Symptoms
An Edge Transport service (EdgeTransport.exe) stops responding and then restarts after the Microsoft Exchange Server November 2024 Security Update (SU) (Version 1 or Version 2) is installed. This issue occurs when Exchanger Server attempts to decrypt the messages, sent from an external source protected by Azure Rights Management (Azure RMS). This is common when Journaling is used with Journal Report Decryption enabled.
When this issue occurs, the affected messages are sent to the poison-message queue, and the following event is logged:
Log Name: Application
Source: MSExchangeTransport
Event ID: 10003
Task Category: PoisonMessage
Level: Error
Description: The transport process failed during message processing with the following call stack: Microsoft.Exchange.Data.Common.LocalizedException: Agent '' encountered an unexpected error while handling event ''. ---> Microsoft.Exchange.Data.RightsManagement.RmException: Failed to fetch the key handle and properties.
Workaround
To work around this issue, disable Microsoft Information Protection Client (MSIPC). MSIPC is enabled by default in the November 2024 Security Update. Run the following setting override in an elevated Exchange Management Shell (EMS) window:
New-SettingOverride –Name "DisableMSIPC" -Component Encryption –Section UseMSIPC –Parameters @("Enabled=false") -Reason "Disabling MSIPC stack"
Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
Restart-Service MSExchangeTransport
Status
Microsoft has confirmed that this issue affects the products that are listed in the "Applies to" section. Microsoft is actively working on a resolution for the issue for a future update.
