过去一天左右,我一直在诊断 Exchange 2019 服务器中与反恶意软件过滤/扫描相关的一些问题。该功能在我们的服务器上被禁用,我启用了它,并根据 Microsoft 文档重新启动了传输服务:
- https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/antimalware-procedures?view=exchserver-2019#use-the-exchange-management-shell-to-enable-or-disable-malware-filtering-on-mailbox-servers
- https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/download-antimalware-updates?view=exchserver-2019
但是,在事件查看器中,我们收到一些日志,表明此功能不起作用:
Event 6031, FIPFS: MS Filtering Engine Update process has successfully downloaded updates for Microsoft.
Event 6034, FIPFS: MS Filtering Engine Update process is testing the Microsoft scan engine update
Event 6035, FIPFS: MS Filtering Engine Update process was unsuccessful in testing an engine update.
Engine: Microsoft
它看起来像是由于某种原因而失败并记录“MS 过滤引擎更新过程在测试引擎更新时失败。”
然后这个过程重复进行,我们可以看到它再次尝试:
Event 7003, FIPFS: MS Filtering Engine Update process has successfully scheduled all update jobs.
Event 6024, FIPFS: MS Filtering Engine Update process is checking for new engine updates.
Scan Engine: Microsoft
Update Path: http://amupdatedl.microsoft.com/server/amupdate
Event 6030, FIPFS: MS Filtering Engine Update process is attempting to download a scan engine update.
Scan Engine: Microsoft
Update Path: http://amupdatedl.microsoft.com/server/amupdate.
Event 6031, FIPFS: MS Filtering Engine Update process has successfully downloaded updates for Microsoft.
Event 6034, FIPFS: MS Filtering Engine Update process is testing the Microsoft scan engine update
Event 6035, FIPFS: MS Filtering Engine Update process was unsuccessful in testing an engine update.
Engine: Microsoft
配置设置看起来不错,我们允许 amupdatedl.microsoft.com 和 forefrontdl.microsoft.com 通过防火墙。(看起来这有效,因为事件查看器日志显示已成功下载。)
任何想法/帮助都将不胜感激!谢谢!
编辑:另一点需要注意的是,它似乎确实正在尝试下载并使用一些扫描引擎更新,此处带有最近时间戳的暂存文件夹就是证据。
我还发现了一些其他资源表明存在权限问题,但经检查,网络服务对 E:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Data 具有完全权限
我看过的东西:
- https://social.technet.microsoft.com/Forums/en-US/832e155e-054a-4e1c-8ce0-41a778abe8ff/exchange-2016-cu11-antimalware-automatic-update-fails?forum=Exch2016MFSM
- http://www.networksteve.com/exchange/topic.php/Error_of_Get-EngineUpdateInformation_in_Exchange_2013/?TopicId=56872&Posts=3
- https://martijnwestera.blogspot.com/2015/08/exchange-2013-built-in-anti-malware-ms.html
- https://www.reddit.com/r/exchangeserver/comments/2kvxj5/updating_antimalware_engine_in_ex2013cu6/
- https://docs.microsoft.com/en-us/archive/blogs/ehlro/exchange-2013-malware-engine-updates-troubleshooting
- https://social.technet.microsoft.com/Forums/lync/en-US/09b9b26e-5898-42de-958d-ab967398bab8/error-id-6027-ms-filtering-engine-update-process-was-unsuccessful-in-contacting-the-primary-update?forum=exchangesvrgeneral
- https://docs.microsoft.com/en-us/exchange/download-engine-and-definition-updates-exchange-2013-help?redirectedfrom=MSDN
答案1
自 12 月 8 日起在 2 台 Exchange 2016 和 2 台 Exchange 2019 服务器上收到此事件。这似乎是两种下载路径的常见问题。此后没有更新。引擎:Microsoft LastChecked:2021 年 10 月 12 日 11:42:51 +01:00 LastUpdated:2021 年 8 月 12 日 01:13:24 +01:00 EngineVersion:1.1.18700.4 SignatureVersion:1.353.2243.0 SignatureDateTime:2021 年 7 月 12 日 06:41:19 +01:00 UpdateVersion:2112070009 UpdateStatus:UpdateAttemptFailed
12 月 14 日:我开了一张 MS 票。让我们看看……
答案2
我做了一些研究,有很多原因导致了这个问题,您可以使用 FPSDiag.exe (E:\Exchange Server\FIP-FS\bin) 生成日志来分析这个错误。
此外,我还发现了类似的线并且针对这个问题进行了一些讨论,供大家参考,希望对大家有所帮助。
答案3
好消息:从今天早上开始,更新又恢复了。也许是因为我在 Exchange 团队博客上的帖子,或者因为我的 MS Ticket。自己看看吧。一切都很好 :)
答案4
有此问题(FIPS-FS 扫描进程失败错误(0x80010105)和 scanprocess.exe 上的应用程序错误(0xc0000005)),并且除了运行https://aka.ms/ResetScanEngineVersion微软提供的脚本我也运行了官方的 HealthChecker 脚本https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
这表明 Visual C++ 2013 Redistributable 包已从服务器中删除,这是 Exchange 的先决条件 - 重新安装后,恶意软件扫描程序组件即可再次正常工作:)
https://docs.microsoft.com/en-us/exchange/exchange-2013-prerequisites-exchange-2013-help