none
Edge server not forwarding mail to Hub Transport server

    Question

  • I have an exchange 2010 VM with latest SP hosting around 500 mailboxes. I wanted to take some of the load off this box so I set up another box, loaded Exchange 2010 with the latest service pack and loaded the Edge Transport role on it. I ran the new-edgesubscription cmdlet, copied the file to the HT server and created a new subscription. I have several sites in AD so I chose the site that corresponded to the IP address of the Exchange server. My problem is there is no mail passing between the servers. Here is what I have tried so far:

    I can telnet to port 25 on both the HT and Edge servers, and port 50636 on edge server.

    I can ping NetBIOS and DNS name of both machines from each other.

    DNS suffix was added PRIOR to installing edge transport role.

    Running get-edgesubscription on HT shows the Site being used, but on Edge site is blank, is this normal?

    If I run start-edgesynchronization, I can see the data being replicated to the edge.

    If I run test-edgesynchronization from HT, the status is Normal.

    If I run get-exchangecertificate and look at the cert thumbprint on both boxes, they are different (from what I read they should be?)

    Two Send connectors are created and they are both replicated to the edge, along with accepted domains.

    Initially, when I created the subscription, I looked in event viewer on HT and saw Event ID 10104 and 1024, but running start-synchronization seemed to replicate so I thought it may be a one time error. This may be my issue. I have a 3rd party cert on my HT server to accept mail and allow TLS to mail.mydomain.com. Any help would be greatly appreciated. I'm ready to pull my hair out. I have reloaded this edge server twice trying to figure out what is going on.


    Jeff Green MCSA/MCSE 2003, MCITP 2008

    Thursday, December 11, 2014 3:12 AM

Answers

  • OK, first off, I'm not sure that adding an Edge server is going to reduce any of the load on your mailbox server - all emails bound for your system are going to hit the mailbox server anyway, so unless you have huge amounts of spam and viruses bound for your system, the savings will be negligible.

    That being said, it's not a bad thing to deploy an Edge Server.  So let's see if we can figure out why yours isn't working as expected.  When you deployed the edge, did you follow all the steps in the following two articles?

    If you did follow the steps, do you now see the Edge Server in the list of Exchange servers in the EMC under Server Configuration (not one of its subnodes)?

    Thursday, December 11, 2014 1:40 PM
  • It looks like the answer to this was to go into my Receive connector on the HT server and under the Authentication tab, choose Exchange Server Authentication, and on the Permission Groups tab, choose Exchange Servers. Thanks Willard for all your help on this.


    Jeff Green MCSA/MCSE 2003, MCITP 2008

    Thursday, December 18, 2014 9:44 PM

All replies

  • OK, first off, I'm not sure that adding an Edge server is going to reduce any of the load on your mailbox server - all emails bound for your system are going to hit the mailbox server anyway, so unless you have huge amounts of spam and viruses bound for your system, the savings will be negligible.

    That being said, it's not a bad thing to deploy an Edge Server.  So let's see if we can figure out why yours isn't working as expected.  When you deployed the edge, did you follow all the steps in the following two articles?

    If you did follow the steps, do you now see the Edge Server in the list of Exchange servers in the EMC under Server Configuration (not one of its subnodes)?

    Thursday, December 11, 2014 1:40 PM
  • Thank you for your reply. I should have been a bit more specific. We were using another spam filtering solution and decided to use FPE 2010 instead. I thought it best to do this on an Edge server which is the main reason for moving to an edge server.

    As far as those links, the first one appeared to be for Ex2003. As for the second one, yes I have followed those steps as well as the next article dealing with configuration.

    For your last question, yes, my edge server DOES appear in the list of servers under Server Configuration and the versions match.


    Jeff Green MCSA/MCSE 2003, MCITP 2008

    Thursday, December 11, 2014 6:47 PM
  • That's a perfectly valid reason to deploy an edge - have messaging hygiene done before it hits your back-end systems.

    Sorry about the first link - yes, it's for deploying the edge into Exchange 2003 before you add Exchange 2010.  That's not what I connected to when I copied the link, but something got messed up.  Happens, I guess.  s-:

    Where are your emails getting queued?  Are they sitting on your new edge server waiting to be delivered?

    Thursday, December 11, 2014 8:13 PM
  • Yes they are staying in edge queue. They are accepted fine. Thanks.

    Jeff Green MCSA/MCSE 2003, MCITP 2008

    Thursday, December 11, 2014 8:16 PM
  • What is the error they are showing for transferring into the other Exchange servers?
    Friday, December 12, 2014 12:51 PM
  • When I look at the emails stuck in the queue the last error field is blank.

    Jeff Green MCSA/MCSE 2003, MCITP 2008

    Friday, December 12, 2014 7:02 PM
  • Are the items in retry status?
    Friday, December 12, 2014 7:18 PM
  • They are in retry status.

    Jeff Green MCSA/MCSE 2003, MCITP 2008

    Friday, December 12, 2014 9:03 PM
  • OK, strange - every time I've had items in a retry status, they show the last error.  Try getting specific info about one of the messages in the queue and see if you can learn anything from that:

    Get-TransportServer <server name> | Sort Name | Get-Queue | Select -First 1 | Get-Message | Fl

    Monday, December 15, 2014 1:28 PM
  • Sorry, you are right. I was looking at the Last Error of the email and not the queue. Here is the error. "451 4.4.0 Primary IP target address responded with 451 5.7.3 Cannot achieve Exchange server authentication..." I have removed the edge subscription, gone into MMC, services, MS ADAM and removed the cert there, restarted ADAM, removed subscription on Exchange, restarted Transport and tried the process again to no avail. Hopefully you can shed some light on this.

    Am I right in assuming the two Send connectors (EdgeSync - Inbound to Site, EdgeSync - Site to Internet are the only two connectors I need to make this work? Do I still need my internet receive and internet send connectors? Are these causing my problems?

    Also, I retried a second time and now it says it can't connect. I can telnet from edge to port 25 of HT server.


    • Edited by JeffG2583 Monday, December 15, 2014 10:59 PM
    Monday, December 15, 2014 10:32 PM
  • OK, I modified my receive connector and added exchange auth and was able to get mail from edge to HT. I thought I had read that the only two connectors required were the two that the edge subscription creates, but others wouldn't affect edge transport? Did I just Band-Aid the problem by adding exchange auth to my receive connector? I guess my question is, to have an edge on one box and HT, CAS and MB on another box, what is the proper send/receive connector config? As it stands now, I have the default internet receive on edge along with the two auto generated send connectors on both servers. I also have an Internet Receive connector on the exchange server that I have to leave on until the Edge Server works as its supposed to... Thanks for your help.

    Jeff Green MCSA/MCSE 2003, MCITP 2008


    • Edited by SnG 2K Tuesday, December 16, 2014 2:11 AM
    Tuesday, December 16, 2014 1:27 AM
  • When I deployed my own edge servers, they created their own receive connectors, and I've never had an issue with their default connectors.  I'll need to get you their settings later, since I can't access them right now.
    Tuesday, December 16, 2014 1:23 PM
  • It looks like the answer to this was to go into my Receive connector on the HT server and under the Authentication tab, choose Exchange Server Authentication, and on the Permission Groups tab, choose Exchange Servers. Thanks Willard for all your help on this.


    Jeff Green MCSA/MCSE 2003, MCITP 2008

    Thursday, December 18, 2014 9:44 PM