Microsoft Exchange users were hit by a New Year bug that prevented the delivery of emails. The “year 2022” bug in the FIP-FS anti-malware scanner resulted in error messages including “The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error” and “Error Code: 0x80004005. Error Description: Can’t convert “2201010001” to long”.
While the bug caused a degree of panic, Microsoft has now released an official fix. Anyone who has encountered the issue can apply the fix manually, or use an automated script to take care of things.
In a post in its support forums, Microsoft says: “We’ve created a solution to address the problem of messages stuck in transport queues on Exchange Server 2016 and Exchange Server 2019 because of a latent date issue in a signature file used by the malware scanning engine within Exchange Server. When the issue occurs, you’ll see errors in the Application event log on the Exchange Server, specifically event 5300 and 1106 (FIPFS)”.
The company says that users can pay a visit to https://aka.ms/ResetScanEngineVersion to apply a fix, or they can use a manual option instead.
In lieu of using the script, customers can also manually perform steps to resolve the issue and restore service. To manually resolve this issue, you must perform the following steps on each Exchange server in your organization:
Remove existing engine and metadata
1. Stop the Microsoft Filtering Management service. When prompted to also stop the Microsoft Exchange Transport service, click Yes.
2. Use Task Manager to ensure that updateservice.exe is not running.
3. Delete the following folder: %ProgramFiles%MicrosoftExchange ServerV15FIP-FSDataEnginesamd64Microsoft.
4. Remove all files from the following folder: %ProgramFiles%MicrosoftExchange ServerV15FIP-FSDataEnginesmetadata.
Update to latest engine
1. Start the Microsoft Filtering Management service and the Microsoft Exchange Transport service.
2. Open the Exchange Management Shell, navigate to the Scripts folder (%ProgramFiles%MicrosoftExchange ServerV15Scripts), and run Update-MalwareFilteringServer.ps1 <server FQDN>.
Verify engine update info
1. In the Exchange Management Shell, run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell.
2. Run Get-EngineUpdateInformation and verify the UpdateVersion information is 2112330001.
After updating the engine, we also recommend that you verify that mail flow is working and that FIPFS error events are not present in the Application event log.