‘Microsoft Exchange servers stop mail traffic due to possible date error’

Several system administrators on Twitter, Reddit and the Microsoft forum are reporting problems with email traffic in Exchange 2016 and 2019. They get an error message and email traffic is parked. The problem appears to be a date error in a recent update.

Different admins, including on the subreddit r/sysadmin, say their New Year’s Eve celebrations have been interrupted by a problem with Microsoft Exchange 2019 and 2016 after a recent update. They report a problem with the ‘Microsoft Filtering Management Service’, Microsoft’s anti-malware service for Exchange. Mail traffic seems to be blocked and parked, and administrators are getting the message ‘The FIP-FS Scan Engine failed to load. Can’t convert “220010002” to long.”

Different administrators, including on the Microsoft forum, suggest that a recent update has a bug. They argue that there is a problem with how Exchange handles the date, causing an error message and the anti-malware filter to block all email traffic. For the time being, the only solution seems to be to switch off the filter completely.

Reddit user FST-LANE was the first to report the issue on Reddit. According to this user, according to the logs, the problems started after the MS Filtering Engine Update got update version 2201010001, around 2:00 AM Dutch time. Former system administrator Joseph Roosen says on Twitter that the problem started as of midnight UTC.

On the Microsoft forum, user JulianSiebert predicted on December 31 that a problem would arise. The number that Microsoft gives to an update is converted to a 32-bit long or integer data type. That allows a positive integer value up to 2147483647. It seems that Microsoft uses the first two numbers of the update version to indicate the year of the update. In 2021 this did not lead to problems, but now that it is 2022, the value of update version is converted to a long type larger than the maximum value, which is 2201010001.

FST-LANE states that the solution is for Microsoft to convert the value to “unsigned long”, making the maximum value 4294967295, and there will be no problems until 2043. Microsoft has not yet responded to the problems. Until then, the best solution for system administrators is to disable the anti-malware service via ‘Disable-Antimalwarescanning.ps1’.