October 4, 2022

Microsoft releases emergency fix for Exchange year 2022 bug

Microsoft has released an unexpected emergency take care of for a year 2022 bug that is breaking e mail delivery on on-premise Microsoft Trade servers.

As the calendar year 2022 rolled in and the clock struck midnight, Trade admins all over the world learned that their servers ended up no extended providing electronic mail. Right after investigating, they found that mail was having stuck in the queue, and the Windows party log confirmed just one of the following glitches.

Log Identify: Application 
Supply: FIPFS 
Logged: 1/1/2022 1:03:42 AM 
Function ID: 5300 
Level: Error 
Computer: server1.contoso.com
Description: The FIP-FS "Microsoft" Scan Motor unsuccessful to load. PID: 23092, Error Code: 0x80004005. Error Description: Can not convert "2201010001" to lengthy.
Log Identify: Application 
Source: FIPFS 
Logged: 1/1/2022 11:47:16 AM 
Party ID: 1106 
Level: Mistake 
Personal computer: server1.contoso.com 
Description: The FIP-FS Scan Method failed initialization. Mistake: 0x80004005. Mistake Details: Unspecified error.

These glitches are brought about by Microsoft Exchange examining the variation of the FIP-FS antivirus scanning engine and trying to shop the day in a signed int32 variable.

Even so, this variable can retail outlet only a maximum value of 2,147,483,647, which is less than the new day value of 2,201,010,001 for January 1st, 2022, at midnight.

Owing to this, when Microsoft Trade attempts to check the AV scanning version, it would create a bug and lead to the malware motor to crash.

“The edition checking executed against the signature file is leading to the malware engine to crash, ensuing in messages being stuck in transportation queues,” Microsoft discussed in a blog submit.

Microsoft releases short-term deal with

Microsoft has released a non permanent resolve necessitating customer motion whilst working on an update that mechanically fixes the situation.

This deal with arrives in the type of a PowerShell script named ‘Reset-ScanEngineVersion.ps1.’ When executed, the script will cease the Microsoft Filtering Administration and Microsoft Exchange Transport services, delete older AV motor files, download the new AV motor, and begin the services all over again.

To use the automatic script to use the resolve, you can abide by these measures on each individual on-premise Microsoft Exchange server in your organization:

  1. Down load the Reset-ScanEngineVersion.ps1 script from https://aka.ms/ResetScanEngineVersion.
  2. Open an elevated Exchange Administration Shell.
  3. Alter the execution policy for PowerShell scripts by running Established-ExecutionPolicy -ExecutionPolicy RemoteSigned.
  4. Run the script.
  5. If you had previously disabled the scanning motor, permit it yet again using the Permit-AntimalwareScanning.ps1 script.

Microsoft warns that this method may possibly take some time, dependent on the organization’s size.

Microsoft has also delivered ways that admins can use to update the scanning engine manually.

After running the script, Microsoft suggests that e-mail will commence providing all over again, but it might take some time to full based on the amount of electronic mail that was stuck in the queue.

Microsoft also describes that the new AV scanning engine will be edition number 2112330001, which references a day that does not exist and that admins ought to not be worried.

“The newly updated scanning motor is absolutely supported by Microsoft. While we want to get the job done on this sequence more time term, the scanning engine variation was not rolled back, instead it was rolled ahead into this new sequence,” explained Microsoft.

“The scanning engine will go on to receive updates in this new sequence.”

Update 1/3/22: Improved to right greatest price of int32 variable.