A virus scanner has also been included since Exchange 2013. As with most other virus scanners, the signatures must also be updated here. Problems can occur when updating the signatures, especially if Exchange is not installed on the C: drive.
The following entry can then be found in the event log:
Source: FIPFS
Event ID: 6027
MS Filtering Engine Update process was unsuccessful to download the engine update for Microsoft from Primary Update Path.
Update Path:http://forefrontdl.microsoft.com/server/scanengineupdate
UpdateVersion:0
Reason:“There was a catastrophic error while attempting to update the engine. Error: DownloadEngine failed and there are no further update paths available.Engine Id: 1 Engine Name: Microsoft“
However, the problem is not quite as drastic as the error message:
There was a catastrophic error while attempting to update the engine.
Um den „katastrophalen“ Fehler zu beheben, sollte zunächst geprüft werden, ob die Update URL aus der Fehlermeldung erreichbar ist:
Die Webseite liefert den HTTP Code 403 „Access denied“ wieder, wenn eine Verbindung hergestellt werden konnte. Bei HTTP 403 handelt es sich hier also um kein Problem. Bei HTTP 404 wäre die Seite nicht erreichbar, in diesem Fall könnte eine Firewall Schuld sein.
So in this case, everything is fine:
As mentioned at the beginning, the problem often occurs when Exchange Server is installed on a drive other than C:. In this example, Exchange is installed on drive E: and UAC is enabled. In this case, the protection for certain Exchange Server directories takes effect. Unfortunately, this also prevents the signatures from being updated and the error shown above occurs.
Um den Fehler zu beheben reicht es die Meldung „Sie verfügen momentan nicht über die Berechtigung des Zugriffs auf diesen Ordner“ mit „Fortsetzen“ zu bestätigen:
The message must be confirmed for all folders in the following path:
E:\Exchange Server\FIP-FS\Data\Engines\amd64 (where E:\Exchange Server is the corresponding installation directory)
Weiterhin kann auch gleich kontrolliert werden, ob der Benutzer „Netzwerkdienst“ Vollzugriff auf entsprechende Verzeichnis hat:
Exchange downloads signatures every 30 minutes by default. In my case, the update was successful after the above steps and event 6036 was displayed:
Falls die Schritte nicht reichen sollten, gibt es noch das Tool „FPSDiag“ im Ordner FIP-FS\Bin. Das Diagnosetool generiert einen Satz Logfiles die ggf. bei der Analyse weiterhelfen können:
In most cases, however, one of the following causes is responsible for the problem:
- Firewall blocks update page
- „Netzwerkdienst“ hat keinen Zugriff auf das Verzeichnis
- Directory protection active
Note: If there are a large number of Exchange servers in the company, not every Exchange server needs to download the signatures from the Internet. There is the option of configuring a central repository for the Exchange servers; a corresponding article will follow.