Emerging Issues for Exchange On-Premises
This page lists emerging issues for Exchange On-Premises deployments, possible root cause and solution/workaround to fix the issues. The page will be consistently updated with new issues found and reflect current status of the issues mentioned.
Updated on 3/10/2023
| Issue | Products impacted | Possible reason | Workaround/Solution |
|---|---|---|---|
| Uninstall of Exchange servers, that had January 2023 Security Update installed at any point in time, fails with error "The operation couldn't be performed because object 'ServerName' couldn't be found on 'DomainControllerName'." | Exchange 2016, Exchange 2019 Note: You can run the Exchange health checker script to list the security updates installed on the server |
Still under investigation | Follow the steps on this KB article |
Updated on 2/16/2023
Following is list of known issues that can occur after installing February 2023 Security Update on Exchange Servers
| Issue | Products impacted | Possible reason | Workaround/Solution |
|---|---|---|---|
| After installing February 2023 Security Update, you may observe EWS application pool crash with Event ID 4999 with following error E12IIS, c-RTL-AMD64, 15.01.2507.021, w3wp#MSExchangeServicesAppPool, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.EnforceBlockReason, M.E.Diagnostics.BlockedDeserializeTypeException, 437c-dumptidset, 15.01.2507.021. The issue also may cause connectivity issues to EWS based clients like Outlook for Mac |
Exchange 2016, Exchange 2019 | Still under investigation | Follow the steps on this KB article |
Updated on 2/15/2023
Following is list of known issues that can occur after installing January 2023 Security Update on Exchange Servers
| Issue | Products impacted | Possible reason | Workaround/Solution |
|---|---|---|---|
| You may find various Exchange commands and scripts (example: RedistributeActiveDatabases.ps1) that use deserialization failing with the error similar to : Error: "Cannot convert the value of type.....to type". |
Exchange 2016 Exchange 2019 |
The issue occurs if the certificate signing for serialization of PowerShell is enabled and if the auth certificate is not present or has expired | Option 1: Use the MonitorExchangeAuthCertificate.ps1 script to update the auth certificate. Option 2: Use the steps here to correct the issue with auth certificate |
| RecoverServer may fail at pre-requisites check with following error: "Exchange Server version Version 15.1 (Build 2507.17) or later must be used to perform a recovery of this server." |
Exchange 2016 Exchange 2019 |
Resolved | February 2023 and newer SUs will not cause this issue (but modifications made by the January 2023 SU might still require manual action during a server recovery operation). Follow steps on this article to fix the issue. |
| The Exchange services in Automatic start-up mode will not start after reboot of the server. The services start successfully if started manually | Exchange 2016 installed on Windows 2012 R2, other versions are not affected | Resolved | Install the February 2023 Exchange Server Security Updates to fix the issue |
| The Exchange toolbox may start crashing on launch after certificate Serialization for PowerShell is enabled. The error noticed is "Deserialization fails: System.Reflection.TargetInvocationException". | Exchange 2016 Exchange 2019 |
Under investigation | Use one of the workarounds described in this article |
| Get-ExchangeCertificate command may not list any certificates | Exchange 2016 Exchange 2019 |
Under investigation | Launch the Exchange management shell in elevated mode and then use Get-ExchangeCertificate command |
Updated on 11/8/2022
| Issue | Possible reason | Workaround/Solution |
|---|---|---|
| Zero-day vulnerabilities reported in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082 | N/A | Install November 2022 Exchange Server Security Updates to address the vulnerability |
Updated on 5/11/2022
| Issue | Possible reason | Workaround/Solution |
|---|---|---|
| After installing March 2022 Security Update For Exchange Server 2013, 2016, 2019, the Microsoft Exchange Service Host service may crash repeatedly with Event ID 7031 in system log and Event ID 4999 in application log. Event ID 4999 Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-DumpTidSet, 15.01.2375.024. |
The issue can occur if there are any expired certificates present on or any certificates nearing expiry on the server | Install May 2022 Exchange Server Security Updates to resolve the issue |
Updated on 3/16/2022
| Issue | Possible reason | Workaround/Solution |
|---|---|---|
| After installing March 2022 Security Update For Exchange Server 2013, 2016, 2019, the Microsoft Exchange Service Host service may crash repeatedly with Event ID 7031 in system log and Event ID 4999 in application log. Event ID 4999 Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-DumpTidSet, 15.01.2375.024. |
The issue can occur if there are any expired certificates present on or any certificates nearing expiry on the server | Update 3/16/2022 Follow the steps from KB 5013118 to resolve the issue |
Old Issues
Email Stuck in Transport Queues
| Issue | Possible reason | Workaround/Solution |
|---|---|---|
| You may observe emails building up in the transport queues of Exchange Server 2016 and Exchange Server 2019. The issue does not impact Exchange 2013 servers. Following events may be noticed in the application log: Log Name: Application Source: FIPFS Logged: 1/1/2022 1:03:42 AM Event ID: 5300 Level: Error Computer: server1.contoso.com Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005. Error Description: Can't convert "2201010001" to long. Log Name: Application Source: FIPFS Logged: 1/1/2022 11:47:16 AM Event ID: 1106 Level: Error Computer: server1.contoso.com Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error. |
The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself. This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues. | Run this script on each Exchange server in your organization. You can run this script on multiple servers in parallel. Check this article for detailed steps. |
November 2021 Security Update
Following are the known issues after installing November 2021 Security Updates for Exchange On-Premises servers
| Issue | Possible reason | Workaround/Solution |
|---|---|---|
| Hybrid OWA Redirect is broken after application of November SU for Exchange 2013/2016 and 2019. Users using Exchange 2016 and 2019 server will see error ":-( Something went wrong. We can't get that information right now. Please try again later. Exchange 2013 users will see error "External component has thrown an exception." Some On-Premises environments, that are not using FBA, may also see cross-site OWA redirection fail with similar errors. |
After installing November SU, the OWA redirection URL for hybrid users is providing an encoded URL for &., causing the redirect to fail | Update 1/12/2022 The OWA redirection issue is fixed in January 2022 security updates. Please install the relevant update to fix the issue. Alternatively, you can also use the workarounds provided in KB article 5008997 |
September Cumulative Updates
Following are the known issues after installing September 2021 Cumulative Updates for Exchange On-Premises servers
| Issue | Possible reason | Workaround/Solution |
|---|---|---|
After installing the September 2021 CU, the Microsoft Exchange Transport Services will continue to crash. You can see the following message for the 4999 crash event Watson report about to be sent for process id: 10072, with parameters: E12IIS, c-RTL-AMD64, 15.02.0986.005, MSExchangeDelivery, M.Exchange.Transport, M.E.T.AcceptedDomainTable..ctor, System.FormatException, 28d7-DumpTidSet, 15.02.0986.005. |
Having a Wild Card Only (*) Accepted Domain Set on an Internal Relay. This is an open relay and is very bad to have set. | Remove the Accepted Domain that is set to * and properly configure an anonymous relay on a receive connector or change to an External Relay. More Information: Allow anonymous relay on Exchange servers |
July 2021 Security Update/Cumulative Updates
Following are the known issues after installing July 2021 Security Updates/Cumulative Updates for Exchange On-Premises servers
| Issue | Possible reason | Workaround/Solution |
|---|---|---|
| OWA/ECP stops working after installing July Security Update with following error: ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1 |
The issue occurs if OAuth certificate is missing or expired | Follow steps on this article to re-publish the Oauth certificate. Do note it takes up to an hour for certificate to change place |
| OWA/ECP stops working when accessed from load balanced URL, but works if directly accessed from the server URL | The root cause for the issue is under investigation | Follow steps in this article to fix the issue |
| PrepareAD with Exchange 2016 CU21/Exchange 2019 CU10 error: Used domain controller dc1.contoso.com to read object CN=AdminSDHolder,CN=System,DC=Contoso,DC=COM. [ERROR] Object reference not set to an instance of an object. |
The issue is under investigation | Follow steps in this article to fix the issue |
| PrepareSchema in environments that have empty root AD domain | July Security Update for Exchange 2013 have shipped schema changes and needs Exchange role installed for PrepareSchema, this makes it difficult for environments that have Exchange 2013 as the highest installed Exchange server and do not have an Exchange server installed in the same AD site as that of root AD domain. | Option 1 Introduce a new server that meets system requirements for Exchange 2013 Management tools, in the root AD domain. Install just the Exchange 2013 Management Tools role on this server. Install the July security fix, perform Schema update. Option 2 PrepareSchema using Exchange 2016 21/Exchange 2019 CU10 media, as the CU’s have the changes. However, once Exchange 2016/2019 media is used to perform schema update, you will need to continue using Exchange 2016/2019 media in the future as well. |
| The Schema Version number for Exchange 2013 environment remains on 15312, even after installing SU and performing PrepareSchema | This is expected behavior. The schema version is going to remain 15312 after installing Security Update and performing PrepareSchema | |
| After installing Exchange 2016 CU21/Exchange 2019 CU10, the values added to custom attributes using EAC are not retained. The scenario works fine in Exchange 2016 CU20/Exchange 2019 CU9 | The issue is under investigation | Workaround 1: Use EAC from Internet Explorer Workaround 2: Add the values using Exchange Management Shell |
Last update:
March 15, 2023