====== Microsoft Exchange Server 2016 Stopped Transporting Email on January 1st 2022 ======

You notice that your Outlook Web Access shows your last received email is before midnight on New Years Eve December 31, 2021.  

According to [[https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-year-2022-bug-in-fip-fs-breaks-email-delivery/]], There is a bug in the FIP-FS engine that is blocking email delivery with on-premise servers starting at midnight . . . [and] . . . This is caused by Microsoft using a signed int32 variable to store the value of a date, which has a maximum value of 2,147,483,647 . . . However, dates in 2022 have a minimum value of 2,201,010,001, which is greater than the maximum value that can be stored in the signed int32 variable, causing the scanning engine to fail and not release mail for delivery.

Check your Exchange Server's Event Log for an error or errors similar to this "The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error" or "Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long."

See also: [[https://www.alitajran.com/exchange-mail-flow-breaks]]

Here is a temporary fix until Microsoft issues Exchange updates addressing this problem.  Either disable or bypass anti-malware scanning, and then restart the Exchange 2016 Transport Service, all using Exchange PowerShell.

See: [[https://docs.microsoft.com/en-us/exchange/disable-or-bypass-anti-malware-scanning-exchange-2013-help]]

I recommend to Bypass Filtering rather than disabling the anti-malware service.

See:  [[https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/antimalware-procedures?view=exchserver-2019]]

Open Exchange Management Shell

Check Malware Agent
[PS] C:\Windows\system32> Get-TransportAgent "Malware Agent"

Result should look like this:


<blockquote>__Identity__        __Enabled__        __Priority__

Malware Agent          True                5</blockquote>



Check Malware Filtering Server

<blockquote>[PS] C:\Windows\system32>Get-MalwareFilteringServer | Format-List BypassFiltering</blockquote>

Result should look like this:

<blockquote>BypassFiltering : False</blockquote>

Now, Set BypassFiltering to True (which stops the malware service from filtering emails)[PS] C:\Windows\sy

<blockquote>[PS] C:\Windows\system32>Set-MalwareFilteringServer yourservername.domain.lan -BypassFiltering $true</blockquote>

While processing, the powershell should echo:

<blockquote>Creating a new session for implicit remoting of "Set-MalwareFilteringServer" command...</blockquote>

Now, check to see if BypassFiltering status has changed to True:

<blockquote>[PS] C:\Windows\system32>Get-MalwareFilteringServer | Format-List BypassFiltering</blockquote>

Your result should be:

<blockquote>BypassFiltering : True
</blockquote>

Now, you need to restart the MSExchange Transport service
See: [[http://www.tinkerist.com/?p=1752]]

<blockquote>[PS] C:\Windows\system32>Restart-Service MSExchangeTransport</blockquote>

You should see multiple occurrences of the following onscreen within PowerShell:

<blockquote>WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to stop...

WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...</blockquote>

Then it will return to the the powershell prompt:

<blockquote>[PS] C:\Windows\system32></blockquote>

Open OWA in your user agent (web browser) and login to your email account.  Your emails should begin to arrive!


See: [[https://docs.microsoft.com/en-us/exchange/disable-or-bypass-anti-malware-scanning-exchange-2013-help]]

See: [[https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/antimalware-procedures?view=exchserver-2019]]