We started encountering this issue on our on-prem (Hybrid) exchange server all of a sudden which was preventing emails from being scanned by the anti malware module, and hence were being held in the submission queue and not being delivered.
You may see errors in the event log such as;
The FIP-FS Scan Process failed initialization. Error: 0x80010105. Error Details: The server threw an exception.
The FIP-FS Scan Process failed initialization. Error: 0x800706BE. Error Details: The remote procedure call failed.
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: scanningprocess.exe
The usual server and service restarts did not fix the problem.
The issue appears to be related to updates not being installed correctly for the exchange anti malware scanning module.
You can check/confirm this by running these commands from Powershell;
Add-PsSnapin Microsoft.Forefront.Filtering.Management.Powershell
Get-EngineUpdateInformation
We got a response like below - note the "UpdateAttemptFailed" status
You can also check the update engine settings by running the command
get-engineupdatecommonsettings
Note the PrimaryUpdatePath - when we attempted to access this URL we were getting a 404 error - this is potentially what the problem is?
Update 4/1/22
I found the following article from the Exchange Team Blog that references this issue and provides a script to fix it
Before implementing the provided fix, I can ran the default script to Enable-AntimalwareScanning (located in C:\Program Files\Microsoft\Exchange Server\V15\Scripts) - mail delivery operated for a brief period of time before mails began queuing again.
I ran the script provided in the blogpost, and even after a full server restart, the problem still persists so I have disabled the antimalware scanning again
Fix/Solution/Workaround
Disable the anti-malware scanning option. This is easily done by running the included powershell script in your Exchange installation directory
C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Disable-AntimalwareScanning.ps1
Run the script then restart the Microsoft Exchange Transport Service
Once we did this the submission queue immediately started clearing.
You can reverse the change easily by running the Enable-AntimalwareScanning.ps1 script in the same folder later on.
We've also found this recent MS article outlining steps to manually update the scan engines used by Exchange Server, but we found it still failed to update the signatures after running it
https://docs.microsoft.com/en-us/exchange/troubleshoot/setup/manually-update-scan-engines
Thank You very much. You save my day. My exchange after instaling update and restart just stop workin :/
ReplyDeleteglad you found the information useful!
DeleteThank you this worked like a charm. Exactly what I needed. However if I try to re-enable scanprocessing it brings down my Submission Queue. How to troubleshoot the "WHY" is enabling scanning messes my exchange?
ReplyDeleteThanks.
i have the same situation but i'm able to download the updates according https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/download-antimalware-updates?view=exchserver-2019.
ReplyDeletethe problem started with the installation of the lastest windows cu updates some days ago. it would be interesting what versions you are running.
i'm on the follwing patch-level:
Exchange: Exchange Server 2016 CU21 Nov21SU November 9, 2021 15.1.2308.20 15.01.2308.02
Server: Server 2012R2, December Update installed (KB5008263)
My server is running version 15.02.0986.014 which is Exchange Server 2019 CU11 Nov21SU - currently the latest available
DeleteWe have the same issue with Exchange Server 2016 CU21... Trying CU22 after hours tonight
ReplyDeleteIssues appears to be resolved after installing CU22
DeleteAnyone know which KB brought this upon us?
ReplyDeleteFor 2016 Exchange, it appears to be CU21 - someone else mentioned above that the issue seems to be resolved after updating to CU22
ReplyDeleteFor 2019 Exchange (the version I'm using), the issue is affecting CU11 Nov21SU which is the latest available release.
Had this issue and in addition to the https://aka.ms/ResetScanEngineVersion script provided by Microsoft I also ran the official HealthChecker script https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
ReplyDeleteThis showed that we were missing the Visual C++ 2013 Redistributable package on the server - once installed, the malware scanner component worked properly again :)
https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/VisualCRedistributableVersionCheck/