Exchange 2010 Edge Transport Server: Configuring EdgeSync

inShare4
May 7, 2011 by Paul Cunningham 14 Comments
In the last part of this series I demonstrated how to install the Edge Transport server role for Exchange Server 2010. In this next part Ill go
through the process of configuring the Edge Subscription between the Edge Transport server and Hub Transport server located in the internal
network.
The Edge Subscription is a relationship between an Edge Transport server and an Active Directory site, and allows the Edge Transport server to
receive information about the Exchange organization such as recipients, domain names, and safelists/blocklists for anti-spam.
This information is synchronized at regular intervals through a process called EdgeSync.
Firewall Ports for Exchange Server 2010 Edge Transport Servers
For EdgeSync and mail flow to work there are a few network ports that need to be open on the firewall between the Internet, the Edge Transport
server, and the internal Hub Transport server.
Edge Transport Server Network Ports for EdgeSync

Secure LDAP (TCP 50636) from the Hub Transport server to the Edge Transport server
Edge Transport Server Network Ports for Mail Flow

SMTP (TCP 25) from the Internet to the Edge Transport server
SMTP (TCP 25) from the Edge Transport server to the Hub Transport server
SMTP (TCP 25) from the Hub Transport server to the Edge Transport server
DNS (UDP 53) from the Edge Transport server to a DNS server capable of public DNS lookups (ie to look up MX records)

Configuring ISA Server 2006 for Edge Transport Servers

If you are using ISA Server 2006 as your firewall and want to create the access rules for the Edge Transport server the first thing youll need to
configure is a new network protocol for the secure LDAP connection. ISA Server 2006 is pre-configured with a secure LDAP protocol however
the EdgeSync process uses the non-standard port of TCP 50636.
Create a new network protocol named EdgeSync for TCP 50636 outbound.

Configure the ISA Server 2006 firewall policy with access rules for the Edge Transport network access required.

Creating the Edge Subscription for Exchange Server 2010 Edge Transport Servers
With the firewall access all configured correctly the next step is to configure the Edge Subscription itself.
On the Edge Transport server open the Exchange Management Shell and run the following command using theNew-EdgeSubscription cmdlet.
[PS] C:\>New-EdgeSubscription -FileName C:\edgesubscription.xml

Confirm
If you create an Edge Subscription, this Edge Transport server will be managed via EdgeSync
replication. As a result,
any of the following objects that were created manually will be deleted: accepted domains,
message classifications,
remote domains, and Send connectors. After creating the Edge Subscription, you must manage these
objects from inside
the organization and allow EdgeSync to update the Edge Transport server. Also, the
InternalSMTPServers list of the
TransportConfig object will be overwritten during the synchronization process.
EdgeSync requires that this Edge Transport server is able to resolve the FQDN of the Hub
Transport servers in the
Active Directory site to which the Edge Transport server is being subscribed, and those Hub
Transport servers be able
to resolve the FQDN of this Edge Transport server. You should complete the Edge Subscription
inside the organization in
the next "1440" minutes before the bootstrap account expires.
[Y] Yes

[A] Yes to All

[N] No

[L] No to All

[S] Suspend

[?] Help (default is "Y"): y

There are two important things to be aware of here:

You must complete the next step of the Edge Subscription process within 1440 minutes (24 hours), otherwise youll need to generate a
new Edge Subscription again

The Hub Transport servers in the Active Directory site that will be subscribed must be able to resolve the FQDN of the Edge Transport
server. You can either add DNS records manually or use a HOSTS file entry.
Copy the edgesubscription.xml file to the Hub Transport server. Launch the Exchange Management Console and navigate to Organization
Management/Hub Transport.
In the Actions pane click on New Edge Subscription.

Browse and select the Active Directory site to be subscribed, as well as the XML file that you copied from the Edge Transport server.

Click the New button to complete the wizard.

After the Edge Subscription has been created you will see two Send Connectors configured for your organization.

It can take up to an hour before the first Edge synchronization process runs, but you can run it manually if you need to. On the Hub Transport
server launch the Exchange Management Shell and run the following command using the Start-EdgeSynchronization cmdlet.
[PS] C:\>Start-EdgeSynchronization -Server esp-ho-ex2010a

RunspaceId

: b7415ae2-f763-449e-bb36-20a6a18759cd

Result

: Success

Type

: Configuration

Name

: esp-ho-ex2010e

FailureDetails :
StartUTC

: 5/7/2011 1:27:39 PM

EndUTC

: 5/7/2011 1:28:07 PM

Added

: 290

Deleted

: 0

Updated

: 0

Scanned

: 295

TargetScanned

: 0

RunspaceId

: b7415ae2-f763-449e-bb36-20a6a18759cd

Result

: Success

Type

: Recipients

Name

: esp-ho-ex2010e

FailureDetails :
StartUTC

: 5/7/2011 1:27:39 PM

EndUTC

: 5/7/2011 1:28:08 PM

Added

: 401

Deleted

: 0

Updated

: 0

Scanned

: 401

TargetScanned

: 0

After the initial Edge synchronization has occurred you will be able to see the Send Connectors and Accepted Domains configured on the Edge
Transport server.

Testing Mail Flow

After the Edge Subscription is in place and youve synchronized at least once you can send email between your Exchange organization and an
external mailbox, and then inspect the email message headers to verify that the messages are traversing your Edge Transport server.
Received: from esp-ho-ex2010e.exchangeserverpro.net (10.0.3.2) by
esp-ho-ex2010a.exchangeserverpro.net (10.0.1.4) with Microsoft SMTP Server
(TLS) id 14.1.289.1; Sat, 7 May 2011 23:50:10 +1000
Received: from (192.168.0.45) by esp-ho-ex2010e.exchangeserverpro.net
(10.0.3.2) with Microsoft SMTP Server id 14.1.218.12; Sat, 7 May 2011
23:50:07 +1000
MIME-Version: 1.0
Content-Type: text/plain
Filed Under: Tutorials Tagged: Edge Transport, EdgeSync, Exchange 2010, ISA 2006
inShare4

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for
Exchange Server 2007, 2010 and 2013. Connect with Paul on Twitter and Google+.
Get a Free Ebook
Mailing list members receive new articles straight to their inbox, access to special resources, and other exclusive announcements.
Sign up now and get an instant, free download of the 75-page Beginner's Guide to Exchange Server 2010 ActiveSync.

Enter your email addr

Sign Up

We respect your email privacy

Related articles:

Exchange 2010 Edge Transport Server Introduction

Installing an Exchange Server 2010 Edge Transport Server

Exchange 2010 Edge Transport Server Backup and Recovery

Poll: Do You Run an Edge Transport Server?

How to Manage AD LDS on an Edge Transport Server with ADSIEdit

Comments

1.

eric says:
October 25, 2011 at 1:15 am
RunspaceId : 5a07552a-ab9a-4547-84d2-f0e3c94ec3fd
Result : CouldNotConnect
Type : Recipients
Name : NPSSERVER
FailureDetails : The supplied credential is invalid.
StartUTC : 10/24/2011 3:10:17 PM
EndUTC : 10/24/2011 3:10:17 PM
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
RunspaceId : 5a07552a-ab9a-4547-84d2-f0e3c94ec3fd
Result : CouldNotConnect
Type : Configuration
Name : NPSSERVER
FailureDetails : The supplied credential is invalid.
StartUTC : 10/24/2011 3:10:17 PM
EndUTC : 10/24/2011 3:10:17 PM
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
wats wrong here pleaase
Reply

Paul Cunningham says:

o
October 27, 2011 at 8:22 pm

Are the Edge and Hub Transport servers the same version of Exchange? (including service packs and update rollups)
Reply

2.

Maxime Gerges says:

May 24, 2012 at 6:47 pm
Hi and thank you for this great article.
I Follow all the steps you mention here and when I issue a Test-EdgeSyncrhonisation on my hub exchange I always have the
message no edgesync credential found for the edge transport.
I saw on multiple forum that the problem might be due to certificates and already request a new certificate on the hub transport from
my internal PKI.
Any idea about that ?
Reply

3.

Jsantos says:
December 19, 2012 at 2:19 am
I already Have configured edge and I can send emails but I dont receive.
I ran this command below. but on mailbox I dont have nothing even antispam I have disable.
Timestamp : 18-12-2012 15:00:59
ClientIp : 97.74.135.47
ClientHostname : p3plwbeout05-02.prod.phx3.secureserver.net
ServerIp : 10.20.30.10
ServerHostname : EDGE
SourceContext : 08CFAA82812A4C24;2012-12-18T15:00:58.218Z;0
ConnectorId : EDGE\Default internal receive connector EDGE
Source : SMTP
EventId : RECEIVE
InternalMessageId : 20
MessageId :
Recipients : {email@xxx.eu}
RecipientStatus : {}
TotalBytes : 1542
RecipientCount : 1
RelatedRecipientAddress :
Reference :
MessageSubject : TESTINFG
Sender : jsm@xxx.info
ReturnPath : jsm@xxx.info
MessageInfo : 00A: NTS:
MessageLatency :
MessageLatencyType : None
EventData :
[PS] C:\Windows\system32>
Reply

Paul Cunningham says:

December 20, 2012 at 11:13 am

If youre not receiving email then you need to test the connectivity to your server from the outside world. You can use tools such as
mxtoolbox.com to do this.
Reply

myrick says:

o
January 9, 2013 at 5:43 pm

same problem here. I can send email to internet but i cant receive email from the internet after ive installed edge transport server.
Before, without edge server, I can successfully receive mails externally.
report upon testing says its normal sync etc. but still i can not receive external mails.
PLEASE HELP
pls email: myrick.borillo@fortis.com.ph
Reply

nabil says:

January 17, 2013 at 8:36 am

same problem. user is experiencing intermittent email loss hes gets 00A: NTS:
and wierdly gets delivered to the mailbox and he is unable to see and the person who email is getting NDR.
Reply

Ram says:

January 24, 2013 at 10:36 pm

Please check receive connector on edge server go to receive connector properties and look at the permissions groups
anonymous users should be checked.
Ram

4.

Jamal says:
February 2, 2013 at 6:20 pm
Dear Mr. Paul,
Could you please advice me to backup exchange mailbox database and restore to a dissimilar hardware
I got stuck here .please help me
Reply

5.

depolo says:
February 6, 2013 at 1:59 am
Hi Paul, proud to read your usefull posts on exchange.
Please can you help me the issue im facing.
i have an exchange server 2007 SP1 edge server, and ive subscribed an exchange 2010 sp2 HT to it; now, when i run the
command test-edgesync, i receive an incomplete sync with a failure detail, in application log, i receive error 1004.
Please waitting for your help.
Thank you.
Reply

6.

Gowhar Rashid Zargar says:

May 7, 2013 at 7:59 pm
Hi Paul
I am running an Edge Server on separate workgroup named Edge
Have already created new accepted domain and New Edge Subscription
When I run the cmd for edge synchronization i get the following error:
RunspaceId : e70987c4-5341-4b2b-a2da-0ce148ce2221
Result : CouldNotConnect
Type : Recipients
Name : PB21EXCH03
FailureDetails : The LDAP server is unavailable.
StartUTC : 5/7/2013 9:56:03 AM
EndUTC : 5/7/2013 9:56:24 AM
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
RunspaceId : e70987c4-5341-4b2b-a2da-0ce148ce2221
Result : CouldNotConnect
Type : Configuration
Name : PB21EXCH03
FailureDetails : The LDAP server is unavailable.
StartUTC : 5/7/2013 9:56:03 AM
EndUTC : 5/7/2013 9:56:24 AM
Added : 0
Deleted : 0
Updated : 0
Plz help!!!!
Reply

Paul Cunningham says:

o
May 7, 2013 at 8:40 pm

Is there a firewall between the Hub Transports and Edge Transport? If so have you opened the correct ports?

Reply