Edge Transport Sync Error - 421 4.2.1 unable to connect



    I have installed Exchange 2007 and have it working on one server using the Hub Transport.  I am now wanting to add the Edge Transport.  I have created the server and put it in a DMZ outside the local domain.  The Perminiter IP  has been added to the Local domain DNS and can be pinged by the EDGE server name from inside the domain.  I exported the Edge XML file and created a new subcribtion on the Hub Transport.   I was able to get record into the EDGE queue from the internet, but the message do not relay on to the Hub Transport and the client mailboxes.  The error I get on the edge is as follows:


    451 4.4.0 primary target ip address responded with 421 4.2.1 unable to connect

    I have verfied that smpt port is open and the ADAM port is available in one direction from the Hub transport to the Edge.  Can someone give me a clue to what else to try.  Thanks in advance for your assistance.
    Tuesday, May 13, 2008 3:06 PM


All replies

  • Both HT and Edge uses FQDN names to locate each other, make sure that names resolvs correctly.

    When you set up the edgesync process, did it create receive and send connectors pointing to each other?

    also make sure that port 25 is open in both directions between HT and Edge



    Wednesday, May 14, 2008 6:23 PM
  • Hi,
    The Edge Transport servers and the Hub Transport servers must be able to use DNS host resolution to locate each other.Verify that Domain Name System (DNS) host name resolution is successful from the Edge Transport server to the Hub Transport servers, and from the Hub Transport servers to the Edge Transport server. Try to ping the FQDN of your Hub Server from Edge Server and ping the FQDN of your Edge Server to Hub Server.

    Please refer to the below article to check the configuration.

    Configuring DNS Settings for Exchange 2007 Servers.

    After that,please try to run "Start-EdgeSynchronization -Server <Hub Transport server name>Start-EdgeSynchronization -Server <Hub Transport server name>" to force synchronization to start immediately.
    How to Force EdgeSync Synchronization
    Then,please run "Test-EdgeSynchronization" from Exchange management shell to test whether the subscribed Edge Transport servers have a current synchronization status
    Subscribing the Edge Transport Server to the Exchange Organization
    Understanding the EdgeSync Synchronization Process
    Hope it helps.


    Thursday, May 15, 2008 6:54 AM
  • The Edge server is not able to resolve name of the  Exchange server.  My problem here some in experience with networks and DNS.  The Edge Server is in a Perimiter network and cannot get to the DNS server behind the ISA firewall and therefor cannot resolve the DNS name of the Exchange server.  How can I configure an access rule in ISA for a server in the permiter network (EDGE) to use the DNS behind an ISA firewall to do DNS?  Please advise. Thanks


    • Proposed as answer by LostSoul652 Friday, March 29, 2013 8:31 AM
    Thursday, May 15, 2008 4:19 PM
  • After reading you answer I beleive the problem maybe commication DNS resolution from the Edge to Exchange.   When I go to the Edge and issue a ping command using the Exchange server name it is not resolved.  So this leads me to believe my problem is with the perminiter ISA firewall.   I need to help configuring ISA to let the EDGE server have access to the DNS sever on the internal domain.   Can someone assist me with this?  Thanks for you assistance in advance.

    Thursday, May 15, 2008 5:16 PM
  • On Edge server you can edit the hosts file and enter the internal servername and IP to see if it works.

    this is not a long term solution but rather quick fix to make it work


    Thursday, May 15, 2008 5:19 PM
  • How can I verify that the Edge Server is communication on port 25 with Exchange?


    Thursday, May 15, 2008 5:22 PM
  • on Edge server open a command line window and enter "telnet TheInternalHTFQDN 25" 

    If HT answers everything should be OK



    Thursday, May 15, 2008 8:33 PM
  • I am just having no luck implementing with Exchange 2007 Edge server.  Here is what I have set up.  I have a sonicwall connected to the internet.   the Edge server is conected to the Sonicwall forming the DMZ area.  The Exchange Edge is also connect to a switch connecting it to an ISA server froming the second firewall.  The Exchange edge server has two network card in it.  One network card is set to the sonicwall and has a gateway configured to the sonic wall.  The second card is configured to a perimeter network connected to ISA.  There is no gateway configured on the second network card. The second hard does have the internal dns configured on it.   What I believe is happening is that STMP traffic is recieved from the internet and put in the Queue. I have received records and see them in the queue.  What I believe then happens is that the Exchange Edge tries to relay the mail to the Exchange Hub and it cannot find it because the network traffic goes back to the sonicwall gateway and it doesn't know how to send it to the ISA Server.  I know that I am missing something.  How do I can't seem to get the Edge to talk to both firewalls.  Any help word be appreciated.  I thought the edge subcription would cause the Edge and Hub to automatically commuicate, but the Edge can't find the Hub because traffic is getting lost because it uses the gateway of the first firewall and doesn't know how to get to the second firewall. 


    Tuesday, May 20, 2008 3:30 PM
  • you must get the IP routing correct before this will work, and if there is no connection to a DNS with the internal servername you can edit the hosts file for name resolution on the Edge server



    Tuesday, May 20, 2008 6:32 PM
  • I understand that I can use a Host file, but what do I put in it, the Ip address of the ISA fire wall or the IP address of the Hub behind the firewall.   The edge cannot see the Exchange rehind the firewall even with all of the smpt rules created.   I can Telnet on port 25 to the exchange server using the Ip address of the Isa Firewall, but this doesn't seem correct to me.   It seems like I have to tell the smpt relay on the edge to go to the ISA firewall to get anytype of comunication.  Still Stuck.?


    Tuesday, May 20, 2008 7:02 PM
  • name in hosts must be the same as the internal HT servername.

    IP is the IP that Edge can connect to HT with. In your case the ISA IP seems to work.


    Thursday, May 22, 2008 5:48 PM