Edge Transport Role as Email Gateway

Hi Experts,
We are planing to deploy exchange email server (Exchange Server-2013 Multi-Role servers) in our HQ (contoso.com) and 4 Edge Transport in other 4  client development sites(client1.com, clinet2.com, client3.com and Client4.com) so that applications running
in HQ can send emails to respective client development sites domain using edge transport. Development sites are using external email address (mail.clinet1.com and so on). There is no requirement of incoming mail on Edge in Client site because they have compete
hosted email solution. Just our Edge transport in client will process the mail received from HQ and will forward to Client's  External email address.
I would appreciate if you can help me to get answer for these queries.
Do you think this conceptual design is possible? Exchange solution in HQ and Edge transport in Client site and that Edge will forward emails to External Domain using send connector for  restive client's domain? 
What secure (Only secure) port we need to open on Edge so that It can talk to External Email servers to deliver emails? 
If we don't want to expose our Multi-Role exchange severs in HQ to Internet , do you think Exchange server in HQ  should be capable for incoming emails using one additional EDGE or still need to expose CAS services in HQ. We need Outlook, OWA and
Active Sync as well for HQ (contoso.com).
What secure port we need to open in case of CAS server? 

Hi  Lynx
Thank you for your question.
I think you have a CAS and mailbox in your site. In order to receive HQ’s email, you can create accept domain, you can refer to the following link:
http://technet.microsoft.com/en-us/library/bb124423(v=exchg.150).aspx
in your HQ, I suggest you can separate multi-role servers into two parts, you can do NLB and DAG, because NLB cannot co-existed with DAG. I also suggest you have an edge server in your HQ.
If client site want to talk to external email, you need to register domain name in your ISP, for example mail.domain.com,autodiscovery.domain.com……
Secure ports were opened  that is determined  the connect way of your outlook; the more details you can refer to the following link:
http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx
If there are any questions, please let me know.
Best Regard,
Jim

Similar Messages

  • Co-Locate Client Access and Edge Transport Role on Same Server?

    Co-Locate Client Access and Edge Transport Role on Same Server?
    Is it possible/supported to install the Edge Transport Server Role on the same machine that the Client Access role is installed on now that 2013 SP1 has added support back in for the Edge Transport Role?
    jon

    No.
    Unless something has radically changed from before...
    EDIT
    No, nothing has changed:
    "If you want to install the Exchange 2013 Mailbox or Client Access roles on a computer, see
    Install Exchange 2013 Using the Setup Wizard. The Edge Transport role can't be installed on the same computer as the Mailbox or Client Access server roles."
    http://technet.microsoft.com/en-us/library/dn635117(v=exchg.150).aspx
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  • Managing Exchange Edge Transport Role from my workstation

    Hi Guys
    I want to manage my Edge Transport Role (2010 sp3) that resides in DMZ  from my workstation that resides on internal network. 
    What ports EMC 2010 is using? so I can open them on firewall.
    How can I add edge transport server in my EMC when ports are opened?
    Thanks in Advance
    Farhad

    Hi Farhad,
    I find a topic that provides information about ports, authentication, and encryption for all data paths. Details for your reference:
    http://technet.microsoft.com/en-us/library/bb331973(v=exchg.141).aspx
    Information :
    1. On servers that have Internet Information Services (IIS) installed, Windows opens the HTTP port (port 80, TCP) and HTTPS port (port 443, TCP). Exchange 2010 Setup doesn't open these ports. Therefore, these ports don't appear in the preceding table.
    2. Make sure the Port 25 open by communication between Hub and Edge, Edge and Edge.
    Thanks

  • How to install and configure ms exchange server 2007 both role hub and edge transport role in one network

    How to install and configure ms exchange server 2007 both role hub and edge transport role in one network 

    Hi,
    Edge role is design for perimeter networks, to keep security risks minimum.  So it’s not recommended to have edge role in internal network. Must have separate network or subnet for edge services.
    If you are playing around it in labs, then you can put edge role within same subnet as other exchange roles and no specific requirements in that case.
    Thanks.
    MachPanel - Premium Cloud Automation Solution

  • Exchange Server 2013 Edge Transport Role

    Dear,
             I have a question regarding Exchange Server 2013 SP1 that, I have installed Edge Transport Server Role on separate box without Domain Joined. Obviously I installed Exchange CAS and Mailbox on Same box with
    Domain Joined in Corporate LAN.. But my edge is placed on DMZ and it is ready with all configuration, Mailbox Server Synchronization is also installed with Edge. Means all required configuration are properly configured and it is verified. But I want clients
    to OWA Access from Edge only. Because I want to restrict my internal network from the internet. So kindly provide me any possible ways to access OWA from Edge only ??. I have see some another methods like "Web Application Proxy instead of TMG because
    TMG is expired"..
    Kindly provide me possible ways or URL so I will configure it..
    Thanks.
     Fuzail (FM)

    Hi,
    Is there any further question on this thread?
    Thanks,
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Simon Wu
    TechNet Community Support

  • Exchange 2013 SP1 - Edge Tranport Role

    Hi.
    When Exchange 2013 was released only CAS & Mailbox roles where available. Hub & Edge Transport server roles were discontinued.
    Now with Exchange 2013 SP1, the edge transport role has came back.
    Question:
    1. Can I deploy a new Exchange 2013 Infrastructure without the Edge Transport Role. This will be a fresh deployment.
    I plan to have a UTM with spam blocking at the perimeter instead of the Edge Server?
    2. will there any be problems without an Edge Transport ?
    Thanks,
    Paul

    Hi ,
    Please find the below mentioned points .
    1. Can I deploy a new Exchange 2013 Infrastructure without the Edge Transport Role. This will be a fresh deployment.
    I plan to have a UTM with spam blocking at the perimeter instead of the Edge Server?
    Answer :
    Just ensure that the product is having all the features as you need on your side .There is not necessary to have a an edge server in all the exchange environment's. Moreover Gateway and anti spam products will differ as per the company requirements.
    2. will there any be problems without an Edge Transport ?
    Answer :
    If you are having any one the anti spamming solution to have all the emails scanned before it reaches the exchange server then it will be good .
    Just ensure that the anti spamming product what you are going to use is mainly doing the reverse dns lookup
     and spf look up .With the help of that we can able to avoid large no of forged emails.
    Regards
    S.Nithyanandham

  • Exchange 2010 Edge Transport - Not being detected by SCOM agent?

    All,
    I recently installed the SCOM 2007 R2 agent onto our Edge Transport server for Exchange 2010.  Our architecture is pretty simple.  We have a DMZ network where I have a SCOM 2007 R2 Gateway server and our Edge Transport server.
    Essentially it goes like this:
       Edge Transport Server Agent <-> Gateway Server <-> SCOM RMS server
    I have the Exchange 2010 and the FOPE for Exchange 2010 MP's loaded on our RMS server.  When I loaded the SCOM 2007 R2 agent onto our Edge server, the agent discovered it had FOPE and does reflect as such on the RMS server, but it did not seem to pick
    up that it was also the Exchange Edge Transport role.
    I looked on the RMS server in the Authoring -> Object Discoveries and the Edge transport is set to discover, so I am a little stumped as to why the agent didn't discover the role.
    Any suggestions where to look next?

    Just a little more detail on this.  I've been working on this exact issue for probably 3 weeks with an engineer. 
    This issue is actually a bug in the Exchange 2010 MP. 
    How is it a bug exactly?  Well, the MP is looking for the Active Directory site that the Edge Server is a member of... let's think about this, the Edge server is NOT domain joined, and as such, shouldn't have an active directory site. 
    Additionally, the regkey path referenced above is incorrect, though it seems that numerous others have figured that out on their own as well.  The correct regkey path should be:
    hklm>system>currentcontrolset >services>netlogon>parameters
    So sure, this "fixes" the issue - but the real issue is that the MP is looking for an Active Directory site, on servers that aren't a member of an active directory site. Kind of a BIG oversight by the MP authors in my opinion.
    I'm sure there are plenty of orgs relying on SCOM to monitor their Exchange 2010 implementations that don't even realize that their Edge servers aren't being monitored for the Exchange roles.

  • Exchange 2013 Edge Transport install fails

    I'm trying to install the Edge Transport for Exchange 2013 but it gets to step 7 of 9:
    then give's the following error
    Error:
    The following error was generated when "$error.Clear();
     new-ExchangeServer
    " was run: "Value cannot be null.
    Parameter name: Cannot get child of ADObjectId: this is a GUID based ADObjectId.".
    Then in event viewer I have the following two events.
    Watson report about to be sent for process id: 260, with parameters: E12IIS, c-RTL-AMD64, 15.00.0847.032, ExSetupUI, M.E.Data.Directory, M.E.D.D.ADObjectId.GetChildId, System.ArgumentNullException, 2ac6, 15.00.0847.031.
    ErrorReportingEnabled: True
    and
    Exchange Server component Edge Transport Role failed.
    Error: Error:
    The following error was generated when "$error.Clear();
     new-ExchangeServer
    " was run: "Value cannot be null.
    Parameter name: Cannot get child of ADObjectId: this is a GUID based ADObjectId.".
    I've rebuilt the server but since it has something to do with the GUID I assumed it wouldn't work but I was grasping at straws and it didn't fix the issue.
    I can run the setup again and it does finish but it doesn't show up in the list of servers in the ecp management. I've yet to find a solution on this issue if anyone has a suggestion or two it would be greatly appreciated.

    Thanks for response.
    when I run Get-ExchangeServer I get the following
    Name                Site                 ServerRole  Edition     AdminDisplayVersion
    Exchange03                               Edge        Standard... Version
    15.0 (Bu...
    and the errors that are in the log
    [02/17/2015 20:06:33.0084] [0] [ERROR] Setup encountered a problem while validating the state of Active Directory: ADAM is installed on this machine; only the Microsoft Exchange Edge Transport server role may be installed.  See the Exchange setup log
    for more information on this error.
    [02/17/2015 20:07:50.0288] [1] The following 1 error(s) occurred during task execution:
    [02/17/2015 20:07:50.0288] [1] 0.  ErrorRecord: Service SMTPSVC was not found on computer '.'.
    [02/17/2015 20:07:50.0288] [1] The previous errors were generated by a non-critical task and will be ignored.
    then I have a load of error that failed to load dependency below is a small sample
    [02/17/2015 20:07:57.0648] [2] Process standard output: Installing assembly C:\Program Files\Microsoft\Exchange Server\V15\bin\edgetransport.exe
    Failed to load dependency Microsoft.Management.OData of assembly Microsoft.Exchange.Configuration.ObjectModel, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception
    from HRESULT: 0x80070002)
    Failed to load dependency Microsoft.Ceres.InteractionEngine.Processing.BuiltIn of assembly Microsoft.Exchange.Data.Storage, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified.
    (Exception from HRESULT: 0x80070002)
    Failed to load dependency Microsoft.Ceres.NlpBase.RichTypes of assembly Microsoft.Exchange.Data.Storage, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception
    from HRESULT: 0x80070002)
    Failed to load dependency System.IdentityModel.Tokens.Jwt of assembly Microsoft.Exchange.Security, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception from
    HRESULT: 0x80070002)
    Failed to load dependency Microsoft.Passport.RPS of assembly Microsoft.Exchange.Security, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 because of the following error : The system cannot find the file specified. (Exception from HRESULT:
    0x80070002)
    Thanks

  • Edge Transport 2013

    Is it possible to install the Edge Transport Role with the CAS server role on Exchange 2013 SP1? If so, I read that the Edge Transport must not be domain joined, but does the CAS have to be if I use a dual-role box? (Am I answering my own question? :-))
    Thanks for thoughts, explainations and help

    Hi, 
    You want to install the Edge Transport Role with CAS server role on Exchange Server 2013 SP1.
    As per my information, Edge Transport Role is installed in a Perimeter network.
    You can install the Edge Transport Server Role on a domain- joined computer only for enabling domain management of windows features and settings.
    The Edge Transport Server Role does not use Active Directory itself. Instead, it uses the Active Directory Lightweight Directory Services (AD LDS) windows feature to store configuration and recipient information.
    That’s why Edge Transport Role can’ be installed on the same computer as the Mailbox or Client Access server roles install.
    Thanks and regards
    Ashish@S 
    Ashish@V

  • New Edge Transport install - required certificate?

    I'm getting an error with my ET install:
    Exchange Server component Edge Transport Role failed.
    Error: Error:
    The following error was generated when "$error.Clear();
    Install-ExchangeCertificate -DomainController $RoleDomainController -Services SMTP
    " was run: "Access is denied.
    Access is denied.
    I was going to try to install a certificate manually, but I actually am not sure what the requirements of the cert are. This is in a test environment, so nothing live is affected. I was going to just try to self-sign a cert for the server and install it.

    Can you post the error portion from ExchangeSetup.log to get more idea where it is giving access is denied error?
    Blog |
    Get Your Exchange Powershell Tip of the Day from here

  • Exchange SP1 Edge Transport Install Error

    Hi everyone,
    I've successfully installed multiple Mailbox and CAS 2013 SP1 servers into an existing Exchange 2010 environment.
    However, when I get to the Edge Transport role on a separate server, at step 7 of 9, it throws the following error:
    Error:
    The following error was generated when "$error.Clear();
    new-ExchangeServer
    " was run: "Value cannot be null.
    Parameter name: Cannot get child of ADObjectId: this is a GUID based ADObjectId.".
    Any ideas what could be causing this? I haven't been able to find anything of significance while searching around...
    Thanks!

    Hi,
    Make sure prerequisites for Exchange 2013 Edge Transport server role are met. For more details about this, you can refer to the following article.
    Exchange 2013 Prerequisites
    http://technet.microsoft.com/en-us/library/bb691354%28v=exchg.150%29.aspx#WS2012Edge
    If you have checked above, and this issue persists, please check the set up log to see if there is related error message to narrow down the issue.
    Besides, here is an article about Edge Server installation for your reference.
    Install the Exchange 2013 Edge Transport role using the Setup Wizard
    http://technet.microsoft.com/en-gb/library/dn635117(v=exchg.150).aspx
    Best regards,
    Belinda
    Belinda Ma
    TechNet Community Support

  • Edge 2013 role with exchange 2010 organisation

    Hi,
    I have installed an edge 2013 cu5 stand alone in DMZ. I have an exchange 2010 cas server and separate database server on the intranet. How am I suppose to manage the edge 2013, since ecp it not installed as a part of this role?
    I'm not yet upgrading to cas2013, so I do not have ecp. Can I install ECP seperatly on the edge2013?
    Best regards,
    Ruud Boersma
    MCITP Enterprise administrator

    Hi,
    As Steve mentioned above, in Exchange 2013, we have to configure the Exchange 2013 Edge Transport role through Powershell in the Exchange Management Shell.
    Best regards,
    Belinda
    Belinda Ma
    TechNet Community Support

  • Positioning and role of Edge Transport Server

    Good afternoon, all!
    I'm working on a new Exchange design and implementation project.  I had some research that seemed to indicate that I could have my Edge Transport server in the DMZ to receive Internet mail and to act as a web proxy for the Client Access server residing
    in the internal network.  However, in my testing I haven't found where that is possible.
    Will the Edge Transport server provide that capability or will I need to open a path to the Client Access/Mailbox server?  Is there a tradeoff in separating the Client Access server into a separate machine in the DMZ for remote access, that is, if the
    Edge Transport server won't supply web proxy services, will I need to make a separate machine for Client Access?
    Thanks!
    Gregg

    Hi Gregg,
    Based on my knowledge, Edge Server role handles Internet-facing mail flow and act as an SMTP relay and smart host for Exchange servers in your internal network. We can use Edge server if don't want to expose internal CAS and MBX. We can also
    configure Anti-Spam on Edge server to block specific emails.
    Unlike other Exchange server roles, the Edge server doesn’t need to be a member of an AD domain, so locating it within a DMZ does not create any difficult firewall configurations.
    Confirm that any firewall between your Exchange servers and Edge servers allow port 53 for DNS resolution and port 25 for SMTP traffic.
    Thanks
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Mavis Huang
    TechNet Community Support

  • Edge Transport Attachment stripping based upon an emails Subject line.

    I am running Exchange 2010 on-prem with a 2013 Hybrid (including a 2013 Edge Transport server for message handling between on-prem and the o365 tenant) connecting to an o365 tenant. I use EMC's SourceOne for archiving running on-prem. The o365
    tenant points to a mailbox on my on-prem Journaling server.
    What I am seeing is that when o365 forwards emails as attachments from the cloud back to the on-prem Journaling server it is examining the subject line of the message and making a decision to strip the attachment based upon the very end of the subject line.
    Example: A simple text message with a subject line of: "Check out the new web site at www.xyz.com"
    The Edge transport server is seeing this as being a ".com" attachment and stripping it off before it gets to the Journaling server. So it does not appear to be looking inside the message to see what it actually is and figure out that it is not
    a ".com" file but a simple text message.
    I have seen this with other file extension types as well. Such as ".exe" . It is also stripping off ".zip" attachments as well, but I understand that and not sure how to deal with it.
    Has anyone else experienced this and how have you dealt with it? Microsoft wants me to take the Edge out of play and go directly to from the cloud to an on-prem Exchange server. But that is not an option as the on-prem servers are not exposed to the internet.
    Thanks, Bob
     

    Hi BobSwe,
    Thank you for your response.
    If you have resolved this question, please mark useful replies as answer.
    Thanks,
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
    Allen Wang
    TechNet Community Support

  • Edge Transport Server Fails DNS Query When Emailing to one Specific Domain

    This issue occurs for the same domain across three different edge transport servers.
    All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9.  Emails are delivered using DNS connector from edge.  Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated.  Connectivity Logging generated the following:
    2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
    2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry
    I changed the servers DNS settings to different servers with the same response.  Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.
    I did a packet capture and received the following:
    12    32.280037    172.28.16.55    208.241.124.200    DNS    Standard query AAAA SMTPSERVER.subdomain.domain.com
    So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup.  I then went about disabling TCP/IP6 as per this article:
    http://technet.microsoft.com/en-us/network/cc987595.aspx
    this stated to do the following:
    Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .
    To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:
    Log on to the computer with a user account that has local administrator privileges.
    From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
    At the command prompt, type ipv6 uninstall .
    Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:
    In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .
    This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
    Add the following registry value (DWORD type) set to 0xFF:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
    This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
    I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.
    As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.
    I've tried disabling the TCPIP6, and still doesnt work.  Any suggestions?

    Hi Allen and Paul,
    we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.
    The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is [email protected]) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine
    this situation is unacceptable and damaging our customer relations.
    Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)
    I hope you can help us...
    Thanks in advance
    Leonard
    Hi Leonard,
    as stated below we where experiencing the same problem with one of our customers. Seeing that it's a DNS related problem we suggested to the customer to change or add an additional DNS service through i.e. dyndns.com. After adding the current DNS records
    to the new DNS service mail started coming in from every customer that had problems.
    So for your clients i would suggest a similar solution, it helped over here at least.
    Kind regards,
    Philipp

Maybe you are looking for

  • Lost the driver to my hp photosmart plus b209a when up grade for windows 7 was done installing

    Well a few days ago my computer did an automatic upload for windows 7...Now I have no driver for my HP Photosmart Plus B209a all-in-one printer...I lost the disk like a year ago...So I went on HP and downloaded the full driver and installed it..well

  • T510 Screen lit but black, can RDP in

    While using my T510 the screen suddenly alternated between blank and partially drawn with random colors and patterns filling in the rest before finally remaining blank. I can remote desktop in so the computer is not completely dead. Would I be correc

  • Open & executin a c prg in server & tranfer output to client

    Please tell me how to execute a C program inside a Java program. That is, inside a server program in Java, and transfer the output of that program to the client and display it there... if you can with sample program Tel me...

  • Report to Mimic SE16/List download in SM30/SE16

    Hi, I basically need to download the contents of a table to an excel file. Unfortunatly the users will not have access to use the 'system-list-save-local file' functionality in SM30 and they also dont have access to SE16(where it can also be done). I

  • HTML Widgets

    I'm having difficulty in understanding how to use the html widget. I've just uploaded a website - http://www.stelphins.co.uk - and want to monitor the number of hits etc on Google Analytics. Google Analytics has provided me with the relevant html cod