SOLVED

Exchange 2016/2019 Filtering Engine Updates failing since 12/7/2021

New Contributor

Hi,

Anti-malware engine updates have been failing since 12/7 with error 6035 - the testing phase. After trying several of the suggested fixes, it appears this is failing after the update is downloaded and before it updates the "bin" directory. This is occurring at two clients  - one with a 2016 instance and one with a 2019 instance. I have found other people posting the issue on Serverfault, so it does not seem isolated to my clients...

 

 

19 Replies
Carl, we were able to repro this issue and this is currently being worked upon.
Will update you once we get an input from Exchange Product Group
Good Afternoon,
we have this issue as well on exchange 2016 cu22 and we had to disable anti malware scanning to get our mail to flow.
[PS] C:\windows\system32>Get-EngineUpdateInformation
Engine : Microsoft
LastChecked : 12/15/2021 03:16:13 PM -06:00
LastUpdated : 12/07/2021 06:29:57 PM -06:00
EngineVersion : 1.1.18700.4
SignatureVersion : 1.353.2243.0
SignatureDateTime : 12/07/2021 11:41:19 AM -06:00
UpdateVersion : 2112070009
UpdateStatus : UpdateAttemptFailed
6031 -MS Filtering Engine Update process has successfully downloaded updates for Microsoft.
6035-MS Filtering Engine Update process was unsuccessful in testing an engine update.

But if i try to start the antimalware scanning i get:
1106-The FIP-FS Scan Process failed initialization. Error: 0x80010105. Error Details: The server threw an exception.

tried restarting antimalware scanning and got this
Update-AntimalwareEngines : Engines could not be updated. Please investigate.
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Enable-AntimalwareScanning.ps1:114 char:1
+ Update-AntimalwareEngines
This is fixed now, can you try again.
Carl, this is fixed now, can you try again.
Let me know if you get any error

@surajbudhani 

 

This does seem to be fixed. The signature update is 2112160005, last updated around 3AM this morning.  Thanks!!!!

 

Thanks, the update is working now.
I was hoping this would fix out other issue with the Fip-fs
The FIP-FS Scan Process failed initialization. Error: 0x80010105. Error Details: The server threw an exception.
I have to bypass the scanning engine or none of our email, internal or external leaves the queue.
This started 2 days ago, before that everything was working fine.

Have you heard of this issue before? do I need to reinstall exchange 2016 cu22?
there appears to be a new issue with the latest updates. As the year turned over we got mail flow problems that look related to first 2022 update. had to disable malware scanning to get flow to stabilize

The FIP-FS "Microsoft" Scan Engine failed to load. PID: 4456, Error Code: 0x80004005. Error Description: Can't convert "2201010003" to long.

Greetings and Happy New Year!

Also faced this same issue after auto update the FIP-FS (filtering management service) on our on-premium server MS Exenge 2016 21 KU with the latest security updates (KB5007409).

We are looking forward to a solution from Microsoft.

We're seeing the exact same thing. Mail stopped flowing right after an update this evening. Like you, had to disable the malware scanning.  We're on-prem Exchange 2019 cu 11.

Yes, thank you. I also did this procedure as a temporary solution. We need to draw the attention of Microsoft representatives.

Nice present in the morning for the new year :)
Same issue here with on-prem exchange 2019 CU11 with the November SU. I to had to temporarily bypass the anti-malware filtering and restart the transport service to get mail flowing again.

The Microsoft Filtering Management Service stopped unexpectedly with event code 7034 multiple times. The last bit of mail that came in last night was around 6:50pm CST. The next message that came in at 7:06pm CST was stuck in the queue.

@David_Richard 

when I use manual solution, and at the last step to run Update-MalwareFilteringServer.ps1

it ask to supply values for the following parameter

Identity[0] :

what should I do?

 

Finally I got it fixed. The identity is the server name,
After I enable the anti-malware scanning, I have to restart the server, and it work.
Hey Everyone,
The issue discussed by Carl in this thread was a different issue and it has been fixed.
I see that most of you are experiencing a problem "Microsoft Exchange FIP-FS Scan Engine failed to load. 0x80004005 Can't convert to long" we are currently investigating this
best response confirmed by secabstraction (Microsoft)

After running all the manual commands. I ran the following powershell script Update-MalwareFilteringServer.ps1 and it fails due to the execution policy

I use automated solution on 10 exchange servers including 2013 & 2016, it works. some of them will show the engine file download process, but some of them doesn't, and jump back to prompt.
But it is downloading in the background. I have to wait for an hour to let it finish. and run the following command to download the engine update.
2. Run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell
3. Run Start-EngineUpdate
4. Run Get-EngineUpdateInformation