Exchange 2016: FIPFS Event ID 6027 Filter updates are not downloaded

A virus scanner has also been included since Exchange 2013. As with most other virus scanners, the signatures must also be updated here. Problems can occur when updating the signatures, especially if Exchange is not installed on the C: drive.

The following entry can then be found in the event log:

Source: FIPFS

Event ID: 6027

MS Filtering Engine Update process was unsuccessful to download the engine update for Microsoft from Primary Update Path.
Update Path:http://forefrontdl.microsoft.com/server/scanengineupdate
UpdateVersion:0
Reason: "There was a catastrophic error while attempting to update the engine. Error: DownloadEngine failed and there are no further update paths available.Engine Id: 1 Engine Name: Microsoft"

FIPFS Event 6027

However, the problem is not quite as drastic as the error message:

There was a catastrophic error while attempting to update the engine.

To fix the "catastrophic" error, you should first check whether the update URL can be reached from the error message:

http://forefrontdl.microsoft.com/server/scanengineupdate

The website returns the HTTP code 403 "Access denied" if a connection could be established. HTTP 403 is therefore not a problem. With HTTP 404, the page would not be accessible, in which case a firewall could be to blame.

So in this case, everything is fine:

FIPFS update page

As mentioned at the beginning, the problem often occurs when Exchange Server is installed on a drive other than C:. In this example, Exchange is installed on drive E: and UAC is enabled. In this case, the protection for certain Exchange Server directories takes effect. Unfortunately, this also prevents the signatures from being updated and the error shown above occurs.

To correct the error, simply confirm the message "You do not currently have permission to access this folder" with "Continue":

Directory protection

The message must be confirmed for all folders in the following path:

E:\Exchange Server\FIP-FS\Data\Engines\amd64 (where E:\Exchange Server is the corresponding installation directory)

You can also check whether the "Network service" user has full access to the corresponding directory:

Network service

Exchange downloads signatures every 30 minutes by default. In my case, the update was successful after the above steps and event 6036 was displayed:

FIPFS update successful

If these steps are not enough, there is also the "FPSDiag" tool in the FIP-FS\Bin folder. The diagnostic tool generates a set of log files that may help with the analysis:

Display FPSDiag

In most cases, however, one of the following causes is responsible for the problem:

  • Firewall blocks update page
  • "Network service" has no access to the directory
  • Directory protection active

Note: If there are a large number of Exchange servers in the company, not every Exchange server needs to download the signatures from the Internet. There is the option of configuring a central repository for the Exchange servers; a corresponding article will follow.

8 thoughts on “Exchange 2016: FIPFS Event ID 6027 Filter Updates werden nicht runtergeladen”

  1. Gibt es eigentlich mittlerweile auch den angekündigten Artikel, wie ein zentrales Repository für die Exchange Server eingerichtet werden kann?

    Danke!

    Reply
    • Guten Tag

      Ich kann die neue URL http://amupdatedl.microsoft.com/server/amupdate auch bestätigen. Manueller Aufruf der Adresse gibt ein 404.
      Entsprechend bleibt die Fehlermeldung im Log:
      0.6027 Microsoft-Filtering-FIPFS MS Filtering Engine Update process was unsuccessful to download the engine update for Microsoft from Primary Update Path. Update Path:http://amupdatedl.microsoft.com/server/amupdate UpdateVersion:0 Reason:“There was a catastrophic error while attempting to update the engine. Error: DownloadEngine failed and there are no further update paths available.Engine Id: 1 Engine Name: Microsoft“

      Hat allenfalls jemand dafür schon eine Lösung gefunden?

      Herzliche Grüsse
      Michael

      Reply
  2. Servus,

    Wenn das kein permanenter Fehler ist, sondern zB über das Wochenende ein paar mal mitgeloggt wurde, könnte man ja auch ein Problem bei Microsoft vermuten, oder nicht? Kann man das irgendwie überprüfen, ob danach wieder Signaturen geladen wurden? Gibt es da ein Logfile oder dergleichen?

    Thx & Bye Tom

    Reply
  3. Die Lösung ist eigentlich ganz einfach, man muss per PowerShell den richtigen Proxy mitgeben, dann ist der Fehler 6027 auch weg.

    Reply

Leave a Comment