I've been diagnosing for the past day or so some issues with an Exchange 2019 server related to Antimalware filtering/scanning. This was disabled on our server, I enabled it, and restarted the transport service per the Microsoft docs:
- https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/antimalware-procedures?view=exchserver-2019#use-the-exchange-management-shell-to-enable-or-disable-malware-filtering-on-mailbox-servers
- https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/download-antimalware-updates?view=exchserver-2019
In Event Viewer, however, we're getting some logs that indicate this isn't working:
Event 6031, FIPFS: MS Filtering Engine Update process has successfully downloaded updates for Microsoft.
Event 6034, FIPFS: MS Filtering Engine Update process is testing the Microsoft scan engine update
Event 6035, FIPFS: MS Filtering Engine Update process was unsuccessful in testing an engine update.
Engine: Microsoft
It looks like it fails for some reason and logs "MS Filtering Engine Update process was unsuccessful in testing an engine update."
Then the process repeats and we can see it trying again:
Event 7003, FIPFS: MS Filtering Engine Update process has successfully scheduled all update jobs.
Event 6024, FIPFS: MS Filtering Engine Update process is checking for new engine updates.
Scan Engine: Microsoft
Update Path: http://amupdatedl.microsoft.com/server/amupdate
Event 6030, FIPFS: MS Filtering Engine Update process is attempting to download a scan engine update.
Scan Engine: Microsoft
Update Path: http://amupdatedl.microsoft.com/server/amupdate.
Event 6031, FIPFS: MS Filtering Engine Update process has successfully downloaded updates for Microsoft.
Event 6034, FIPFS: MS Filtering Engine Update process is testing the Microsoft scan engine update
Event 6035, FIPFS: MS Filtering Engine Update process was unsuccessful in testing an engine update.
Engine: Microsoft
The configuration settings look fine and we've allowed both amupdatedl.microsoft.com and forefrontdl.microsoft.com through the firewall. (It appears that's working because it says downloaded successfully in the Event Viewer logs.)
Any ideas / help would be much appreciated! Thank you!
Edit: One other note, it does seem to be trying to download and use some of the scan engine updates as evidenced by this staging folder here with recent timestamps.
I also found some other resources that suggested a permissions issue, but I checked and Network Service has full permissions to E:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Data
Things I've looked at:
- https://social.technet.microsoft.com/Forums/en-US/832e155e-054a-4e1c-8ce0-41a778abe8ff/exchange-2016-cu11-antimalware-automatic-update-fails?forum=Exch2016MFSM
- http://www.networksteve.com/exchange/topic.php/Error_of_Get-EngineUpdateInformation_in_Exchange_2013/?TopicId=56872&Posts=3
- https://martijnwestera.blogspot.com/2015/08/exchange-2013-built-in-anti-malware-ms.html
- https://www.reddit.com/r/exchangeserver/comments/2kvxj5/updating_antimalware_engine_in_ex2013cu6/
- https://docs.microsoft.com/en-us/archive/blogs/ehlro/exchange-2013-malware-engine-updates-troubleshooting
- https://social.technet.microsoft.com/Forums/lync/en-US/09b9b26e-5898-42de-958d-ab967398bab8/error-id-6027-ms-filtering-engine-update-process-was-unsuccessful-in-contacting-the-primary-update?forum=exchangesvrgeneral
- https://docs.microsoft.com/en-us/exchange/download-engine-and-definition-updates-exchange-2013-help?redirectedfrom=MSDN
Best Answer
Got this event since the 8th of December on 2 Exchange 2016 and 2 Exchange 2019 Servers. Looks like a common problem with both download paths. No Updates since then. Engine : Microsoft LastChecked : 12.10.2021 11:42:51 +01:00 LastUpdated : 12.08.2021 01:13:24 +01:00 EngineVersion : 1.1.18700.4 SignatureVersion : 1.353.2243.0 SignatureDateTime : 12.07.2021 06:41:19 +01:00 UpdateVersion : 2112070009 UpdateStatus : UpdateAttemptFailed
14th of december: I opened a MS Ticket. Let's see..