Another FSCIMC hung in a start pending state issue.

Before this was tied to execution policy being set to restricted or locally signed

This time certificates are to blame.

If for some reason your Microsoft root authority certificate expires you can expect to see FSCIMC and Edge transport fail to start with the execution policy at the default setting.

We require at least remote signed but if there is an issue with contacting the CA and you have an invalid or expired certificate you will have to lower your exchange power shell script permissions to unrestricted.

This will allow you to start up but the real fix would be to fix your certificates as other issues will occur with updates not able to verify the digital signatures.

This issue occurs because there is a popup warning of an invalid certificate. Since we are running as system we never see that popup and sit and wait for something to happen.

If you remove our produce you will then see a pop-up generated by edge transport with the same information about an invalid certificate.

*Update*

MSAV has been updated and has resolved this issue.

Command engine has resolved this issue as well.

*Update*

Looks like there is a false detect issue with some engines and PDF files.

Antigen-Command - 5.1.0.5 2009-08-20 09:40 PDF/CollabExpl.C!Camelot

These seem to be false detects as this is the result of files built at a customer site.

We are currently investigating the cause as this effects our Microsoft engine and Command

This issue deals with Antigen 9.x and clusters with Multiple Active Nodes.

You do not need the cluster resource on a single Active cluster.

There is a fix in Antigen 9.1 RU5 and Antigen 9 Service Pack 2 that addresses an issue when moving Active nodes to a passive node.

Below is an example of what you see when you have the issue resolved in RU5 or SP2

When the first Node is moved over to the passive node we set a registry key that identifies the database path for the engines and databases. In this example Server1 has its databases on G:\AntigenCluster

The store is then moved back to the original node and then server2 is moved to the passive.

Sever2’s database path is in F:\AntigenCluster

Most of the time Server2 will move the database path to the Passive cluster and everything works. Sometimes this process fails. You end up with a wrong database path and in this example server2 is on the passive with the database path still set to G:\AntigenCluster

This will cause us to initialize with no scan engines and no settings for our scanjobs.

The symptoms of this issue is as follows

End users cannot open or send mail.

Messages queue in Local delivery

The fix requires you to do one of the following to to create the cluster resource

1. Full uninstall (Pause passive nodes, uninstall from all active nodes and then passive nodes) and run a fresh install.

2. Upgrade to SP2 and do the following. Run Antutil.exe /disable and then Antutil.exe /enable on each active node (Pause passive nodes, bring exchange resources offline, leave CMS up.)

Both methods Require downtime

I have been looking for a good issue to post this week.

So here is a post for all those 8.0 customers looking to upgrade to 9 by the time 8.x for Exchange reaches its end of life at the end of the year.

Mail Queues after an upgrade from 8.0 to 9.x

Symptoms:

After upgrading to 9.x from 8.x Mail on SMTP and Real-time does not flow.

Cause:

8.x did not have the Microsoft scan engine

9.x only comes with the Microsoft scan engine.

On an upgrade the Microsoft Scan engine is not selected. If you incorrectly entered your proxy server address or have an issue pulling down updates you are left with no engines and mail flow is stopped pending updates.

Quick Solution:

Open the Forefront Console and select the Microsoft Scan engine for all scan jobs.

After that you should have mail flow again and you can fix your updating issue.