Edge Transport

Similar Messages

• Edge Transport Attachment stripping based upon an emails Subject line.

  I am running Exchange 2010 on-prem with a 2013 Hybrid (including a 2013 Edge Transport server for message handling between on-prem and the o365 tenant) connecting to an o365 tenant. I use EMC's SourceOne for archiving running on-prem. The o365
  tenant points to a mailbox on my on-prem Journaling server.
  What I am seeing is that when o365 forwards emails as attachments from the cloud back to the on-prem Journaling server it is examining the subject line of the message and making a decision to strip the attachment based upon the very end of the subject line.
  Example: A simple text message with a subject line of: "Check out the new web site at www.xyz.com"
  The Edge transport server is seeing this as being a ".com" attachment and stripping it off before it gets to the Journaling server. So it does not appear to be looking inside the message to see what it actually is and figure out that it is not
  a ".com" file but a simple text message.
  I have seen this with other file extension types as well. Such as ".exe" . It is also stripping off ".zip" attachments as well, but I understand that and not sure how to deal with it.
  Has anyone else experienced this and how have you dealt with it? Microsoft wants me to take the Edge out of play and go directly to from the cloud to an on-prem Exchange server. But that is not an option as the on-prem servers are not exposed to the internet.
  Thanks, Bob
   

  Hi BobSwe,
  Thank you for your response.
  If you have resolved this question, please mark useful replies as answer.
  Thanks,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• Exchange Server 2013 Edge Transport Role

  Dear,
           I have a question regarding Exchange Server 2013 SP1 that, I have installed Edge Transport Server Role on separate box without Domain Joined. Obviously I installed Exchange CAS and Mailbox on Same box with
  Domain Joined in Corporate LAN.. But my edge is placed on DMZ and it is ready with all configuration, Mailbox Server Synchronization is also installed with Edge. Means all required configuration are properly configured and it is verified. But I want clients
  to OWA Access from Edge only. Because I want to restrict my internal network from the internet. So kindly provide me any possible ways to access OWA from Edge only ??. I have see some another methods like "Web Application Proxy instead of TMG because
  TMG is expired"..
  Kindly provide me possible ways or URL so I will configure it..
  Thanks.
   Fuzail (FM)

  Hi,
  Is there any further question on this thread?
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Mail flow to Edge Transport from a different AD site

  Trying to define a solution for *outbound* load balancing from Exchange 2013 organisation between Edge Transport servers.
  Setup:
  1 Edge Transport server in SiteA
  1 Edge Transport server ins SiteB
  Both subscribed to the AD site in SiteA and are therefore on the same send connector (to allow automatic load balancing and failover)
  Situation:
  Lets say all MBX/CA servers in SiteA go offline.  Can an MBX/CA server in SiteB send email directly to the Edge Transport that is subscribed to the AD site in SiteA, or does there need to be an MBX/CA server available in SiteA to hop through?
  I'm hoping for an answer to be backed up clearly by a TechNet article or authoritative source as I can't really work with guesses.
  Thanks.
  Let’s say I have an Edge Transport subscribed to ADSiteA.  All MBX/HT servers in ADSiteA go down.  Can a MB/HT server in ADSiteB send an email directly to an Edge Transport subscribed to ADSiteA, or does it need to hop through an MBX/HT in the
  subscribed site?
  David

  Hi David
  One or more Edge Transport servers can be subscribed to a single Active Directory site. However, an Edge Transport server can't be subscribed to more than one Active Directory site. If you have more than one Edge Transport server deployed, each server can
  be subscribed to a different Active Directory site. Each Edge Transport server requires an individual Edge Subscription.
  A subscribed Edge Transport server is associated with a particular Active Directory site. If more than one Hub Transport server exists in the site, any of them can replicate data to the subscribed Edge Transport servers.
  I dont think there is a solution to subscribe  edge servers for more than 1 site 
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com

• Co-Locate Client Access and Edge Transport Role on Same Server?

  Co-Locate Client Access and Edge Transport Role on Same Server?
  Is it possible/supported to install the Edge Transport Server Role on the same machine that the Client Access role is installed on now that 2013 SP1 has added support back in for the Edge Transport Role?
  jon

  No.
  Unless something has radically changed from before...
  EDIT
  No, nothing has changed:
  "If you want to install the Exchange 2013 Mailbox or Client Access roles on a computer, see
  Install Exchange 2013 Using the Setup Wizard. The Edge Transport role can't be installed on the same computer as the Mailbox or Client Access server roles."
  http://technet.microsoft.com/en-us/library/dn635117(v=exchg.150).aspx
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Edge Transport Server - Exchange 2013 coexistence Exchange 2007

  Hi Exchange-Gurus,
  We have one Exchange Org.
  sub AD Domain1: A.domain.com (with Exchange 2007 SP3 R10)
  sub AD Domain2: B.domain.com (with Exchange 2013 CU6); DMZ contains Exchange Transport Server - Exchange 2013
  Is it possible to install within the DMZ of AD Domain1   a Edge Transport Server - Exchange 2013?
  Thanks.
  Guitarman

  Hi Guitar,
  Thank you for your question.
  Is it possible to install within the DMZ of AD Domain1 
  an Edge Transport Server - Exchange 2013?
  A: Yes, we could create an Exchange 2013 Edge server on the DMZ of AD domain1.
  Notice: Before we create an EdgeSync Subscription between an Exchange 2007 Hub Transport server and an Exchange 2013 SP1 Edge Transport server, we need to install Exchange 2007 SP3
  Update Rollup 13 or later on the Exchange 2007 Hub Transport server.
  We could refer to the following link:
  https://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
  If there are any questions regarding this issue, please be free to let me know.
  Best Regard,
  Jim

• RBL not working on Exchange 2013 Edge Transport

  Single multi-role server with a couple of mailboxes, recently added an Edge Transport server. After configuring the Edge Subscribtion I added sen.spamhaus.org as a RBL Provider:
  Add-IPBlockListProvider -Name Spamhaus -LookupDomain zen.spamhaus.org
  This is not working. A lot of spam is still entering Exchange and the http://www.crynwr.com/spam/ test failed.
  Both servers run Exchange 2013 CU5.
  Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!

  Hi,
  Yes, the command is specific for provider SpamHaus.
  http://tweaks.com/windows/40003/cut-down-on-spam-with-ip-block-list-providers-rbl/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Have you added the additional parameters in the command and did it work?
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Managing Exchange Edge Transport Role from my workstation

  Hi Guys
  I want to manage my Edge Transport Role (2010 sp3) that resides in DMZ  from my workstation that resides on internal network. 
  What ports EMC 2010 is using? so I can open them on firewall.
  How can I add edge transport server in my EMC when ports are opened?
  Thanks in Advance
  Farhad

  Hi Farhad,
  I find a topic that provides information about ports, authentication, and encryption for all data paths. Details for your reference:
  http://technet.microsoft.com/en-us/library/bb331973(v=exchg.141).aspx
  Information :
  1. On servers that have Internet Information Services (IIS) installed, Windows opens the HTTP port (port 80, TCP) and HTTPS port (port 443, TCP). Exchange 2010 Setup doesn't open these ports. Therefore, these ports don't appear in the preceding table.
  2. Make sure the Port 25 open by communication between Hub and Edge, Edge and Edge.
  Thanks

• How to install and configure ms exchange server 2007 both role hub and edge transport role in one network

  How to install and configure ms exchange server 2007 both role hub and edge transport role in one network 

  Hi,
  Edge role is design for perimeter networks, to keep security risks minimum.  So it’s not recommended to have edge role in internal network. Must have separate network or subnet for edge services.
  If you are playing around it in labs, then you can put edge role within same subnet as other exchange roles and no specific requirements in that case.
  Thanks.
  MachPanel - Premium Cloud Automation Solution

• Deploy Exchange 2013 Edge Transport Server for multi-site environment

  Hi,
  I have a multi-site Exchange 2013 environment. The configurations are as below.
  Active Directory Sites and Exchange Servers.
  SiteA - EXMB1 & EXCAS1
  SiteB - EXMB2 & EXCAS2
  SiteC - EXMB3 & EXCAS3
  All sites are connected via VPN. (Good speed. No latency issues)
  All the three Mailbox Servers are in DAG. Only one mailbox database. All servers running Exchange 2013.
  I am planning to deploy Edge Servers in the infrastructure (I am doing it for the first time). Normally, it will be in DMZ.
  Now, I can deploy 2 Edge Servers for reliability.
  Question.
  1. Can I deploy 2 Edge Servers and create subscription to all the mailbox server in 3 different site? Or, is it like one edge server can make subscription to only mailbox servers in one Active Directory Site? I am not sure about this and could not find much
  information from TechNet.
  One Edge Server can make subscription to all 3 mailbox server in 3 sites. Similarly, I can make the subscriptions in the second edge server as well. Configure 2 external MX records with the same priority so that there will be some load balancing.
  Also, in such a case if the mailbox database become active from a different site, I need not make any new changes to the Edge Servers right?
  2. If the first way is not correct, I will have to deploy 1 Edge Server each for each of the Active Directory Site. (In DMZ only, not in domain)
  Make Edge Subscription to the mailbox server in corresponding site.
  Make 1 MX record and point it to the Edge Server which is subscribed to the Mailbox Server from which the Database is Active. The problem is, every time will have to change the DNS record when ever the database copy is activated from a different mailbox
  server. And the issues with propagation.. delay..
  I am not sure which of the above 2 ways will work. Appreciate suggestions from anyone who have previous experience with similar infrastructure.
  Thanks in advance. :)

  Hi 
  One or more Edge Transport servers can be subscribed to a single Active Directory site. However, an Edge Transport server can't be subscribed to more than one Active Directory site. If you have more than one Edge Transport server deployed, each server can be
  subscribed to a different Active Directory site. Each Edge Transport server requires an individual Edge Subscription.
  A subscribed Edge Transport server is associated with a particular Active Directory site. If more than one Mailbox server exists in the site, any of them can replicate data to the subscribed Edge Transport servers.
  I don't think there is a solution to subscribe  edge servers for more than 1 site. Edge Servers can be scoped only to one site.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Edge Transport Role as Email Gateway

  Hi Experts,
  We are planing to deploy exchange email server (Exchange Server-2013 Multi-Role servers) in our HQ (contoso.com) and 4 Edge Transport in other 4  client development sites(client1.com, clinet2.com, client3.com and Client4.com) so that applications running
  in HQ can send emails to respective client development sites domain using edge transport. Development sites are using external email address (mail.clinet1.com and so on). There is no requirement of incoming mail on Edge in Client site because they have compete
  hosted email solution. Just our Edge transport in client will process the mail received from HQ and will forward to Client's  External email address.
  I would appreciate if you can help me to get answer for these queries.
  Do you think this conceptual design is possible? Exchange solution in HQ and Edge transport in Client site and that Edge will forward emails to External Domain using send connector for  restive client's domain? 
  What secure (Only secure) port we need to open on Edge so that It can talk to External Email servers to deliver emails? 
  If we don't want to expose our Multi-Role exchange severs in HQ to Internet , do you think Exchange server in HQ  should be capable for incoming emails using one additional EDGE or still need to expose CAS services in HQ. We need Outlook, OWA and
  Active Sync as well for HQ (contoso.com).
  What secure port we need to open in case of CAS server? 

  Hi  Lynx
  Thank you for your question.
  I think you have a CAS and mailbox in your site. In order to receive HQ’s email, you can create accept domain, you can refer to the following link:
  http://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx
  in your HQ, I suggest you can separate multi-role servers into two parts, you can do NLB and DAG, because NLB cannot co-existed with DAG. I also suggest you have an edge server in your HQ.
  If client site want to talk to external email, you need to register domain name in your ISP, for example mail.domain.com,autodiscovery.domain.com……
  Secure ports were opened  that is determined  the connect way of your outlook; the more details you can refer to the following link:
  http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx
  If there are any questions, please let me know.
  Best Regard,
  Jim

• Exchange 2013 Edge Transport Replacement

  Hi all,
  I have a quick question regarding a new 2013 Edge Transport that I need to move to a physical machine.
  It currently resides on a VM and I would like to decommission this machine, remove the edge subscription and redeploy the same configuration on a physical box.
  Do you see any issues using the same name and IP with the new box?  I know it says it is not supported to rename the edge, but If I remove it completely and redeploy?

  Hi Scott4768,
  Based on my experience, you should uninstall the EDGE server which on a VM and then re-install it on a physical box, and you could use the same IP and name.
  In simple terms, the steps are following:
  1. Remove-EdgeSubscription
  2. uninstall EDGE server
  3. re-install EDGE server on a physical box
  4. Create New-EdgeSubscription
  Best regards,
  Eric

• Exchange 2013 Edge Transport install fails

  I'm trying to install the Edge Transport for Exchange 2013 but it gets to step 7 of 9:
  then give's the following error
  Error:
  The following error was generated when "$error.Clear();
   new-ExchangeServer
  " was run: "Value cannot be null.
  Parameter name: Cannot get child of ADObjectId: this is a GUID based ADObjectId.".
  Then in event viewer I have the following two events.
  Watson report about to be sent for process id: 260, with parameters: E12IIS, c-RTL-AMD64, 15.00.0847.032, ExSetupUI, M.E.Data.Directory, M.E.D.D.ADObjectId.GetChildId, System.ArgumentNullException, 2ac6, 15.00.0847.031.
  ErrorReportingEnabled: True
  and
  Exchange Server component Edge Transport Role failed.
  Error: Error:
  The following error was generated when "$error.Clear();
   new-ExchangeServer
  " was run: "Value cannot be null.
  Parameter name: Cannot get child of ADObjectId: this is a GUID based ADObjectId.".
  I've rebuilt the server but since it has something to do with the GUID I assumed it wouldn't work but I was grasping at straws and it didn't fix the issue.
  I can run the setup again and it does finish but it doesn't show up in the list of servers in the ecp management. I've yet to find a solution on this issue if anyone has a suggestion or two it would be greatly appreciated.

  Thanks for response.
  when I run Get-ExchangeServer I get the following
  Name                Site                 ServerRole  Edition     AdminDisplayVersion
  Exchange03                               Edge        Standard... Version
  15.0 (Bu...
  and the errors that are in the log
  [02/17/2015 20:06:33.0084] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: ADAM is installed on this machine; only the Microsoft Exchange Edge Transport server role may be installed.  See the Exchange setup log
  for more information on this error.
  [02/17/2015 20:07:50.0288] [1] The following 1 error(s) occurred during task execution:
  [02/17/2015 20:07:50.0288] [1] 0.  ErrorRecord: Service SMTPSVC was not found on computer '.'.
  [02/17/2015 20:07:50.0288] [1] The previous errors were generated by a non-critical task and will be ignored.
  then I have a load of error that failed to load dependency below is a small sample
  [02/17/2015 20:07:57.0648] [2] Process standard output: Installing assembly C:\Program Files\Microsoft\Exchange Server\V15\bin\edgetransport.exe
  Failed to load dependency Microsoft.Management.OData of assembly Microsoft.Exchange.Configuration.ObjectModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception
  from HRESULT: 0x80070002)
  Failed to load dependency Microsoft.Ceres.InteractionEngine.Processing.BuiltIn of assembly Microsoft.Exchange.Data.Storage, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified.
  (Exception from HRESULT: 0x80070002)
  Failed to load dependency Microsoft.Ceres.NlpBase.RichTypes of assembly Microsoft.Exchange.Data.Storage, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception
  from HRESULT: 0x80070002)
  Failed to load dependency System.IdentityModel.Tokens.Jwt of assembly Microsoft.Exchange.Security, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception from
  HRESULT: 0x80070002)
  Failed to load dependency Microsoft.Passport.RPS of assembly Microsoft.Exchange.Security, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception from HRESULT:
  0x80070002)
  Thanks

• Edge Transport 2013

  Is it possible to install the Edge Transport Role with the CAS server role on Exchange 2013 SP1? If so, I read that the Edge Transport must not be domain joined, but does the CAS have to be if I use a dual-role box? (Am I answering my own question? :-))
  Thanks for thoughts, explainations and help

  Hi, 
  You want to install the Edge Transport Role with CAS server role on Exchange Server 2013 SP1.
  As per my information, Edge Transport Role is installed in a Perimeter network.
  You can install the Edge Transport Server Role on a domain- joined computer only for enabling domain management of windows features and settings.
  The Edge Transport Server Role does not use Active Directory itself. Instead, it uses the Active Directory Lightweight Directory Services (AD LDS) windows feature to store configuration and recipient information.
  That’s why Edge Transport Role can’ be installed on the same computer as the Mailbox or Client Access server roles install.
  Thanks and regards
  Ashish@S 
  Ashish@V

• Edge Transport Upgrade to SP3

  I am in the process of upgrading my Exchange 2010 Edge Server to SP3.  The Edge Server sits in a DMZ part of the DMZ Workgroup.  While the EMC updated to SP3, the Edge Transport has not.
  The following error was logged:
  [05/01/2014 02:22:13.0642] [1] 0.  ErrorRecord: The AD LDS schema import process ldifde.exe failed with error code 8224.  No schema has been imported into AD LDS. View the Setup logs for more information.
  [05/01/2014 02:22:13.0642] [1] 0.  ErrorRecord: Microsoft.Exchange.Management.Edge.SetupTasks.AdamSchemaImportProcessFailureException: The AD LDS schema import process ldifde.exe failed with error code 8224.  No schema has been imported into AD LDS.
  View the Setup logs for more information.
     at Microsoft.Exchange.Management.Edge.SetupTasks.ManageAdamService.ImportAdamSchema(String instanceName, String schemaFilePath, String macroName, String macroValue)
     at Microsoft.Exchange.Management.Edge.SetupTasks.InstallAdamSchemaTask.InternalProcessRecord()
  [05/01/2014 02:22:13.0688] [1] [ERROR] The following error was generated when "$error.Clear(); 
   install-AdamSchema -LdapFileName ($roleInstallPath + "\Setup\Data\schemaadam.ldf")
  " was run: "The AD LDS schema import process ldifde.exe failed with error code 8224.  No schema has been imported into AD LDS. View the Setup logs for more information.".
  My question is, should the upgrade be able to contact our AD domain to get the schema import?  Or should I export this data from our AD domain controller?
  Thank you for reviewing.

  Hello,
  Before you upgrade edge transport server, you need to upgrade other exchange server role to sp3.
  Normally, if the Microsoft Exchange EdgeSync service can performs scheduled updates, the information in AD LDS will remain current.
  It is able to contact your AD domain to get schema import during upgrading.
  I recommend you check if 50636 port is opened during updating exchange 2010 Edge server to sp3.
  Please use EXBPA again your exchange server health.
  Please check if there is related error in application log.
  Cara Chen
  TechNet Community Support

• Positioning and role of Edge Transport Server

  Good afternoon, all!
  I'm working on a new Exchange design and implementation project.  I had some research that seemed to indicate that I could have my Edge Transport server in the DMZ to receive Internet mail and to act as a web proxy for the Client Access server residing
  in the internal network.  However, in my testing I haven't found where that is possible.
  Will the Edge Transport server provide that capability or will I need to open a path to the Client Access/Mailbox server?  Is there a tradeoff in separating the Client Access server into a separate machine in the DMZ for remote access, that is, if the
  Edge Transport server won't supply web proxy services, will I need to make a separate machine for Client Access?
  Thanks!
  Gregg

  Hi Gregg,
  Based on my knowledge, Edge Server role handles Internet-facing mail flow and act as an SMTP relay and smart host for Exchange servers in your internal network. We can use Edge server if don't want to expose internal CAS and MBX. We can also
  configure Anti-Spam on Edge server to block specific emails.
  Unlike other Exchange server roles, the Edge server doesn’t need to be a member of an AD domain, so locating it within a DMZ does not create any difficult firewall configurations.
  Confirm that any firewall between your Exchange servers and Edge servers allow port 53 for DNS resolution and port 25 for SMTP traffic.
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support