Okay Microsoft this is not how to start off 2022

Topic

New Reply

Business patchers only – heads up Joseph Roosen on Twitter: “#Microsoft and #Exchange starting off 2022 with a 💣as of 00:00UTC with freezing transport
[See the full post at: Okay Microsoft this is not how to start off 2022]

Susan Bradley Patch Lady

3 users thanked author for this post.

Josh Gay, GreatAndPowerfulTech, abbodi86

Reply | Quote

Replies

Also noted here.  We are having this issue with our on-prem Exchange 2016.

https://borncity.com/win/2022/01/01/exchange-fip-fs-scan-engine-failed-to-load-cant-convert-2201010001-to-long-1-1-2022/

Reply | Quote

Here’s the Reddit thread too.

https://www.reddit.com/r/sysadmin/comments/rt91z6/exchange_2019_antimalware_bad_update/

1 user thanked author for this post.

IT Manager Geek

Reply | Quote

Disabling malware filtering fixed our server.  Hopefully we don’t need to keep this disabled for long.

https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/antimalware-procedures?view=exchserver-2016

Reply | Quote

Hello all, yes Exchange 2016 CU22 affected as well.  Question, do we understand the level of risk that be involved in disabling the exchange built-in malware filtering (considering we have additional  multi-level of other protection in place)?

Or put another way, how effective is Exchange malware filtering?  Because if it’s not considered that effective or it’s a nice to have (again assuming you have Spam & other Anti-Virus tools already in place) then the answer is easy.

In our scenario, we’re on holidays and can wait a couple of days.  That said, if Monday comes along, we’re damned if Microsoft doesn’t have a fix and the mail needs to be allowed to flow.

Look forward to the feedback.

Take care,

IT Manager Geek

Reply | Quote

Hello, it appears that Email Stuck in Transport Queues – Microsoft Tech Community discussion and subsequent link to the Reset-ScanEngineVersion.ps1 script has fixed my issue and emails are coming in (the ones in the queue are very slowly coming in, had 534 before 9 AM and now have 515).

Some observations:

• Wish Microsoft authors wouldn’t assume that everyone in their audience is an fully qualified Exchange Administrator and state ahead of time that the script has to be run in Exchange Management Shell with administrative privileges, versus having to read between the lines or read other commentaries to find out (Yes I know that you should be aware, but not everyone is fully trained on everything they’re responsible for);
• The script didn’t wait long enough to properly shut down / start up the services (MSExchangeTransport was reported as not being started up properly) and upon seeing those errors I figured I would have to restart the services or reboot the server, but didn’t have to do either as the emails started to come in soon after the script was finished;
• As reported by others, the download part of the script takes 30 minutes, even with a GB connection to the Internet;
• Within minutes of the script finishing I received many  “Delivery is delayed to these recipients or groups” email messages at the beginning, all of them I can account for as should have been received if the original 2022 issue didn’t happen and they are slowly being delivered but I’m still waiting for all of them nearly 2 hours after the fix was applied.

Understand that backlogs take time to clear out, just not sure given the above whether I should reboot the server once again, will figure that out by the end of today.

Take care,

IT Manager Geek

Reply | Quote

Running your own systems is getting more and more a privilege for the bigger companies, with their dedicated IT-staff. Small companies should use the cloud.

Anyway, I’m the admin for a small company too and indeed, I don’t know every nook and cranny. That’s where these forums come in handy 🙂

Our Exchange 2016 server was affected as well. So I ran the script and it threw lotst of errors about removing files. It turned out BITS had a lock on those files. After stopping BITS and performing the manual method, it looked fine again, besides taking the download of new Defender files a looooong time. When that finished, it also took a loooong time for the mail queue to empty….

In the end, all is working well again.

Reply | Quote

Encourage employees to make their own backups of source or important files to a local device — not cloud. Show them backup techniques using external hard drives. If technology ain’t reliable, employees need to be.

This advice is a two-edged sword.

On hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender WuMgr
offline▸ Win10Pro 20H2.19042.685 x86 Atom N270 RAM2GB HDD WindowsDefender WuMgr GuineaPigVariant
online▸ Win11Pro 21H2.22000.675 x64 i5-9400 RAM16GB HDD Firefox101.0b6 MicrosoftDefender WuMgr

Reply | Quote

I hope you have email filtering in front of your servers.  Attackers don’t take the weekend off.  It’s not a good place to be. You have the choice of keeping business running or leaving your firm at risk.

Susan Bradley Patch Lady

Reply | Quote

We use a physical mail filter PLUS a third-party scanner on our Exchange server, with the default Microsoft engine not in use, so we were not affected. Y2K22, just what we needed. Good one, Microsoft.

No matter where you go, there you are.

Reply | Quote

Microsoft’s automated script worked for us.  It also took about 30 minutes to update the engine after the script ran.

Reply | Quote