Email Messages Being Stuck in Transport Queues of On-premises Exchange Server



In the beginning of January 2022, it was reported across internet that several Exchange Server 2016 and Exchange Server 2019 on-premises versions had started to report an issue where emails were getting stuck in queue instead of being delivered to the intended recipients of the message. 

Later fix for this issue was provided by Microsoft to resolve the case where emails were getting stuck in transport queues of on-premises Exchange Server 2016 and Exchange Server 2019. Microsoft has stated that this issue is not caused due to malware scanning or malware engine rather it’s an issue due to failure of date check for the new year.

Exchange On-premises Transport Queues with the error “message deferred by categorizer agent” was displayed in logs.  The issue occurs because of the version checking, performed against the signature file. The version checking causes the anti-malware engine to crash, thus resulting in messages being retained in transport queues. 

The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.

Symptoms of Issue

When such an issue appears, the following event viewer logs are seen on the system:

Log Name: Application 
Source: FIPFS 
Logged: 1/1/2022 1:03:42 AM 
Event ID: 5300 
Level: Error 
Computer: server1.contoso.com
Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long.

Log Name: Application 
Source: FIPFS 
Logged: 1/1/2022 11:47:16 AM 
Event ID: 1106 
Level: Error 
Computer: server1.contoso.com 
Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.

Solution as provided by Microsoft is explained below :

  • Reset-ScanEngineVersion.ps1 script file can be downloaded from this URL : https://aka.ms/ResetScanEngineVersion  
  • Before running the script, change the execution policy for PowerShell scripts by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
  • Run the script on each Exchange mailbox server that downloads antimalware updates in your organization (use elevated Exchange Management Shell).
  • Re-enable the Antimalware Scanning using the Enable-AntimalwareScanning.ps1 script.
Note: Edge Transport servers are unaffected by this issue. Microsoft has announced that this script can be run on multiple servers in parallel. After the script has completed, you will see the following output:

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1
EXCH1 Stopping services...
EXCH1 Removing Microsoft engine folder...
EXCH1 Emptying metadata folder...
EXCH1 Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
EXCH1 Starting engine update...
Running as EXCH1-DOM\Administrator.
--------
Connecting to EXCH1.CONTOSO.com.
Dispatched remote command. Start-EngineUpdate -UpdatePath http://amupdatedl.microsoft.com/server/amupdate
--------
[PS] Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.
--------
[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-EngineUpdateInformation

Engine                : Microsoft
LastChecked           : 01/01/2022 08:58:22 PM -08:00
LastUpdated           : 01/01/2022 08:58:31 PM -08:00
EngineVersion         : 1.1.18800.4
SignatureVersion      : 1.355.1227.0
SignatureDateTime     : 01/01/2022 03:29:06 AM -08:00
UpdateVersion         : 2112330001 (note: higher version number starting with 211233... is also OK)
UpdateStatus          : UpdateAttemptSuccessful

No comments

Copyright © 2021 Hosting Controller Inc.. Powered by Blogger.