The first day of a new year is a great moment to relax and prepare for what is ahead – but spare a thought for Microsoft Exchange administrators who may have woken up to seized up installations of their on-premises email servers. I was among those affected, but only on my tiny system. Messages were stuck in the submission queue, suspiciously since midnight or thereabouts (somehow a message sneaked through timed 12.14 am) and the last error reported by the queue viewer was “Messages deferred by categorizer agent.”
As usual I went down a number of rabbit holes. Restart the Exchange Transport service. Reboot the server. Delete the first message not to be delivered in case it was corrupt and somehow clogging up the queue. Check for certificate issues.
It was none of these. Here is the guilty party in the event viewer:
The FIPS-FS Microsoft Scan Engine failed to load, with the error can’t convert “2201010001” too long.
The impact was that the malware filter could not check the message, hence the error from the categorizer agent.
The solution is to run the Exchange Shell on the server and navigate to the Scripts directory where Exchange is installed, for example C:\Program Files\Microsoft\Exchange Server\V15\Scripts. Here you will find a script called Disable-AntimalwareScanning.ps1.
& $env:ExchangeInstallPath\Scripts\Disable-AntimalwareScanning.ps1
should work. Run it, restart the Exchange Transport service, and email will start to flow.
Once the problem is patched, there is a companion script called Enable-AntimalwareScanning which restores it. Though I am not sure of the value of the Exchange malware filter since Microsoft considers that even on-premises installations should use the Microsoft 365 services for spam and malware scanning, and the on-premises protection features are not kept up to date, meaning that a third-party or open source spam and malware filter is a necessity anyway, unless you go the Office 365 route.
Another reason not to run Exchange on-premises – but Microsoft still says that hybrid systems using Azure Active Directory Connect should do so in order to manage mailboxes.
Note: the maximum value for a 32-bit signed integer is 2,147,483,647. Yesterday which was perhaps represented as 2,112,310,001 would have fitted within that whereas today 2,202,020,001 did not. Dates and times are awkward for programmers.
Update: Microsoft has an official fix here. Thanks to Erik in the comments for the link.
Great info…thank you….exchange running now afther your info
thanks very much to you and the internet for finding your article on message deferred by categorizer agent
Here you can get more information and fix info.
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
Thank you for posting! Your solution worked for me as well.
Hi Tim
It was a happy new year alright. I spent ages working through what was happening and had prepared a special backup for the Exchange VM.
Thanks for the article to the point and resolved the issue with the Exchange 2016 on premise server.
HAPPY NEW YEAR! Thank you for posting this solution.
Really appreciate the article, saved me lots of headache this morning!
I was losing my mind as to what the heck happened! Did a google search for the error and bingo this article was the first to appear and in short few minutes our email was flowing again!
My hat is off to you Mr Anderson! Not only did your suggestion work right away you saved me from an all day headache and indigestion! 🙂
Apologies for possible “noob” question but where I work we have a third party application that handles all the email monitoring/filtering for malware, spam, etc.
So, is there a way to just disable the Anti-Malware Scanning that comes on Exchange to avoid this? Is that a good idea to do given what we have in place already?
Thanks again Tim!
thanks for going down all the rabbit holes for us and for posting the solution. Saved me lots of time and trouble sorting this one out. Y2K22
Nice post, Thanks a lot!!!
Thank you, this worked for me…
Wow! Like many have said, I was losing my mind. So glad you discovered the problem and posted this!!
thanks a lot man, life saver this is… been pouring all over for this…..
cheers and Happy New Year
This was exactly what I needed this morning. I hadn’t looked at our mail server all weekend only to walk in to several people very upset about not getting email. You saved the day and I will be back again.
Great job, Babe!
Hi Tim,
Great info. Quick posting also. That saves me a lot of time!
I still have tot try the work around however but I am confident it will work,
Cheers!
Ron
Wish id found this article first at the weekend! – like you spent around 3 hours going round in frustrated circles!!
Thanks for posting and happy new year 😉
You save my day! Thanks alot man.. really appreciate for posting.