Exchange 2016 Transport Service Will Not Start and FIP-FS Scan Engine has Failed
Exchange 2016 Transport Service Will Not Start
The Trifecta of Exchange Woes
You see events indicating that the self signed exchange certificate is missing. No Mail is being delivered, SMTP is failed, message queue is backing up from your front end mail filter service, i.e. proofpoint or vipre service.
and you see events showing that FIPS is not starting and certificates are not accepted
1. Disable Scan Engine in Powershellx64
Change the execution policy for PowerShell: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
Download the script: https://aka.ms/ResetScanEngineVersion
Use elevated Exchange Management Shell, run on every server.
2. In IIS look for "Exchange Back End", then SSL Settings, then Bindings, then make sure a valid certificate is assigned.
3. Finally, Start the "Microsoft Exchange Transport" service.
4. Finally Start the Exchange Console Command Line Shell
5. If you think that there is a domain trust issue, Then Check the Domain Trust, in powershell.
This should report valid trust. if this failes, then use the NETDOM command to re-establish trust with the DC. See this NETDOM examples. https://www.zubairalexander.com/blog/netdom-examples/
6. Renew the Domain Trust from a server or workstation where its failed
netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password
for example: ( for a DC called DC1 on a domain called homeslice, where the Administrator password was Sn00pD0g&Cat You will need to quote your password in double quotes, if you have non alpha in it.
on a cmd.exe dos prompt: (where DC1 is their domain controller)
netdom resetpwd /server:DC1 /userd:homeslice\administrator /passwordd:"Sn00pD0g&Cat"
Then Restart the computer