locked
Edge transport fail connect to Hub transport RRS feed

  • Question

  • Hi,

    We have 2xedge and 2xhub servers for our exchange, we have follow the instruction given by technet. We getting error message at event log at Hub server. The port 50636 and 50389 are open at Edge and the domain of edge1.mydomain.com are able to resolve. 

    Event ID: 1024

    Failed to connect to the Edge Transport server ADAM instance with exception The LDAP server is unavailable.. This could be caused by a failure to resolve the Edge Transport server name edge1.mydomain.com in DNS, a failure trying to connect to port 50636 on edge1.mydomain.com, network connectivity issues, an invalid certificate, or an expired subscription. Verify your network and server configuration.

    [PS] C:\>START-Edgesynchronization

    RunspaceId     : 7d8f9838-ba09-4c2f-b6ba-8e51c1cb1d2c
    Result         : CouldNotConnect
    Type           : Recipients
    Name           : edge1
    FailureDetails : The LDAP server is unavailable.
    StartUTC       : 10/18/2011 3:09:22 AM
    EndUTC         : 10/18/2011 3:09:22 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    RunspaceId     : 7d8f9838-ba09-4c2f-b6ba-8e51c1cb1d2c
    Result         : CouldNotConnect
    Type           : Configuration
    Name           : edge1
    FailureDetails : The LDAP server is unavailable.
    StartUTC       : 10/18/2011 3:09:22 AM
    EndUTC         : 10/18/2011 3:09:22 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    Please advice!


    • Edited by ShiroBB Monday, April 29, 2013 3:22 AM
    Tuesday, October 18, 2011 3:29 AM

Answers

  • Hi Sukh,

    Thanks for the advice! We managed to resolve the issues, we found that the DNS having a cache, the server not able to resolve the FQDN of edge1. Now both edge able to run the command start-EdgeSynchronization and event log also no indicate error.

    But we have another problem, the mail not able deliver to the mailbox. Sending between local server was no problem, but only can not received email from outside such as yahoo or google. Sending out to outside domain no problem.

     

    • Marked as answer by ShiroBB Friday, November 4, 2011 1:54 AM
    Friday, November 4, 2011 1:54 AM

All replies

  • try this out

    http://technet.microsoft.com/en-us/library/cc671171%28EXCHG.80%29.aspx


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, October 18, 2011 7:45 AM
  • Hi,

    According to the URL given, our certificate thumbprints for both hub & edge was different. what would be the next?

    Tuesday, October 18, 2011 9:26 AM
  •  

    Please follow the steps below to troubleshoot the issue.

     

    1.    Remove edge subscription from Edge & hub using remove-edgesubscription

    2.    Restart the following services on HUB Transport Server

    Microsoft Exchange EdgeSync
    Microsoft Exchange Transport

    3.    Restart the following services on Edge Server

    Microsoft Exchange ADAM
    Microsoft Exchange Credential service
    Microsoft exchange Transport

    4.    Create a new subscription file & follow the same procedure to subscribe the edge again.

     

    Subscribing the Edge Transport Server to the Exchange Organization

    http://technet.microsoft.com/en-us/library/bb125236.aspx

     

    5.    Run Test-EdgeSynchronization.

     

    If it still fail, then please use get-exchangecertificate |fl to see if the certificate meet the FQDN of Edge Server, if it has been enabled for SMTP service.

     

    If not, then it could be the certificate related issue. You can refer to the Felix post in similar thread to solve the problem.

     

    EdgeSync Errors

     http://social.technet.microsoft.com/forums/en-US/exchangesvrtransport/thread/4349b146-ad6e-44a2-9d3e-52158eee8a5d/

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 19, 2011 6:41 AM
  • Thanks for the feedback!

    How can we retrieve the Hub Server Certificate stored in AD? Where these info (exchange server's certificate) store at AD?

    How to differentiate SAN cert and exchange self-sign cert? 

    Thursday, October 20, 2011 6:44 AM
  • Hi Shirobbb10,
    Exchange certificates is not stored in Active Directory.
    Run get-exchangecertificate | fl to get information about your certificates on both HUB and Edge.
    You will easily see if a certificate is selfsinged or not (IsSelfSigned: True/False)
    Martina Miskovic - http://www.nic2012.com/
    Saturday, October 22, 2011 4:54 AM
  • Hi Martina,

    Thanks for response! By running the command given our server using selfsigned certificate.

    IsSelfSigned       : True
    Issuer             : CN=MSG-HUB1
    NotAfter           : 8/19/2015 4:01:22 PM
    NotBefore          : 8/19/2010 4:01:22 PM
    PublicKeySize      : 2048
    RootCAType         : None
    Services           : SMTP
    Status             : Valid
    Subject            : CN=MSG-HUB1
    Thumbprint         : 584A3D8A7E333F3C9B4B45A8D6D9D26B879D0E28

    If we continue have problem when run Test-EdgeSynchronization for both hub transport server, can we remove self-signed certificate for both hub transport and run the self-sign cert again? How to self-sign cert for exchange?

    Thank You!

    Tuesday, October 25, 2011 1:34 AM
  • Hi Shirobb10,
    Using a selfsigned certificate for EdgeSync is totally supported.
    If there would be anything wrong with the certificate, Im pretty sure you would get that information in the Application Log.

    m.salah gave some good advice above.
    Did you follow any of them?


    Martina Miskovic - http://www.nic2012.com/
    Tuesday, October 25, 2011 5:44 AM
  • Hi Martina,

    You are rights, we receive a lot of error message at both of our hub server. The error message as below: 

    Event ID: 1024

    Failed to connect to the Edge Transport server ADAM instance with exception The supplied credential is invalid.. This could be caused by a failure to resolve the Edge Transport server name msg-edge1.mydomain.com in DNS, a failure trying to connect to port 50636 on msg-edge1.mydomain.com, network connectivity issues, an invalid certificate, or an expired subscription. Verify your network and server configuration.

    We have re-install both edge servers and create new subscription and follow the same procedure to subscribe the edge again. The domain can resolved at DNS, when we run the command Test-EdgeSynchronization it return with the result "FailureDetails : The LDAP server is unavailable."

    Any idea, why the edge not synchronize to hub?

     

    • Edited by ShiroBB Friday, October 28, 2011 2:38 AM
    Friday, October 28, 2011 2:37 AM
    1. Check port 50636 is open between the hub and edge. Do telnet tests and confirm and check with network team if firewall is allowing this.
    2. In the host of the edge, put in an entry so that is can resolve the HUB FQDN
    3. check DNS resolution from both the HUB and Edge, make sure they can resolve each other.

    Sukh
    • Proposed as answer by Weslee db Tuesday, January 27, 2015 10:05 AM
    Friday, October 28, 2011 5:52 AM
  • Yes , i do agree with Sukh828 ,there may be some connectivity issues with Hub and Edge .

    Try the steps given by Sukh828

    If the issue is still persisit then i would suggest you to restart your Edge and Hub server and then try new subscription again.

     


    Viral Rathod Blog : http://viralr.wordpress.com
    Friday, October 28, 2011 8:26 AM
  • Hi Sukh,

    Thanks for the response! To answer back your question:

    1. we have telnet to port 50636 & 50389 at both Hub transport to edge and it was open. We have check at both edge both port was running as well. Does port 50636 & 50389 need to open at Hub?

    2. We login to Edge transport and both can resolve HUB FQDN

    3. Both hub & edge can resolve to both each others.

    We have re-install edge and create new subscription at edge. But we still getting same error message.

    Thank You!

    Friday, October 28, 2011 9:20 AM
    1. Have you opened TCP and UDP for those ports?
    2. What happens when you run Start-EdgeSynchronization on the HUB?

    Sukh
    Friday, October 28, 2011 9:35 AM
  • We have enabled port 50636 for TCP & UDP

    The result return:

    [PS] C:\>Start-EdgeSynchronization


    RunspaceId     : 02c72f3c-beb2-4d50-aaf5-aa7c273d48be
    Result         : CouldNotConnect
    Type           : Configuration
    Name           : msg-edge1
    FailureDetails : The supplied credential is invalid.
    StartUTC       : 10/28/2011 10:08:56 AM
    EndUTC         : 10/28/2011 10:08:56 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    RunspaceId     : 02c72f3c-beb2-4d50-aaf5-aa7c273d48be
    Result         : CouldNotConnect
    Type           : Configuration
    Name           : msg-edge2
    FailureDetails : The supplied credential is invalid.
    StartUTC       : 10/28/2011 10:08:56 AM
    EndUTC         : 10/28/2011 10:08:56 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    RunspaceId     : 02c72f3c-beb2-4d50-aaf5-aa7c273d48be
    Result         : CouldNotConnect
    Type           : Recipients
    Name           : msg-edge2
    FailureDetails : The supplied credential is invalid.
    StartUTC       : 10/28/2011 10:08:56 AM
    EndUTC         : 10/28/2011 10:08:56 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    RunspaceId     : 02c72f3c-beb2-4d50-aaf5-aa7c273d48be
    Result         : CouldNotConnect
    Type           : Recipients
    Name           : msg-edge1
    FailureDetails : The LDAP server is unavailable.
    StartUTC       : 10/28/2011 10:08:49 AM
    EndUTC         : 10/28/2011 10:09:10 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

     

    Friday, October 28, 2011 10:14 AM
  • Can you configure the ports to it's allowed from the HUB>Edge
    Sukh
    Friday, October 28, 2011 10:30 AM
  • Sukh,

    Do you means the port 50636 need to be enabled at Hub transport?

     

    Saturday, October 29, 2011 3:27 AM
  • yes try from hub>edge
    Sukh
    Saturday, October 29, 2011 4:24 AM
  • Hi Sukh,

    We have enabled port 50636 at hub1 & hub2.  We have run the command netstat -nat below with the connectivity and the port for each server 

    Hub1

    TCP    10.68.194.21:30988     10.68.194.16:50636     ESTABLISHED     InHost
     TCP    10.68.194.21:30989     10.68.194.41:50636     ESTABLISHED     InHost

    Hub2

    TCP    10.68.194.7:12996      10.68.194.16:50636     ESTABLISHED     InHost
    TCP    10.68.194.7:12997      10.68.194.41:50636     ESTABLISHED     InHost

    Edge1

    TCP    10.68.194.41:50636     10.68.194.7:12997      ESTABLISHED     InHost
    TCP    10.68.194.41:50636     10.68.194.21:30989     ESTABLISHED     InHost

    Edge2

    TCP    10.68.194.16:50636     10.68.194.7:12996      ESTABLISHED     InHost
    TCP    10.68.194.16:50636     10.68.194.21:30988     ESTABLISHED     InHost

    When I run the command start-EdgeSynchronization, the error still same

    [PS] C:\>start-EdgeSynchronization


    RunspaceId     : 0ced7467-4ffc-4e33-bf41-1caff6bd102b
    Result         : CouldNotConnect
    Type           : Recipients
    Name           : msg-edge1
    FailureDetails : The supplied credential is invalid.
    StartUTC       : 10/31/2011 8:06:50 AM
    EndUTC         : 10/31/2011 8:06:50 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    RunspaceId     : 0ced7467-4ffc-4e33-bf41-1caff6bd102b
    Result         : CouldNotConnect
    Type           : Configuration
    Name           : msg-edge1
    FailureDetails : The supplied credential is invalid.
    StartUTC       : 10/31/2011 8:06:50 AM
    EndUTC         : 10/31/2011 8:06:50 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    RunspaceId     : 0ced7467-4ffc-4e33-bf41-1caff6bd102b
    Result         : CouldNotConnect
    Type           : Recipients
    Name           : msg-edge2
    FailureDetails : The supplied credential is invalid.
    StartUTC       : 10/31/2011 8:06:50 AM
    EndUTC         : 10/31/2011 8:06:50 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

    RunspaceId     : 0ced7467-4ffc-4e33-bf41-1caff6bd102b
    Result         : CouldNotConnect
    Type           : Configuration
    Name           : msg-edge2
    FailureDetails : The supplied credential is invalid.
    StartUTC       : 10/31/2011 8:06:50 AM
    EndUTC         : 10/31/2011 8:06:50 AM
    Added          : 0
    Deleted        : 0
    Updated        : 0
    Scanned        : 0
    TargetScanned  : 0

     

    Monday, October 31, 2011 8:07 AM
    1. Can you confirm that your HUB and EDGE servers are running the exact build, i.e SP and rollup?
    2. Can you also check the edge credential service and see if this is started?
    3. Also up the loggin - Get-EventLogLevel "MSExchange Edgesync*" | Set-EventLogLevel -Level High

    Sukh
    Monday, October 31, 2011 12:51 PM
  • Hi,

    1.

    Name                     Site                                   ServerRole       Edition       AdminDisplayVersion
    ----                         ----                                    ----------            -------        -------------------
    MSG-HUB1            messaging.mydomain.com  HubTransport  Standard   Version 14.0 (Build 639.21)
    MSG-HUB2            messaging.mydomain.com  HubTransport  Standard   Version 14.0 (Build 639.21)
    MSG-CAS1            messaging.mydomain.com  ClientAccess    Standard   Version 14.0 (Build 639.21)
    MSG-CAS2            messaging.mydomain.com  ClientAccess    Standard   Version 14.0 (Build 639.21)
    MSG-MAILSTORE2 messaging.mydomain.com  Mailbox           Standard   Version 14.0 (Build 639.21)
    MSG-MAILSTORE1 messaging.mydomain.com  Mailbox           Standard   Version 14.0 (Build 639.21)
    msg-edge1           messaging.mydomain.com  Edge              Standard    Version 14.0 (Build 639.21)
    msg-edge2           messaging.mydomain.com  Edge              Standard    Version 14.0 (Build 639.21)

    All updated to Rollup 5 for  exchange server 2010 (KB2407113)

    2. MSExchangeEdgeCredential was running at both edge server

    3. enabled the command. May I know what is the purpose of enable this?

     


    • Edited by ShiroBB Tuesday, November 1, 2011 2:38 AM
    Tuesday, November 1, 2011 2:34 AM
    1. I see that youre not running SP1, can you update all your servers to SP1 with the latest rollup?

     


    Sukh
    Tuesday, November 1, 2011 10:53 AM
  • Hi,

    Does it means we can't using edge if we are not using SP1?

    Wednesday, November 2, 2011 12:53 AM
  • Hi Sukh,

    We have discover something weird, when we shut down the edge1 the error message gone. The Hub was able sync to edge2, no error from event log. Whats wrong with our edge1? We install exactly like edge2, any idea why when the edge1 the error message immediately occurred? 

    Wednesday, November 2, 2011 5:40 AM
  • You can use edge without SP1 but I'd recommend you go to SP1.

    So the issue seems to be with Edge 1 only.

    Can you tell me the latest error you have for Edge 1?


    Sukh
    Wednesday, November 2, 2011 2:55 PM
  • Hi Sukh,

    Thanks for the advice! We managed to resolve the issues, we found that the DNS having a cache, the server not able to resolve the FQDN of edge1. Now both edge able to run the command start-EdgeSynchronization and event log also no indicate error.

    But we have another problem, the mail not able deliver to the mailbox. Sending between local server was no problem, but only can not received email from outside such as yahoo or google. Sending out to outside domain no problem.

     

    • Marked as answer by ShiroBB Friday, November 4, 2011 1:54 AM
    Friday, November 4, 2011 1:54 AM
  • Hi Sukh,

    Thanks for the advice! We managed to resolve the issues, we found that the DNS having a cache, the server not able to resolve the FQDN of edge1. Now both edge able to run the command start-EdgeSynchronization and event log also no indicate error.

    But we have another problem, the mail not able deliver to the mailbox. Sending between local server was no problem, but only can not received email from outside such as yahoo or google. Sending out to outside domain no problem.

     


    I did say that in my point 3, thought you had checked it.
    Sukh
    Friday, November 4, 2011 9:08 AM