What is the cause and fix for the problem that Microsoft Exchange Server cannot deliver mail?

There is a problem with Microsoft's Microsoft Exchange Server that makes it impossible to deliver mail after January 1, 2022, and Microsoft is busy dealing with it. The bug is reported as a 'Y2K22 bug', and the cause is attributed to a check of malware filtering version information.

Email Stuck in Exchange On-premises Transport Queues --Microsoft Tech Community
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447

Y2K22 bug: Microsoft rings in the new year by breaking Exchange servers all around the world --Neowin
https://www.neowin.net/news/y2k22-bug-microsoft-rings-in-the-new-year-by-breaking-exchange-servers-all-around-the-world/

Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-year-2022-bug-in-fip-fs-breaks-email-delivery/

Reddit , the bulletin board site where this issue was first pointed out, has some Exchange admins whose New Year celebrations have been interrupted due to a Microsoft Filtering Management Service outage and reported email flow issues. Do you? Looking at the event log of the application, a report was posted saying 'I'm getting a lot of errors like' Unable to convert '220101001' to long 'in the FIPFS event.'


Sopra Steria, a Norwegian development company, has a similar report on its official blog. SopraSteria explains that the cause is 'Microsoft uses a signed Int32 date for the version, and 2201010001 dated January 1, 2022 has exceeded the long int maximum of 2147483647.' I am.

And Microsoft admitted that the cause of the '2022 issue' was in the version. The update of Microsoft Filtering Engine used in Microsoft Exchange Server was delivered on January 1, 2022, but this delivered version number was '2201010001' based on the date, so in the version check When I read the signature file, it crashes and the mail gets stuck in the transport queue.

Initially, there was a way to disable the Microsoft Filtering Management Service to fix this bug, but Microsoft fixed the version number from '202201010001' dated January 1, 2022 to '202112330001'. We are dealing with the problem by doing.

However, the user must update the version of the signature file to fix the bug. Microsoft has an automated script that encourages you to follow the steps below.

1: Download the countermeasure automation script 'Reset-ScanEngineVersion.ps1' from the following site.

Email Stuck in Exchange On-premises Transport Queues --Microsoft Tech Community
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447

2: Before executing the script, execute Set-ExecutionPolicy -ExecutionPolicy RemoteSigned to change the execution policy of the PowerShell script.

3: Execute the downloaded script on the mailbox server managed by Microsoft Exchange Server.

In addition, it is possible to deal with the problem by manually executing the following procedure.

1: Execute Get-EngineUpdateInformation to check the version and check if it starts with '22 ……'. If the version starts with '21 ...', you don't need to take any action.

2: Stop the Microsoft Filtering Management Service and Microsoft Exchange Transport Service.

3: Confirm that updateservice.exe is not executed from the task manager.

4: Delete the '% ProgramFiles% \ Microsoft \ Exchange Server \ V15 \ FIP-FS \ Data \ Engines \ amd64 \ Microsoft' folder.

5: Delete all files from the '% ProgramFiles% \ Microsoft \ Exchange Server \ V15 \ FIP-FS \ Data \ Engines \ metadata' folder.

6: Start Microsoft Filtering Management Service and Microsoft Exchange Transport Service.

7: Open the Exchange Management Shell and run Update-MalwareFilteringServer.ps1 located in '% ProgramFiles% \ Microsoft \ Exchange Server \ V15 \ Scripts'.

8: Execute 'Add-PSSnapinMicrosoft.Forefront.Filtering.Management.Powershell'.

9: Execute Get-EngineUpdateInformation and confirm that the version is 2112330001 or later.