Skip to content

Emerging Issues for Exchange On-Premises

This page lists emerging issues for Exchange On-Premises deployments, possible root cause and solution/workaround to fix the issues. The page will be consistently updated with new issues found and reflect current status of the issues mentioned.

Updated on 1/25/2023

Following is list of known issues that can occur after installing January 2023 Security Update on Exchange Servers

Issue Products impacted Possible reason Workaround/Solution
You may find various Exchange commands and scripts (example: RedistributeActiveDatabases.ps1) that use deserialization failing with the error similar to :
Error: "Cannot convert the value of type.....to type".
Exchange 2016
Exchange 2019
The issue occurs if the certificate signing for serialization of PowerShell is enabled and if the auth certificate is not present or has expired Option 1:
Use the MonitorExchangeAuthCertificate.ps1 script to update the auth certificate.
Option 2:
Use the steps here to correct the issue with auth certificate
RecoverServer may fail at pre-requisites check with following error:
"Exchange Server version Version 15.1 (Build 2507.17) or later must be used to perform a recovery of this server."
Exchange 2016
Exchange 2019
Please check this article Follow steps on this article to fix the issue
The Exchange services in Automatic start-up mode will not start after reboot of the server. The services start successfully if started manually Exchange 2016 installed on Windows 2012 R2, other versions are not affected Under investigation Use the workarounds described in this article
or use the following PowerShell command to check the Exchange services that are configure to start automatically but have not started and start the services:

Get-Service -DisplayName "Microsoft Exchange*" | Where-Object {$_.StartType -eq "Automatic" -and $_.Status -ne "Running"} | Start-Service
The Exchange toolbox may start crashing on launch after certificate Serialization for PowerShell is enabled. The error noticed is "Deserialization fails: System.Reflection.TargetInvocationException". Exchange 2016
Exchange 2019
Under investigation Use one of the workarounds described in this article
Get-ExchangeCertificate command may not list any certificates Exchange 2016
Exchange 2019
Under investigation Launch the Exchange management shell in elevated mode and then use Get-ExchangeCertificate command

Updated on 11/8/2022

Issue Possible reason Workaround/Solution
Zero-day vulnerabilities reported in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082 N/A Install November 2022 Exchange Server Security Updates to address the vulnerability

Updated on 5/11/2022

Issue Possible reason Workaround/Solution
After installing March 2022 Security Update For Exchange Server 2013, 2016, 2019, the Microsoft Exchange Service Host service may crash repeatedly with Event ID 7031 in system log and Event ID 4999 in application log.

Event ID 4999
Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-DumpTidSet, 15.01.2375.024.
The issue can occur if there are any expired certificates present on or any certificates nearing expiry on the server Install May 2022 Exchange Server Security Updates to resolve the issue

Updated on 3/16/2022

Issue Possible reason Workaround/Solution
After installing March 2022 Security Update For Exchange Server 2013, 2016, 2019, the Microsoft Exchange Service Host service may crash repeatedly with Event ID 7031 in system log and Event ID 4999 in application log.

Event ID 4999
Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-DumpTidSet, 15.01.2375.024.
The issue can occur if there are any expired certificates present on or any certificates nearing expiry on the server Update 3/16/2022

Follow the steps from KB 5013118 to resolve the issue

Old Issues

Email Stuck in Transport Queues

Issue Possible reason Workaround/Solution
You may observe emails building up in the transport queues of Exchange Server 2016 and Exchange Server 2019. The issue does not impact Exchange 2013 servers.

Following events may be noticed in the application log:

Log Name: Application
Source: FIPFS
Logged: 1/1/2022 1:03:42 AM
Event ID: 5300
Level: Error
Computer: server1.contoso.com
Description: The FIP-FS "Microsoft" Scan Engine failed to load. PID: 23092, Error Code: 0x80004005.
Error Description: Can't convert "2201010001" to long.

Log Name: Application
Source: FIPFS
Logged: 1/1/2022 11:47:16 AM
Event ID: 1106
Level: Error
Computer: server1.contoso.com
Description: The FIP-FS Scan Process failed initialization. Error: 0x80004005. Error Details: Unspecified error.
The problem relates to a date check failure with the change of the new year and it not a failure of the AV engine itself. This is not an issue with malware scanning or the malware engine, and it is not a security-related issue. The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues. Run this script on each Exchange server in your organization. You can run this script on multiple servers in parallel. Check this article for detailed steps.

November 2021 Security Update

Following are the known issues after installing November 2021 Security Updates for Exchange On-Premises servers

Issue Possible reason Workaround/Solution
Hybrid OWA Redirect is broken after application of November SU for Exchange 2013/2016 and 2019.

Users using Exchange 2016 and 2019 server will see error ":-( Something went wrong. We can't get that information right now. Please try again later.

Exchange 2013 users will see error "External component has thrown an exception."

Some On-Premises environments, that are not using FBA, may also see cross-site OWA redirection fail with similar errors.
After installing November SU, the OWA redirection URL for hybrid users is providing an encoded URL for &., causing the redirect to fail Update 1/12/2022

The OWA redirection issue is fixed in January 2022 security updates. Please install the relevant update to fix the issue.

Alternatively, you can also use the workarounds provided in KB article 5008997

September Cumulative Updates

Following are the known issues after installing September 2021 Cumulative Updates for Exchange On-Premises servers

Issue Possible reason Workaround/Solution
After installing the September 2021 CU, the Microsoft Exchange Transport Services will continue to crash. You can see the following message for the 4999 crash event

Watson report about to be sent for process id: 10072, with parameters: E12IIS, c-RTL-AMD64, 15.02.0986.005, MSExchangeDelivery, M.Exchange.Transport, M.E.T.AcceptedDomainTable..ctor, System.FormatException, 28d7-DumpTidSet, 15.02.0986.005.
Having a Wild Card Only (*) Accepted Domain Set on an Internal Relay. This is an open relay and is very bad to have set. Remove the Accepted Domain that is set to * and properly configure an anonymous relay on a receive connector or change to an External Relay.

More Information: Allow anonymous relay on Exchange servers

July 2021 Security Update/Cumulative Updates

Following are the known issues after installing July 2021 Security Updates/Cumulative Updates for Exchange On-Premises servers

Issue Possible reason Workaround/Solution
OWA/ECP stops working after installing July Security Update with following error:
ASSERT: HMACProvider.GetCertificates:protectionCertificates.Length<1
The issue occurs if OAuth certificate is missing or expired Follow steps on this article to re-publish the Oauth certificate. Do note it takes up to an hour for certificate to change place
OWA/ECP stops working when accessed from load balanced URL, but works if directly accessed from the server URL The root cause for the issue is under investigation Follow steps in this article to fix the issue
PrepareAD with Exchange 2016 CU21/Exchange 2019 CU10 error:
Used domain controller dc1.contoso.com to read object CN=AdminSDHolder,CN=System,DC=Contoso,DC=COM. [ERROR] Object reference not set to an instance of an object.
The issue is under investigation Follow steps in this article to fix the issue
PrepareSchema in environments that have empty root AD domain July Security Update for Exchange 2013 have shipped schema changes and needs Exchange role installed for PrepareSchema, this makes it difficult for environments that have Exchange 2013 as the highest installed Exchange server and do not have an Exchange server installed in the same AD site as that of root AD domain. Option 1
Introduce a new server that meets system requirements for Exchange 2013 Management tools, in the root AD domain. Install just the Exchange 2013 Management Tools role on this server.
Install the July security fix, perform Schema update.

Option 2
PrepareSchema using Exchange 2016 21/Exchange 2019 CU10 media, as the CU’s have the changes.
However, once Exchange 2016/2019 media is used to perform schema update, you will need to continue using Exchange 2016/2019 media in the future as well.
The Schema Version number for Exchange 2013 environment remains on 15312, even after installing SU and performing PrepareSchema This is expected behavior. The schema version is going to remain 15312 after installing Security Update and performing PrepareSchema
After installing Exchange 2016 CU21/Exchange 2019 CU10, the values added to custom attributes using EAC are not retained. The scenario works fine in Exchange 2016 CU20/Exchange 2019 CU9 The issue is under investigation Workaround 1:
Use EAC from Internet Explorer

Workaround 2:
Add the values using Exchange Management Shell

Last update: January 26, 2023