{"id":22789,"date":"2022-01-01T10:47:04","date_gmt":"2022-01-01T09:47:04","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22789"},"modified":"2022-01-02T01:45:03","modified_gmt":"2022-01-02T00:45:03","slug":"exchange-fip-fs-scan-engine-failed-to-load-cant-convert-2201010001-to-long-1-1-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/01\/01\/exchange-fip-fs-scan-engine-failed-to-load-cant-convert-2201010001-to-long-1-1-2022\/","title":{"rendered":"Exchange Year 2022 Problem: FIP-FS Scan Engine failed to load – Can’t Convert “2201010001” to long (2022\/01\/01 00:00 UTC)"},"content":{"rendered":"

[German<\/a>]A short note to the administrators whose on-premises Exchange servers are currently on strike and cannot load the FIP-FS scan engine (virus scanner) and report an error Can't Convert \"2201010001\" to long<\/em>. You are probably not alone, as of Jan. 1, 2022 0:00 UTC on-premises Exchange servers seem to freezing transport of all emails – a date can't get converted. Here is a quick overview of what is going on.<\/p>\n

<\/p>\n

FIP-FS Scan Engine<\/h2>\n

\"\"FIP-FS is probably the anti-malware virus scanner that has been on board since Exchange Server 2013. This is supposed to scan the on-premises Exchange Server installation for malicious content. However, this anti-malware scan engine seems to cause problems more often. Back in October 2016, Frank Z\u00f6chling published the German blog post Exchange 2016: FIPFS Event ID 6027 Filter Updates werden nicht runtergeladen<\/a>, which pointed out numerous error possibilities when updating the signature files. ver\u00f6ffentlicht, der auf zahlreiche Fehlerm\u00f6glichkeiten beim Aktualisieren der Signaturdateien hinweist.<\/p>\n

And in early December 2021, someone on serverfault.com posted the entry Exchange 2019 Antimalware engine updates download but don't get applied<\/a>. There, the FIP-FS MS Filtering Engine permanently generates entries in the Event Viewer because updates could not be installed. It has probably affected different Exchange versions and might be related to downloads of updates or virus signatures. There the error was probably corrected by Microsoft.<\/p>\n

FIP-FS error Can't Convert \"2201010001\" to long<\/h2>\n

I was just alerted on Twitter by a follower to the following tweet<\/a>, which briefly describes the problem, which has been occurring since January 1, 2022.<\/p>\n

\"Exchange:<\/a><\/p>\n

Under Exchange, the Microsoft Scan Engine FIP-FS cannot be loaded. Instead, the error Can't Convert \"2201010001\" to long is reported. Seems that the new date is a challenge for Exchange. In follow-up tweets, another user reports<\/a> with the name Joseph Roosen:<\/p>\n

Umm ya having issues with no mailflow because of this since that keeps crashing over and over since 0000 UTC.
\nDear we have a problem with hybrid since this service keeps crashing so basically mail is down.
\n@MSFTExchange<\/a>\u00a0@Microsoft<\/a>\u00a0@MSFT365Status<\/a><\/p><\/blockquote>\n

So it fits, the Exchange doesn't let any mails through anymore. And via Facebook, someone pointed me to this tweet from Joseph Roosen, which puts it a bit in context:<\/p>\n

<\/a><\/p>\n

Just in time for the new year, the virus scanner on Exchange Server goes on strike and scares administrators. Since March 2021, Microsoft has published the article The FIP-FS Scan Process failed initialization. Error: 0x80010105 AND Faulting application name: scanningprocess.exe<\/a>, which refers to Exchange Server 2016 on Windows Server 2016. There is the current entry from 1\/1\/2022:<\/p>\n

The exchange server was stuck with this error:<\/p>\n

The FIP-FS \"Microsoft\" Scan Engine failed to load. PID: 39268, Error Code: 0x80004005. Error Description: Can't convert \"2201010003\" to long. \/ Event ID 5300<\/p>\n

I have disabled filtering:<\/p>\n

Set-MalwareFilteringServer exch-19 -BypassFiltering $true<\/p>\n

and email is going agian … and I am looking for more info how to recover malware scanning service<\/p>\n

FYI
\nhappy new year exchnage<\/p><\/blockquote>\n

So it seems that some (all?) Exchange servers are affected.<\/p>\n

Workaround: Disable Anti Malware Agent<\/h2>\n

The affected person from the above tweet has meanwhile posted a very simple solution<\/a> via Twitter. He has deactivated the anti-malware agent on the Exchange server.<\/p>\n

\"Exchange<\/p>\n

For this purpose there is the script Disable-AntiMalwareScanning.ps1. Then malware scans are no longer executed – but the mails can be sent and delivered again. Someone else who is affected by this New Year's surprise.<\/p>\n

Addendum: Microsoft has now confimed the issue and is working on a fix – see\u00a0Microsoft confirms Exchange Year 2022 problem that FIP-FS Scan Engine failed to load (Jan. 1, 2022)<\/a>.<\/p>\n

Similar articles:
\n<\/strong>Security updates for Exchange Server (July 2021)<\/a>
\nCumulative Exchange CUs June 2021 released<\/a>
\nExchange Server Security Update KB5001779 (April 13, 2021)<\/a>
\nExchange isues with ECP\/OWA search after installing security update (March 2021)<\/a>
\nExchange security updates from July 2021 breaks ECP and OWA<\/a>
\nExchange 2016\/2019: Outlook problems due to AMSI integration<\/a>
\nWave of attacks, almost 2,000 Exchange servers hacked via ProxyShell<\/a>
\nExchange Server 2016-2019: Custom attributes in ECP no longer updatable after CU installation (July 2021)<\/a>
\nExchange Server: Authentication bypass with ProxyToken<\/a>
\nExchange vulnerabilities: Will we see Hafnium II?<\/a>
\nExchange 2016\/2019: Outlook problems due to AMSI integration<\/a>
\nExchange Server September 2021 CU comes Sept. 28 with Microsoft Exchange Emergency Mitigation Service<\/a>
\nExchange Server September 2021 CU (2021\/09\/28)<\/a>
\nSecurity updates for Exchange Server (October 2021)<\/a>
\nTianfu Cup 2021: Exchange 2019 and iPhone hacked<\/a>
\nBabuk gang uses ProxyShell vulnerability in Exchange for ransomware attacks<\/a>
\nExchange Server November 2021 Security Updates Close RCE Vulnerability CVE-2021-423<\/a>
\nCERT warning: Compromised Exchange servers are misused for email attacks (Nov. 2021)<\/a>
\nCERT-Federation, USA, GB warns about attacks on Exchange and Fortinet<\/a>
\nProxyNoShell: Mandiant warns of new attack methods on Exchange servers (Nov. 2021)<\/a>
\nProxyShell, Squirrelwaffle and a new PoC Exploit, patch your Exchange Server!<\/a>
\nExamples of virus mails from a compromised Exchange server<\/a>
\nGerman CERT-Bund warns about vulnerable Exchange Server with OWA reachable from Internet<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]A short note to the administrators whose on-premises Exchange servers are currently on strike and cannot load the FIP-FS scan engine (virus scanner) and report an error Can't Convert \"2201010001\" to long. You are probably not alone, as of Jan. … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,1547],"tags":[869,47],"class_list":["post-22789","post","type-post","status-publish","format-standard","hentry","category-issue","category-software","tag-exchange","tag-issue"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22789"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22789\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}