Problem of the year 2022 – Microsoft Exchange users report problems with e-mail. Should value: 2147483647 …

It might seem that errors in IT systems related to the change of the year are the domain of the past (e.g. the known problem of the year 2000). Meanwhile, not entirely, because users of Microsoft Exchange, i.e. an e-mail solution mainly used in companies, report such errors today:

The FIP-FS “Microsoft” Scan Engine failed to load. PID: ХХХХХ, Error Code: 0x80004005. Error Description: Can’t convert “2201010001” to long.

(…)

Since the service is interconnected with the transport service, mail stops coming in and out, respectively.

FIP-FS is an anti-virus scanner that was included for the first time with Exchange version 2013. It provides at least basic protection of mailboxes by scanning the mail content for various malware. Due to the above-mentioned error, it is impossible to load it into memory, thus blocking the operation of e-mail in environments using Exchange. While in many cases this is not a serious problem during the holiday season, in some industries production must run practically without interruption. On the other hand, essential services should be provided with HA, however, mail maintenance is generally a compiled issue.

As noted in this tweet, the maximum value of the long type is 2147483647, which is not necessarily a good type of time variable, especially in the format used in Exchange. The date January 1, 2022 “jumped” beyond this range, causing a fairly serious error (its occurrence caused the whole to “spill”).

There is no official solution to the problem yet, but an effective workaround, according to many users, is simply to temporarily disable the scanner with the Disable-AntiMalwareScanning.ps1 script and restart the MSExchangeTransport service (theoretically, just using the script should force a restart).

Creators of similar solutions should pay attention to such cases. In this situation, the use of a variable of a different type should be considered, but it is worth testing various scenarios (including the program’s responses to the change of the year), because thanks to this, other, probably more complicated errors can also be detected. Exchange itself already contained a serious vulnerability called ProxyLogon enabling RCE.

Testing different scenarios in separate environments is also an important task for administrators. You should definitely not rely on one supplier, rather try to use different components. In the case of mail, you can also consider keeping it outside instead of in your own infrastructure, which can save a lot of time and is often also profitable. A good solution is to use HA, i.e. ensuring the continuity of operation (SLA) of the system when one of its components is not working. This does not mean a failure of a given component of the environment, but also standard administrative work, which ideally should not affect the operation of the system. There should definitely be no SPOF, single points of failure, i.e. an element whose unavailability causes the whole to stop working.

–Michał Giza


About Eric Wilson

The variety offered by video games never ceases to amaze him. He loves OutRun's drifting as well as the contemplative walks of Dear Esther. Immersing himself in other worlds is an incomparable feeling for him: he understood it by playing for the first time in Shenmue.

Check Also

We will see two Antonovs An-225 Mrija in the sky. Who will build it?

Antonov An-225 Mrija is the world’s largest transport plane. It is equipped with 6 engines, …

Leave a Reply

Your email address will not be published. Required fields are marked *