Both sides previous revisionPrevious revisionNext revision | Previous revision |
microsoft_exchange_server_2016_stopped_transporting_email_january_1st_2022 [2022/01/03 17:18] – wikiadmin | microsoft_exchange_server_2016_stopped_transporting_email_january_1st_2022 [2022/01/03 18:18] (current) – wikiadmin |
---|
====== Microsoft Exchange Server 2016 Stopped Transporting Email on January 1st 2022 ====== | ====== Microsoft Exchange Server 2016 Stopped Transporting Email on January 1st 2022 ====== |
| |
You notice that your Outlook Web Access shows your last received email is before midnight on New Years Eve December 31, 2021. Let's call this the Y2K22 Bug. According to numerous reports from Microsoft Exchange admins worldwide, a bug in the FIP-FS engine is blocking email delivery with on-premise servers starting at midnight. This is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647. But, dates in 2022 have a minimum value of 2,201,010,001, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. | You notice that your Outlook Web Access shows your last received email is before midnight on New Years Eve December 31, 2021. |
| |
Check the Exchange Server's Event Log for an error or errors similar to this "The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long." | According to [[https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-year-2022-bug-in-fip-fs-breaks-email-delivery/]], There is a bug in the FIP-FS engine that is blocking email delivery with on-premise servers starting at midnight . . . [and] . . . This is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647 . . . However, dates in 2022 have a minimum value of 2,201,010,001, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery. |
| |
How do you fix this? Here is a temporary fix until Microsoft issues Exchange updates addressing this problem. Either disable or bypass anti-malware scanning, and then restart the Exchange 2016 Transport Service, all using Exchange PowerShell. | Check your Exchange Server's Event Log for an error or errors similar to this "The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long." |
| |
| See also: [[https://www.alitajran.com/exchange-mail-flow-breaks]] |
| |
| Here is a temporary fix until Microsoft issues Exchange updates addressing this problem. Either disable or bypass anti-malware scanning, and then restart the Exchange 2016 Transport Service, all using Exchange PowerShell. |
| |
| See: [[https://docs.microsoft.com/en-us/exchange/disable-or-bypass-anti-malware-scanning-exchange-2013-help]] |
| |
I recommend to Bypass Filtering rather than disabling the anti-malware service. | I recommend to Bypass Filtering rather than disabling the anti-malware service. |
| |
Result should look like this: | Result should look like this: |
<Code> | |
| |
__Identity__ __Enabled__ __Priority__ | |
| |
Malware Agent True 5 | <blockquote>__Identity__ __Enabled__ __Priority__ |
| |
| Malware Agent True 5</blockquote> |
| |
</code> | |
| |
Check Malware Filtering Server | Check Malware Filtering Server |
| |
[PS] C:\Windows\system32>Get-MalwareFilteringServer | Format-List BypassFiltering | <blockquote>[PS] C:\Windows\system32>Get-MalwareFilteringServer | Format-List BypassFiltering</blockquote> |
| |
Result should look like this: | Result should look like this: |
| |
BypassFiltering : False | <blockquote>BypassFiltering : False</blockquote> |
| |
Now, Set BypassFiltering to True (which stops the malware service from filtering emails) | Now, Set BypassFiltering to True (which stops the malware service from filtering emails)[PS] C:\Windows\sy |
| |
[PS] C:\Windows\system32>Set-MalwareFilteringServer yourservername.domain.lan -BypassFiltering $true | <blockquote>[PS] C:\Windows\system32>Set-MalwareFilteringServer yourservername.domain.lan -BypassFiltering $true</blockquote> |
| |
While processing, the powershell should echo: | While processing, the powershell should echo: |
| |
Creating a new session for implicit remoting of "Set-MalwareFilteringServer" command... | <blockquote>Creating a new session for implicit remoting of "Set-MalwareFilteringServer" command...</blockquote> |
| |
Now, check to see if BypassFiltering status has changed to True: | Now, check to see if BypassFiltering status has changed to True: |
| |
[PS] C:\Windows\system32>Get-MalwareFilteringServer | Format-List BypassFiltering | <blockquote>[PS] C:\Windows\system32>Get-MalwareFilteringServer | Format-List BypassFiltering</blockquote> |
| |
Your result should be: | Your result should be: |
| |
BypassFiltering : True | <blockquote>BypassFiltering : True |
| </blockquote> |
| |
Now, you need to restart the MSExchange Transport service | Now, you need to restart the MSExchange Transport service |
| See: [[http://www.tinkerist.com/?p=1752]] |
| |
[PS] C:\Windows\system32>Restart-Service MSExchangeTransport | <blockquote>[PS] C:\Windows\system32>Restart-Service MSExchangeTransport</blockquote> |
| |
You should see multiple occurrences of the following onscreen within PowerShell: | You should see multiple occurrences of the following onscreen within PowerShell: |
| |
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to stop... | <blockquote>WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to stop... |
| |
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start... | WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...</blockquote> |
| |
Then it will return to the the powershell prompt: | Then it will return to the the powershell prompt: |
| |
[PS] C:\Windows\system32> | <blockquote>[PS] C:\Windows\system32></blockquote> |
| |
| Open OWA in your user agent (web browser) and login to your email account. Your emails should begin to arrive! |
| |
| |
| See: [[https://docs.microsoft.com/en-us/exchange/disable-or-bypass-anti-malware-scanning-exchange-2013-help]] |
| |
| See: [[https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/antimalware-procedures?view=exchserver-2019]] |
| |
Open OWA and login. Your emails should begin to arrive. | |
| |
| |