On-Prem Exchange 2016 and 2019 Anti-Malware Issue

Happy New Year and welcome to 2022!

On-prem Exchange 2016 and 2019 anti-malware issue!

Mail flowing through on-prem Exchange will have the majority (if not all) messages queued with this…

“Last Error: Message deferred by categorizer agent”

Though it is stated that this issue started around midnight local times on Sat 1 Jan 2022, messages in our queues started queuing at 4:56 PM Pacific time on Fri 31 Dec 2021 (~1:00 AM UTC, 1 Jan 2022) per these Application events…

Source: FIPFS
Event ID: 1113
The scan process with PID: 13612 was terminated. Reason: FailedEngineUpdate.

Source: FIPFS
Event ID: 5300
The FIP-FS "Microsoft" Scan Engine failed to load. PID: 31692, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long.

Source: FIPFS
Event ID: 1106
The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.

Source: FIPFS
Event ID: 1127
The FIP-FS Filtering Management Service was unable to acquire a scanner within the specified timeout. The process will be terminated.

No known fix yet but these workarounds temporarily address the issue…

Until Microsoft provides a permanent resolution, both above workarounds have us disabling the malware filter and restarting the transport service, per https://docs.microsoft.com/en-us/exchange/disable-or-bypass-anti-malware-scanning-exchange-2013-help.

Set-MalwareFilteringServer <ServerName> -BypassFiltering $true
Restart-Service MSExchangeTransport

Good luck!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s