the-message-expiration-timeout-interval%3C%2FA%3E)%26nbsp%3B%20Does%20this%20also%20affect%20messages%20on%20%22Submission%20queues%22.%26nbsp%3B%20This%20could%20really%20make%20it%20worse%20if%20companies%20loose%20%22new%20year%22%20messages%20before%20admins%20are%20back%20from%20vacation%2FWeekend.%20On%20the%20other%20side%3A%26nbsp%3B%3CSPAN%20class%3D%22hljs-parameter%22%3Eif%20could%20trigger%20smaller%20companies%20without%2024x7%20operations%20to%20migrate%20to%20exchange%20online.%20%3A)%3C%2Fimg%3E%3C%2FSPAN%3E%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22hljs-parameter%22%3EFrank%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049514%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049514%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20updates%20to%20this%20problem%3F%26nbsp%3B%20I've%20tried%20to%20implement%20the%20workaround%2C%20but%20mail%20is%20still%20stuck%20in%20the%20submission%20queue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049517%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049517%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F224977%22%20target%3D%22_blank%22%3E%40Adam%20Solomon%3C%2FA%3E%2C%26nbsp%3Bif%20after%20disabling%20the%20agent%20and%20restarting%20transport%20it%20still%20doesn't%20work%2C%20then%20check%20for%20event%204010.%20It%20will%20list%20any%20transport%20rules%20that%20depend%20on%20the%20malware%20agent%20which%20is%20causing%20mail%20to%20queue%20after%20remediating%20the%20issue.%20Disable%20or%20adjust%20that%20rule%20to%20resolve.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049522%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049522%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20will%20Microsoft%20issue%20a%20FIX%20for%20this%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049524%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049524%22%20slang%3D%22en-US%22%3E%3CP%3EI%20wrote%20a%20script%20and%20article%20on%20how%20to%20roll-back%20the%20engine%20update%2C%20so%20that%20that%20you%20don't%20need%20to%20disable%20the%20engine.%20This%20also%20resolves%20transport%20rule%20issues.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblog.markdepalma.com%2F%3Fp%3D810%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblog.markdepalma.com%2F%3Fp%3D810%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049527%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049527%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20I'll%20try%20to%20run%20this.%20who%20pushes%20updates%20on%2031%2F12%20to%20production%20%3F!!!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049528%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049528%22%20slang%3D%22en-US%22%3E%3CP%3ECould%20we%20get%20clarification%20of%20whether%203rd%20party%20malware%20scanners%20(e.g.%20ESET%20Mail%20Security)%20running%20on%20the%20same%20transport%20server%20will%20still%20scan%20received%20email%20when%20the%26nbsp%3BBypassFiltering%20flag%20is%20set%20to%20true%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049533%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049533%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94242%22%20target%3D%22_blank%22%3E%40Dani%20Kaplan%3C%2FA%3E%26nbsp%3BThis%20wasn't%20due%20to%20a%20change%20on%2031st%20Dec.%20The%20problem%20is%20caused%20by%20an%20integer%20overflow%20error%3A%20the%20anti-malware%20component%20is%20converting%20the%20date%2Ftime%20into%20%22YYMMDDHHMM%22%20format%20and%20storing%20it%20as%20a%20signed%2032-bit%20number%20(max%20value%20%3CSPAN%3E2147483648)%3C%2FSPAN%3E.%20So%2C%20in%20Dec%202021%2C%20the%20number%20would%20start%20with%20%222112...%22%20(below%20the%20threshold).%20In%20Jan%202022%2C%20the%20number%20would%20start%20with%20%222201...%22%20(above%20the%20threshold).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BI%20think%20it%20would%20be%20useful%20to%20add%20this%20info%20to%20your%20blog%20post.%20I%20also%20have%20to%20echo%20what%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1106319%22%20target%3D%22_blank%22%3E%40David_Richard%3C%2FA%3E%26nbsp%3Bsaid%3A%20when%20I%20was%20investigating%20the%20problem%2C%20I%20found%20Twitter%20threads%20(by%20your%20customers)%20several%20hours%20before%20anything%20appeared%20here.%20Even%20if%20you%20didn't%20have%20a%20solution%20right%20away%2C%20at%20the%20very%20least%20it%20would%20be%20useful%20for%20you%20to%20say%20%22We%20know%20about%20this%20and%20we're%20working%20on%20it%22.%20That%20would%20save%20people%20time%2C%20e.g.%20I%20initially%20thought%20that%20it%20was%20a%20local%20problem%20to%20my%20environment%20so%20I%20was%20looking%20for%20anything%20related%20to%20back%20pressure.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20theory%2C%20this%20would%20be%20an%20ideal%20scenario%20for%20EEMS%2C%20if%20you%20could%20fix%20the%20problem%20automatically%20for%20any%20IT%20staff%20who%20finished%20work%20on%20Friday%20and%20won't%20find%20out%20about%20it%20until%20Tuesday%20morning.%20However%2C%20I'm%20guessing%20that%20this%20isn't%20possible%20if%20the%20fix%20requires%20customer%20action.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049543%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049543%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F224977%22%20target%3D%22_blank%22%3E%40Adam%20Solomon%3C%2FA%3E%26nbsp%3BDid%20you%20restart%20Transport%20Service%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049563%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049563%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20seeing%20mail%20queue%20delays%20of%20about%203-4%20minutes%20even%20after%20disabling%20the%20malware%20filtering%20to%20get%20emails%20to%20work%20at%20all.%20Please%20fix%20this%20asap!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049564%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049564%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1263498%22%20target%3D%22_blank%22%3E%40Kevin022756%3C%2FA%3E%26nbsp%3BPlease%20see%20my%20post%20above.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049637%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049637%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20we%20get%20that%20update%2Fpatch%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049639%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049639%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20your%20good%20work%20on%20this%20one.%26nbsp%3B%20As%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F935125%22%20target%3D%22_blank%22%3E%40sboatwrightzb%3C%2FA%3E%26nbsp%3Bdid%2C%20I%20also%20found%20the%20technet%20article%20and%20we%20were%20only%20inconvenienced%20for%20a%20few%20hours.%26nbsp%3B%20Luckily%20we%20already%20have%20redundant%20Malware%20protection.%26nbsp%3B%20Our%20Submission%20queues%20were%20already%20very%20high%20at%20the%20time%20I%20noticed%20the%20issue.%26nbsp%3B%20My%20sympathies%20for%20any%20of%20the%20folks%20relying%20solely%20on%20Exchange%20Anti-malware%20for%20their%20protection.%26nbsp%3B%20%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049681%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049681%22%20slang%3D%22en-US%22%3E%3CP%3EStill%20having%20issues%20after%20applying%20the%20automatic%20update%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(0x84004003)%20Unknown%20error%202214608899.%20Failed%20to%20meet%20engine%20bias%20criteria%20(Available)%20for%20filter%20type%20(Malware)%3A%3CBR%20%2F%3ESelected%20engine(s)%3A%20Microsoft%3CBR%20%2F%3EAvailable%20engine(s)%3A%3CBR%20%2F%3EOffline%20engine(s)%3A%20ID%3A%20%7Befbcbae3-75c1-49b4-817e-5f460cd06b71%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEngine%20version%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEngine%20%3A%20Microsoft%3CBR%20%2F%3ELastChecked%20%3A%2001%2F02%2F2022%2009%3A51%3A31%20AM%20%2B01%3A00%3CBR%20%2F%3ELastUpdated%20%3A%2001%2F02%2F2022%2009%3A45%3A56%20AM%20%2B01%3A00%3CBR%20%2F%3EEngineVersion%20%3A%201.1.18800.4%3CBR%20%2F%3ESignatureVersion%20%3A%201.355.1227.0%3CBR%20%2F%3ESignatureDateTime%20%3A%2001%2F01%2F2022%2012%3A29%3A06%20PM%20%2B01%3A00%3CBR%20%2F%3EUpdateVersion%20%3A%202112330001%3CBR%20%2F%3EUpdateStatus%20%3A%20UpdateAttemptNoUpdate%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049694%22%20slang%3D%22zh-CN%22%3EReply%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049694%22%20slang%3D%22zh-CN%22%3E%3CP%3EI%20have%20applied%20the%20solution%2C%20but%20unfortunately%2C%20mail%20queues%20are%20still%20generated.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Snipaste_2022-01-02_17-15-13.jpg%22%20style%3D%22width%3A%20569px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F336793i5937C96CE93B805A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Snipaste_2022-01-02_17-15-13.jpg%22%20alt%3D%22Snipaste_2022-01-02_17-15-13.jpg%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Snipaste_2022-01-02_17-14-35.jpg%22%20style%3D%22width%3A%20813px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F336794i5EE9AAB9C2FECE1F%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Snipaste_2022-01-02_17-14-35.jpg%22%20alt%3D%22Snipaste_2022-01-02_17-14-35.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELatest%2C%20when%20I%20enter%20the%20maintenance%20mode%20and%20restart%20the%20server%2C%20and%20then%20exit%20the%20maintenance%20mode%2C%20the%20server%20seems%20to%20be%20back%20to%20normal.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049699%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049699%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20here!%20Fix%20applied%20without%20error%20messages%20but%20mails%20still%20stuck%20and%20FIPFS%20ID%202203%20is%20logged.%3C%2FP%3E%3CP%3EExchange%202019%20CU22%20on%20Server%202012R2%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20Get-EngineUpdateInformation%20script%20is%20missing%20in%20my%20script%20folder...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049704%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049704%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20updatePath%20%3CA%20href%3D%22http%3A%2F%2Famupdatedl.microsoft.com%2Fserver%2Famupdate%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttp%3A%2F%2Famupdatedl.microsoft.com%2Fserver%2Famupdate%3C%2FA%3E%26nbsp%3Breturns%20error%20404%20and%20I%20cannot%20apply%20the%20fix.%20It%20returns%20to%202201010009%20version.%3C%2FP%3E%3CP%3EDoes%20anybody%20have%20the%20same%20issue%20with%20update%20path%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22iomerzu_0-1641116510568.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F336796iC006106F1EA84526%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22iomerzu_0-1641116510568.png%22%20alt%3D%22iomerzu_0-1641116510568.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUPDATE%3A%20After%20applying%20script%20for%20automated%20fix%2C%20the%20verson%20updated%20successfuly.%20The%20recommendation%20is%20to%20use%20provided%20script.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22iomerzu_0-1641118614897.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F336801iC7EC089E98F720B8%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22iomerzu_0-1641118614897.png%22%20alt%3D%22iomerzu_0-1641118614897.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049714%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049714%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20dear%20colleagues%2C%3C%2FP%3E%3CP%3ECan%20anyone%20confirm%20that%20the%20fix%20works.%20I%20could%20help%20myself%20with%20%22Get-TransportAgent%20%22malware%20agent%22%20%7C%20Disable-Transportagent%20which%20worries%20me%20a%20bit%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049716%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049716%22%20slang%3D%22en-US%22%3E%3CP%3EUpdate%3A%3C%2FP%3E%3CP%3EAfter%20a%20restart%20of%20the%20whole%20server%20the%20fix%20seems%20to%20be%20working.%3C%2FP%3E%3CP%3EMail%20queue%20is%20empty%20and%20some%20testmails%20were%20successfully%20delivered.%3C%2FP%3E%3CP%3ENo%20more%20FIPFS%20entries%20in%20eventlog%20till%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049718%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049718%22%20slang%3D%22en-US%22%3E%3CP%3EFix%20not%20working%20without%20reboot%20of%20the%20server.%3C%2FP%3E%3CP%3EWithout%20reboot%20e-mails%20still%20stuck%20in%20Submission%20Queue%3A%26nbsp%3BMessage%20deferred%20by%20categorizer%20agent%3C%2FP%3E%3CP%3EEvent%20ID%3A%202203%2C%20Source%3A%20FIPS%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Super_Jay_0-1641117765285.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F336800iCF15CD6E890CFEE1%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Super_Jay_0-1641117765285.png%22%20alt%3D%22Super_Jay_0-1641117765285.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAfter%20reboot.%3C%2FP%3E%3CP%3E.%5CEnable-AntimalwareScanning.ps1%20(was%20disabled%20as%20a%20temporarily%20fix%20to%20the%20problem)%3C%2FP%3E%3CP%3ERestart-Service%20MSExchangeTransport%3C%2FP%3E%3CP%3EThings%20looking%20fine%20for%20now.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049720%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049720%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F946387%22%20target%3D%22_blank%22%3E%40Super_Jay%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EHave%20you%20done%20a%20complete%20server%20restart%20or%20only%20transport%20service%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049721%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049721%22%20slang%3D%22en-US%22%3E%3CP%3EWorked%20for%20me%20eventually.%20First%20attempt%20had%20errors%2C%20but%20the%20Powershell%20window%20closed%20before%20I%20could%20read%20them.%20Second%20attempt%20had%20errors%20relating%20to%20tasks%20not%20being%20able%20to%20be%20completed%2C%20but%20guessed%20that%20these%20were%20done%20the%20first%20time%2C%20and%20then%20an%20error%20about%20Execution%20Policy.%20Ran%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3ESet-ExecutionPolicy%20-ExecutionPolicy%20RemoteSigned%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3Band%20then%20ran%20the%20fix%20again.%20Update%20ran%20and%20on%20completion%20emails%20started%20coming%20through.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049726%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049726%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20patch%20installed%20%2C%20see%20the%20following%20event%26nbsp%3B%3C%2FP%3E%3CP%3EA%20FIP-FS%20Scan%20process%20returned%20error%200x84004003%20PID%3A%2010800%20Msg%3A%20Scanning%20Process%20caught%20exception%3A%3CBR%20%2F%3EStream%20ID%3A%20%3CEMAIL%20address%3D%22%22%20removed%3D%22%22%3E%3CBR%20%2F%3EScanID%3A%20%7B836D5023-4371-44F6-8B1B-D170E9A61C3B%7D%3CBR%20%2F%3E(0x84004003)%20Unknown%20error%202214608899.%20Failed%20to%20meet%20engine%20bias%20criteria%20(Available)%20for%20filter%20type%20(Malware)%3A%3CBR%20%2F%3ESelected%20engine(s)%3A%20Microsoft%3CBR%20%2F%3EAvailable%20engine(s)%3A%3CBR%20%2F%3EOffline%20engine(s)%3A%20ID%3A%20%7B836d5023-4371-44f6-8b1b-d170e9a61c3b%7D%3C%2FEMAIL%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESeems%20some%20Microsoft%20end-point%20not%20updated%26nbsp%3B%20%3F%3F%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049728%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049728%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F41501%22%20target%3D%22_blank%22%3E%40microsoft%3C%2FA%3E%3A%20just%20some%20questions%20left...%3C%2FP%3E%3CP%3E1.%20if%20Disable-AntimalwareScanning.ps1%20has%20been%20used%20on%20the%20server%2C%20is%20it%20necessary%20to%20ENABLE%20the%20Antimalware%20Scanning%20with%20Enable-AntimalwareScanning.ps1%20first%20BEFORE%20applying%20the%20patch%20script%3F%20...or%20could%20it%20stay%20disabled%20while%20applying%20the%20patch%3F%3C%2FP%3E%3CP%3E2.%20if%20you%20download%20the%20script%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FResetScanEngineVersion%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FResetScanEngineVersion%3C%2FA%3E%20where%20do%20we%20have%20to%20save%20this%20script%3F%20I%20assume%20under%20C%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CScripts%20-%20correct%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049739%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049739%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1106110%22%20target%3D%22_blank%22%3E%40Duncan1528%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EYou%20can%20save%20the%20script%20in%20any%20folder%20you%20like.%20The%20script%20runs%20perfectly%20well%20from%20any%20other%20folder%20as%20well.%3CBR%20%2F%3EEnsure%20that%20you%20start%20the%20Exchange%20Management%20Shell%20with%20administrative%20privileges.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049740%22%20slang%3D%22de-DE%22%3ESubject%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049740%22%20slang%3D%22de-DE%22%3E%3CP%3EWell%20if%20I%20run%20the%20script%20or%20if%20I%20do%20it%20manual%2C%20I%20get%20the%20same%20result%20at%20the%20step%20when%20running%20%3CEM%3EUpdate-MalwareFilteringServer%3C%2FEM%3E.%20%3CEM%3Eps1%3C%2FEM%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EC%3A%5CProgram%20Files%5CMicrosoft%5CExchange%20Server%5CV15%5CScripts%5CUpdate-MalwareFilteringServer.ps1%20%3A%20Error%20starting%3CBR%20%2F%3Eantimalware%20engine%20update.%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVery%20frustrating.%20By%20the%20way%20happy%20new%20year.%3CBR%20%2F%3E%3CBR%20%2F%3EWhy%20is%20again%20only%20on%20perm%20affected%3F%20%3B)%3C%2Fimg%3E%20was%20it%20an%20idea%20of%20marketing%2C%20to%20get%20people%20to%20O365%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049742%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049742%22%20slang%3D%22en-US%22%3E%3CP%3EFix%20didn't%20work%20with%20service%20restart%2C%20is%20it%20required%20to%20reboot%20the%20server%20itself%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFIPFS%20error%202023%20keep%20on%20generating.%20Disabled%20Antimalware%20scanning%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20update!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049744%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049744%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20worth%20noting%20that%20Exchange%20servers%20with%20mailbox%20role%20are%20affected%20by%20this%20issue.%20Edge%20Transport%20Servers%20are%20not%20affected.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049745%22%20slang%3D%22en-US%22%3ERe%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049745%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1263658%22%20target%3D%22_blank%22%3E%40GRauth%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EDid%20you%20open%20an%20administrative%20Exchange%20Management%20Shell%20session%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3049746%22%20slang%3D%22de-DE%22%3ESubject%3A%20Email%20Stuck%20in%20Transport%20Queues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3049746%22%20slang%3D%22de-DE%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3842%22%20target%3D%22_blank%22%3E%40Thomas%20Stensitzki%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%20Your%20question%20is%20appreciated.%20Yes%2C%20I%20did.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Jan 11 2022 02:26 PM
Updated by: