Table of Contents
Microsoft - Exchange - Notes - Scanningprocess.exe crashes
Observed on Exchange Server 2016 CU 19 on Windows Server 2016.
Scenario
After removing the Backup Exec Agent 16.0.1142 from an Exchange Server 2016 server and rebooting the mails were suddenly not delivered anymore and were stuck in the Submission queue with last error “Message deferred by categorizer agent”.
The Event Log showed that the scanningprocess.exe crashed multiple times in succession with error 0xc0000005 (access violation):
Log Name: Application Source: Application Error Date: 13-8-2021 13:05:08 Event ID: 1000 Task Category: (100) Level: Error Keywords: Classic User: N/A Computer: EX1.domain.local Description: Faulting application name: scanningprocess.exe, version: 15.1.2176.14, time stamp: 0x6088b147 Faulting module name: scanningprocess.exe, version: 15.1.2176.14, time stamp: 0x6088b147 Exception code: 0xc0000005 Fault offset: 0x000000000005c5fd Faulting process id: 0x48d8 Faulting application start time: 0x01d7903313c0e66e Faulting application path: C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe Faulting module path: C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe Report Id: 11bbc60e-4d86-4c73-8572-c1b8fb967af5 Faulting package full name: Faulting package-relative application ID:
And the Microsoft Filtering Management Service also crashed multiple times.
Workaround
The workaround was to disable the malware transport agent with:
& $env:ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1
Followed by a restart of the Transport Agent service.
Restart-Service MSExchangeTransport
After this the mails stuck in the Submission queue and subsequent mails will now be delivered, but they will no longer be scanned for malware until the malware transport agent is turned on again.
Source: Disable or bypass anti-malware scanning for Exchange 2013, but also works on Exchange 2016.
"Solution"
Installing CU 21 for Exchange Server 2016 solved this issue.
When installing CU 21 it complained at the prerequisite check that Visual Studio C++ 2013 Redistributables weren't installed.
After installing the Visual Studio C++ 2013 Redistributables manually the CU 21 installation was completed without problems and the original problem was solved.
The malware transport agent was re-enabled with:
& $env:ExchangeInstallPath\Scripts\Enable-Antimalwarescanning.ps1
Followed by a restart of the Transport Agent service.
Restart-Service MSExchangeTransport
The assumption is that the removal of the Backup Exec Agent 16.0.1142 agent also removed the Visual Studio C++ 2013 Redistributables, but this was not further investigated.
As the Visual Studio C++ 2013 Redistributables are listed on the Exchange Server prerequisites page for Exchange Server 2016 it is unlikely that they weren't installed before removing Backup Exec 11.