Exchange 2016 – Transport Provider Refuses to Start 0xC0630005

I have had issues with my Exchange server receiving, or more aptly, not receiving emails. It decided that it no longer wanted to work at approximately 8pm on a Saturday. Do you know what else happened at about the same time? A handful of Windows updates!
So MS broke their own program. I assume they are working to fix this problem, but I still need to receive mail. I have several choices; remove the windows updates that were applied; search the Internet for a solution; or check my event logs to look for a hint to the problem.

For my troubles I get this beauty:

Microsoft Exchange couldn’t start transport agents. The Microsoft Exchange Transport service will be stopped. Exception details: Failed to create type ‘Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory’ from assembly ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll’ due to error ‘Exception from HRESULT: 0xC0630005’. : Microsoft.Exchange.Data.ExchangeConfigurationException: Failed to create type ‘Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory’ from assembly ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll’ due to error ‘Exception from HRESULT: 0xC0630005’. —> Microsoft.Exchange.Data.ExchangeConfigurationException: Exception from HRESULT: 0xC0630005 —> System.Runtime.InteropServices.COMException: Exception from HRESULT: 0xC0630005
at Microsoft.Exchange.Data.Transport.Interop.IComInvoke.ComAsyncInvoke(IProxyCallback callback)
at Microsoft.Exchange.Transport.Agent.ContentFilter.Util.InvokeExLapi(ComProxy comProxy, AsyncCompletionCallback callback, ComArguments comArguments, MailItem mailItem, Byte[] requestType)
at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory.InitializeFilter()
— End of inner exception stack trace —
at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory.InitializeFilter()
at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory.Configure(Boolean onStartup)
at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory..ctor()
— End of inner exception stack trace —
at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.FactoryTable.CreateAgentFactory(AgentInfo agentInfo)
at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.FactoryTable..ctor(IEnumerable agents, FactoryInitializer factoryInitializer)
at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.RuntimeSettings..ctor(MExConfiguration config, String agentGroup, FactoryInitializer factoryInitializer, AgentGrayExceptionHandler agentGrayExceptionHandler, IExecutionStatisticsCollectorFactory statisticCollectorFactory, ITransportSettingsConfiguration settingsConfiguration)
at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExRuntime.Initialize(String configFile, String agentGroup, ProcessTransportRole processTransportRole, String installPath, AgentGrayExceptionHandler agentGrayExceptionHandler, IExecutionStatisticsCollectorFactory statisticCollectorFactory, FactoryInitializer factoryInitializer, ITransportSettingsConfiguration transportSettingsConfiguration)
at Microsoft.Exchange.Transport.Extensibility.AgentComponent.Load()

After a bit of research, HRESULT: 0xC0630005 seems to be an access violation. The transport services is running under the NETWORK SERVICE account. I proceeded to check the permissions of the folder tree of the file in the event log error: ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll.
I found that on the ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene folder, NETWORK SERVICE was denied WRITE access. I removed the DENY WRITE. I followed up the path to find where the NETWORK SERVICE permission were being inherited. That led me to the C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles folder. I gave NETWORK SERVICE the added permission of ALLOW MODIFY.
I also checked the C:\Program Files\Microsoft\Exchange Server\V15\BIN folder and updated its NETWORK SERVICE permission to ALLOW MODIFY as well. I tried restarting the service. It still failed.
In my searching online, I came across this thread:

https://social.technet.microsoft.com/Forums/office/en-US/bc5cca0d-fd1c-45d7-9f17-7e6b31a3702c/cant-start-transport-service-after-installing-march-2017-windows-updates?forum=Exch2016GD

From it, I go the idea to uninstall and reinstall the content filter agent.

Uninstall-TransportAgent -Identity “Content Filter Agent”

Install-TransportAgent -Name “Content Filter Agent” -TransportAgentFactory “Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory” -AssemblyPath “C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll”

This helped in that the Transport Service would remain running, and content filtering (I checked the status of my Barracuda IP Block List Provider) seems to be active.

Test-IPBlockListProvider “Barracuda IP Block List Provider” -IPAddress 121.34.188.148

RunspaceId : 9e5504bf-41ce-4f1d-9d4c-7b73fbdc95a0
Provider : Barracuda IP Block List Provider
ProviderResult : {127.0.0.2}
Matched : True

Although the Transport Service is running, there are warnings in the event log regarding database version issues:

Source:ESE; EventID:642; edgetransport (18040) Sender Reputation Database: The database format feature version 8980 (0x2314) could not be used due to the current database format 1568.20.0, controlled by the parameter 1073741825 (0x40000001)

Source:ESE; EventID:642; edgetransport (18040) Transport Mail Database: The database format feature version 8980 (0x2314) could not be used due to the current database format 1568.20.0, controlled by the parameter 1073741825 (0x40000001).

Source:ESE; EventID:642; edgetransport (18040) IP Filtering Database: The database format feature version 9000 (0x2328) could not be used due to the current database format 1568.20.0, controlled by the parameter 1073741825 (0x40000001).

For more information, click http://www.microsoft.com/contentredirect.asp.

and also some errors occurred while running the uninstall/reinstall commands:

Cmdlet failed. Cmdlet Install-TransportAgent, parameters -Name “Content Filter Agent” -TransportAgentFactory “Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory” -AssemblyPath “C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll”.

So, still have some things to sort out, but email is flowing. Hopefully Microsoft patches Exchange in short order.

Bypass Windows Account Logon – Password Reset

If you are in the situation where you forgot the local account (Not Microsoft LiveID) password, there are several ways to reset the password. Most use a boot disk using Linux to access the SAM file are blank the password.
This method also uses a boot disk or recovery disk to access the command prompt.
Once at the command prompt, follow these step:

  1. Find the Windows\System32 folder (It likely won’t be C: in the recovery environment
  2. Rename UtilMan.exe to UtilMan.Old
  3. Copy cmd.exe to UtilMan.exe
  4. Reboot computer back to the normal Windows logon screen.
  5. Click the analog clock looking icon null– you may need to press Ctrl-Alt-Del or click the screen to see the icon.
  6. At the command prompt that appears, type Net user Name 1234 where Name = the account name to reset the password and 1234 is the password you want.
  7. You can now log in using the new password.

Configure Exchange to Use DBL Spam Blocking List BarracudaCentral.org

With any mail server, you need to manage spam. When I moved to Exchange server, I needed to figure out how to enable DBL blocking services.
I prefer the Barracuda Central DBL. You should register and provide them with you server IP’s before using this configuration.

Simply create the block list provider at the Exchange Powershell prompt. This can be easily modified for Spamhaus and other DBLs.

Add-IPBlockListProvider -Name “Barracuda IP Block List Provider” -LookupDomain b.barracudacentral.org -BitmaskMatch 127.0.0.1

You can test the block list by using a test against an IP or your choosing.

Test-IPBlockListProvider “Barracuda IP Block List Provider” -IPAddress 121.34.188.148

The test should respond as such:

Provider : Barracuda IP Block List Provider
ProviderResult : {127.0.0.2}
Matched : True

If the ProviderResult = {127.0.0.2}, then it means the IP is listed in the DBL: this means it is a spam IP address.
If the ProviderResult = {}, then the IP was not found in the DBL and is not a spam IP address.

For more information, visit Barracuda Central – How-To-Use

Powershell Commands to Reinstall / Re-register Windows8 and Windows10 Packages/Apps

To re-register for all Windows Apps for the current user:

Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

To re-register for all Windows Apps for all users:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

This command only works on Windows 10, and I have used it to repair other issues (specifically the Windows Edge Hijack)

Get-AppXPackage -AllUsers |Where-Object {$_.InstallLocation -like “*SystemApps*”} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

I really good post on this topic, with other individual App specific commands, is available here: https://www.tenforums.com/tutorials/3175-reinstall-re-register-apps-windows-8-10-a.html