Friday, 10 December 2021

Microsoft Exchange Server - FIPS-FS Error 0x800706BE, 0x80010105

We started encountering this issue on our on-prem (Hybrid) exchange server all of a sudden which was preventing emails from being scanned by the anti malware module, and hence were being held in the submission queue and not being delivered.

You may see errors in the event log such as;

The FIP-FS Scan Process failed initialization. Error: 0x80010105. Error Details: The server threw an exception.

The FIP-FS Scan Process failed initialization. Error: 0x800706BE. Error Details: The remote procedure call failed.

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: scanningprocess.exe

The usual server and service restarts did not fix the problem.

The issue appears to be related to updates not being installed correctly for the exchange anti malware scanning module.

You can check/confirm this by running these commands from Powershell;

Add-PsSnapin Microsoft.Forefront.Filtering.Management.Powershell

Get-EngineUpdateInformation

We got a response like below - note the "UpdateAttemptFailed" status








You can also check the update engine settings by running the command

get-engineupdatecommonsettings







Note the PrimaryUpdatePath - when we attempted to access this URL we were getting a 404 error - this is potentially what the problem is?




Update 4/1/22

I found the following article from the Exchange Team Blog that references this issue and provides a script to fix it


Before implementing the provided fix, I can ran the default script to Enable-AntimalwareScanning (located in C:\Program Files\Microsoft\Exchange Server\V15\Scripts) - mail delivery operated for a brief period of time before mails began queuing again.

I ran the script provided in the blogpost, and even after a full server restart, the problem still persists so I have disabled the antimalware scanning again

Fix/Solution/Workaround

Disable the anti-malware scanning option. This is easily done by running the included powershell script in your Exchange installation directory

C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Disable-AntimalwareScanning.ps1

Run the script then restart the Microsoft Exchange Transport Service

Once we did this the submission queue immediately started clearing.

You can reverse the change easily by running the Enable-AntimalwareScanning.ps1 script in the same folder later on.


We've also found this recent MS article outlining steps to manually update the scan engines used by Exchange Server, but we found it still failed to update the signatures after running it

https://docs.microsoft.com/en-us/exchange/troubleshoot/setup/manually-update-scan-engines




10 comments:

  1. Thank You very much. You save my day. My exchange after instaling update and restart just stop workin :/

    ReplyDelete
  2. Thank you this worked like a charm. Exactly what I needed. However if I try to re-enable scanprocessing it brings down my Submission Queue. How to troubleshoot the "WHY" is enabling scanning messes my exchange?

    Thanks.

    ReplyDelete
  3. i have the same situation but i'm able to download the updates according https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/download-antimalware-updates?view=exchserver-2019.

    the problem started with the installation of the lastest windows cu updates some days ago. it would be interesting what versions you are running.

    i'm on the follwing patch-level:
    Exchange: Exchange Server 2016 CU21 Nov21SU November 9, 2021 15.1.2308.20 15.01.2308.02
    Server: Server 2012R2, December Update installed (KB5008263)

    ReplyDelete
    Replies
    1. My server is running version 15.02.0986.014 which is Exchange Server 2019 CU11 Nov21SU - currently the latest available

      Delete
  4. We have the same issue with Exchange Server 2016 CU21... Trying CU22 after hours tonight

    ReplyDelete
    Replies
    1. Issues appears to be resolved after installing CU22

      Delete
  5. Anyone know which KB brought this upon us?

    ReplyDelete
  6. For 2016 Exchange, it appears to be CU21 - someone else mentioned above that the issue seems to be resolved after updating to CU22

    For 2019 Exchange (the version I'm using), the issue is affecting CU11 Nov21SU which is the latest available release.

    ReplyDelete
  7. Had this issue and in addition to the https://aka.ms/ResetScanEngineVersion script provided by Microsoft I also ran the official HealthChecker script https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/

    This showed that we were missing the Visual C++ 2013 Redistributable package on the server - once installed, the malware scanner component worked properly again :)

    https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/VisualCRedistributableVersionCheck/

    ReplyDelete