Symptoms
After you install the Microsoft Exchange Server March 2022 security update, the Exchange Service Host service (MSExchangeServiceHost) fails repeatedly and logs Event ID 7031 in the system log and Event ID 4999 in the application log:
Event ID 4999 sample
Watson report about to be sent for process id: 4564, with parameters: E12IIS, c-RTL-AMD64, 15.01.2375.024, M.Exchange.ServiceHost, M.Exchange.Diagnostics, M.E.D.ChainedSerializationBinder.LoadType, M.E.Diagnostics.BlockedDeserializeTypeException, c0e9-dumptidset, 15.01.2375.024.
Check for Event ID 4999 to make sure that it contains the "BlockedDeserializeTypeException" information as shown in the log sample.
Cause
The issue is caused by async notifications (message class: IPM.Notification.CertExpiry) that are automatically created by Exchange Server when an expired or nearly expired (within 30 days of expiration) certificate that's used by Exchange Server exists on the system.
The Microsoft Exchange Service Host service might stop responding if the notifications are generated on Exchange-based servers that are running different Exchange Server versions, This issue might occur if these notifications were generated before the security update was installed.
This issue might also occur in co-existence scenarios in which servers that are running different versions run together for a longer period (for example, servers that are running Exchange Server 2019 and 2016 together within an Exchange organization).
More information
5012698 Description of the security update for Microsoft Exchange Server 2019 and 2016: March 8, 2022
5010324 Description of the security update for Microsoft Exchange Server 2013: March 8, 2022
Resolution
The Microsoft Exchange Service Host crash issue is fixed in the May 10, 2022 security update.
5014261 Description of the security update for Microsoft Exchange Server 2019 and 2016: May 10, 2022
5014260 Description of the security update for Microsoft Exchange Server 2013: May 10, 2022
