Positioning and role of Edge Transport Server

Similar Messages

• Edge Transport Server - Exchange 2013 coexistence Exchange 2007

  Hi Exchange-Gurus,
  We have one Exchange Org.
  sub AD Domain1: A.domain.com (with Exchange 2007 SP3 R10)
  sub AD Domain2: B.domain.com (with Exchange 2013 CU6); DMZ contains Exchange Transport Server - Exchange 2013
  Is it possible to install within the DMZ of AD Domain1   a Edge Transport Server - Exchange 2013?
  Thanks.
  Guitarman

  Hi Guitar,
  Thank you for your question.
  Is it possible to install within the DMZ of AD Domain1 
  an Edge Transport Server - Exchange 2013?
  A: Yes, we could create an Exchange 2013 Edge server on the DMZ of AD domain1.
  Notice: Before we create an EdgeSync Subscription between an Exchange 2007 Hub Transport server and an Exchange 2013 SP1 Edge Transport server, we need to install Exchange 2007 SP3
  Update Rollup 13 or later on the Exchange 2007 Hub Transport server.
  We could refer to the following link:
  https://technet.microsoft.com/en-us/library/aa996719(v=exchg.150).aspx
  If there are any questions regarding this issue, please be free to let me know.
  Best Regard,
  Jim

• Deploy Exchange 2013 Edge Transport Server for multi-site environment

  Hi,
  I have a multi-site Exchange 2013 environment. The configurations are as below.
  Active Directory Sites and Exchange Servers.
  SiteA - EXMB1 & EXCAS1
  SiteB - EXMB2 & EXCAS2
  SiteC - EXMB3 & EXCAS3
  All sites are connected via VPN. (Good speed. No latency issues)
  All the three Mailbox Servers are in DAG. Only one mailbox database. All servers running Exchange 2013.
  I am planning to deploy Edge Servers in the infrastructure (I am doing it for the first time). Normally, it will be in DMZ.
  Now, I can deploy 2 Edge Servers for reliability.
  Question.
  1. Can I deploy 2 Edge Servers and create subscription to all the mailbox server in 3 different site? Or, is it like one edge server can make subscription to only mailbox servers in one Active Directory Site? I am not sure about this and could not find much
  information from TechNet.
  One Edge Server can make subscription to all 3 mailbox server in 3 sites. Similarly, I can make the subscriptions in the second edge server as well. Configure 2 external MX records with the same priority so that there will be some load balancing.
  Also, in such a case if the mailbox database become active from a different site, I need not make any new changes to the Edge Servers right?
  2. If the first way is not correct, I will have to deploy 1 Edge Server each for each of the Active Directory Site. (In DMZ only, not in domain)
  Make Edge Subscription to the mailbox server in corresponding site.
  Make 1 MX record and point it to the Edge Server which is subscribed to the Mailbox Server from which the Database is Active. The problem is, every time will have to change the DNS record when ever the database copy is activated from a different mailbox
  server. And the issues with propagation.. delay..
  I am not sure which of the above 2 ways will work. Appreciate suggestions from anyone who have previous experience with similar infrastructure.
  Thanks in advance. :)

  Hi 
  One or more Edge Transport servers can be subscribed to a single Active Directory site. However, an Edge Transport server can't be subscribed to more than one Active Directory site. If you have more than one Edge Transport server deployed, each server can be
  subscribed to a different Active Directory site. Each Edge Transport server requires an individual Edge Subscription.
  A subscribed Edge Transport server is associated with a particular Active Directory site. If more than one Mailbox server exists in the site, any of them can replicate data to the subscribed Edge Transport servers.
  I don't think there is a solution to subscribe  edge servers for more than 1 site. Edge Servers can be scoped only to one site.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
  (MVP)

• Edge Transport Server Limitations - messages delivered per day?

  I'm currently on the hunt for some kind of baseline / benchmark that will indicate how many messages per day (or per second) an Edge Transport server is capable of handling. I feel like this should be in some whitepaper somewhere for when Edge Transport
  is designed, so you know how many to deploy, but I can't find it.
  I know system specs will be a factor. We have the current hardware in our box:
  2 processors (2.67 GHz)
  16 GB RAM
  64-bit OS (Windows Server 2008 R2 Enterprise)
  If anyone has come across any kind of guideline for email delivery limitations of ET, I'd appreciate being pointed to them.
  Thanks

  The current Exchange servers are much faster and beefier than they were when I worked with Exchange 4 Beta 2 with a customer many years ago.  They tried to swamp their Exchange server (dual 90 MHz Pentium server with 128 MB RAM) using six Unix workstations
  running Mailstorm against it.  They had to stop when their primary Unix systems handling inbound email were overloaded due to how they set up their test.  And the Exchange server never skipped a beat.
  Another customer situation that may help is that I have seen 10,000 messages in an Exchange 2010 queue (due the smart host they were using for external delivery was offline for maintenance) drop to zero within 15 minutes.  I'd suggest that you run some
  sort of test of your own to determine how many messages your edge is capable of delivering, but these may give you an indication of the expected capabilities.

• Exchange 2010 edge transport server, degraded desktop / remote desktop

  I have a 2010 edge transport server loaded on windows server 2008 R2 that after about 3 days will no longer allow RDP connections or desktop logons due to a serious performance lag / time out. A reboot clears the performance issue for about another 3 days. 
  I allowed an RDP connection to stay open for the 3 days and it continues to work however actions like trying to load the task manager, start button, computer or any windows not currently open takes an extremely long time. Task manager and perf mon show very
  little processor and memory usage. 
  Tried the following to resolve:
  Replaced hard drives (raid 1)
  Replaced server (moved drives from one server to another chassis)
  Monitoring iops, memory usage and proc transactions. Nothing shows any unusually high usage.
  I tried disabled AV services, log monitoring and backup services both while the issue was happening and as preventative measure before the issue arose.  

  hi cna you check if by any chance you have bandwidth limitations configured. either on router or on tour switch. i had this kind of issue and it ended with bandwidth issue which was configured wrongly. you said this is happening with RDP. hows the performance
  when accesing locally
  did you check performance counters and event viewer.. anything there
  Mark as useful or answered if my replies helped you solving your query.
  Thanks, Happiness Always
  Jatin
  Skype: jatider2jatin, Email: [email protected]

• Does Edge transport server for Exchange 2013 work with Exchange 2010?

  Hello everyone,
  I want to install Edge transport server for my Exchange servers,
  Could you tell me if Edge transport server 2013 works with Exchange 2010?
  Thank you in advance

  Hello
  tip:
  https://technet.microsoft.com/en-us/library/jj898583%28v=exchg.150%29.aspx
  2   If you want to create an EdgeSync
  Subscription between an Exchange 2010 Hub Transport server and an
  Exchange 2013 SP1 Edge Transport server, you need to install Exchange
  2010 SP3 Update Rollup 5 or later on the Exchange 2010 Hub Transport
  server.
  sorry my english

• Edge Transport Server Fails DNS Query When Emailing to one Specific Domain

  This issue occurs for the same domain across three different edge transport servers.
  All servers are Windows 2008 STD SP2, Exchange 2007 SP1 U9.  Emails are delivered using DNS connector from edge.  Emails to this one specific domain would sit in the retry queue with DNS query error until NDR was generated.  Connectivity Logging generated the following:
  2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,>,DNS server returned ErrorRetry reported by 208.241.124.200
  2009-09-01T19:52:23.539Z,08CBEDE9198E2DC3,SMTP,subdomain.domain.com,-,The DNS query for 'DnsConnectorDelivery':'subdomain.domain.com':'cd771f71-77a3-4aca-b002-86f477816910' failed with error: ErrorRetry
  I changed the servers DNS settings to different servers with the same response.  Validated that manual MX lookups worked, and that I could telnet to any of the three MX records and deliver mail via telnet.
  I did a packet capture and received the following:
  12    32.280037    172.28.16.55    208.241.124.200    DNS    Standard query AAAA SMTPSERVER.subdomain.domain.com
  So what is happening is the Edge servers are only performing IP6 lookups, and throughout the log, only for subdomain.domain.com do they NOT perform a regular IP4 A record lookup.  I then went about disabling TCP/IP6 as per this article:
  http://technet.microsoft.com/en-us/network/cc987595.aspx
  this stated to do the following:
  Alternately, from the Windows XP or Windows Server 2003 desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt . At the command prompt, type netsh interface ipv6 uninstall .
  To remove the IPv6 protocol for Windows XP with no service packs installed, do the following:
  Log on to the computer with a user account that has local administrator privileges.
  From the Windows XP desktop, click Start , point to Programs , point to Accessories , and then click Command Prompt .
  At the command prompt, type ipv6 uninstall .
  Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:
  In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items .
  This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
  Add the following registry value (DWORD type) set to 0xFF:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
  This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
  I did the above, and still, the Edge Transport servers would only perform AAAA lookups, and messages would sit in the queue.
  As temporary workaround, created new send connector with the three available MX hosts as possible smarthosts for subdomain.domain.com, and this allowed email flow.
  I've tried disabling the TCPIP6, and still doesnt work.  Any suggestions?

  Hi Allen and Paul,
  we experience problems in receiving mails from senders with this Exchage server problem. When we are aware of the problem, we send them the above mentioned link and ask them to make adjustments. Then afterwards usually mail arrives without any problems.
  The problem for us is that it seems as if the problem grows. More and more mail does not arrive on our mailadresses (mine for example is [email protected]) And not all of the senders recieve notifications that mail cannot be delivered. As you can imagine
  this situation is unacceptable and damaging our customer relations.
  Is there anything WE can do? (apart from sending them the information to make adjustements in their Exchange servers...)
  I hope you can help us...
  Thanks in advance
  Leonard
  Hi Leonard,
  as stated below we where experiencing the same problem with one of our customers. Seeing that it's a DNS related problem we suggested to the customer to change or add an additional DNS service through i.e. dyndns.com. After adding the current DNS records
  to the new DNS service mail started coming in from every customer that had problems.
  So for your clients i would suggest a similar solution, it helped over here at least.
  Kind regards,
  Philipp

• Risk of not having an Edge Transport server

  What is the risk of not using an Edge Transport server? Is it worth the extra cost? Environment is Exchange 2010 and ForeFront TMG 2010.

  Hi,
  if the internal server can handle the load I don't see any problem.
  Regarding the CAS server is facing the Internet you should have a firewall in front of it that stopps most of the attacks.
  Greetings
  Christian
  Christian Groebner MVP Forefront

• EdgeSync service cannot connect to this subscription because of error "No EdgeSync credentials were found for Edge transport server

  When checking Edge Synchronization on our Exchange 2010 HUB server (Test-EdgeSynchronization) I get SyncStatus "Failed".  I suspect this failed after we had moved all of our Exchange 2010 servers (Except the Edge server which not member
  of any domain or site) to a new site.      In hopes to resolve this, I did the following:
  Removed the Edge Subscription from our HUB server using the EMC. 
  Deleted the cert used by ADAM on our Exchange 2010 Edge server (using the Certificates MMC).
  On the Exchange 2010 Edge server created a new Edge subscription file using: “New-EdgeSubscription –FileName "C:\EdgeSubscription20150424.XML"
  Restarted the "Microsoft Exchange ADAM" service on our Edge server.
  Copied the "EdgeSubscription20150424.XML" to our HUB server.  Then completed the New Edge subscription import on our HUB server using the MMC (specifying the AD site and location/name of the XML).
  After this, I still get syncstatus failed on our HUB.   Thought to check the certificate using "Get-ExchangeCertificate | FL" but that results in:  "Get-ExchangeCertificate : The Exchange Certificate operation has failed
  with an exception.  The error message is: Access is denied".   I tried to create a new certificate on our HUB serve using "New-ExchangeCertificate", but get the exact same "Access is denied" error message
  again. 
  I believe we never noticed that the Edge sync wasn't working because we only use our Edge server when our hardware email filter fails (Symantec Message Gateway).  Our Edge server has a lower priority in our MX record and lower priority in our send connectors
  on our HUB servers.  The Edge server though does receive email from internal email relay from some servers for notifications.  These do get delivered unless the user mailbox is new (suspect ADAM isn't updating - that's why I started looking into
  this).
  This should be simple!   What am I missing???   Thanks in advance for any feedback.
  PS - this is my first posting here.... I apologize if I posted this in the wrong forum or category.  :)

  Hi PongoDog,
  Thank you for your question.
  By your description, we could refer to the following steps to check if issue persist:
  Remove all  hub servers certificate
  Create a new hub server certificate with command "New-ExchangeCertificate"
  Remove the edge subscription on hub & edge server
  Recreate sync subscription and import it on hub server.
  If the issue persist, we could Check network connectivity between the Hub Transport server and Active Directory. Use Ping to isolate network hardware problems and incompatible configurations. Use PathPing to detect packet loss over multiple-hop trips. then
  run dcdiag /s:<Domain Controller Name> at a command prompt on the Exchange Server. Use the output of Dcdiag to discover the root cause of any failures or warnings that it reports. Finally Rreview the Application log for MSExchangeADAccess and MSExchange
  Topology events that could provide more information about the root cause of this event and post Event ID to
  [email protected] for our troubleshooting.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Sending emails via edge transport server fails

  Hello,
  I am using Exchange 2013 edge server in my DMZ to send emails, but it refuses to send messages to Internet. Once I create a Internet send connector on my CAS server, mails are easily sent to the Internet. My edge subscription and sync happened successfully.
  As edge server did not send any emails to the Internet, I checked the message queue on my CAS servers and I noticed that my messages are in the message queue on my CAS server. Could you please help me sort out my issue? Thanks a lot.
  Regards,
  Pooriya
  Pooriya Aghaalitari

  Hi 
  Can you tell us the last error that you can see in the message queue.
  Just run get-edgesynchronization and see the results
  What happens if you telnet to edge server fqdn from the cas server on port 25 ?
  If nothing helps i would recommend you to remove and recreate the edge subscription file  and see the results.
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com

• Co-Locate Client Access and Edge Transport Role on Same Server?

  Co-Locate Client Access and Edge Transport Role on Same Server?
  Is it possible/supported to install the Edge Transport Server Role on the same machine that the Client Access role is installed on now that 2013 SP1 has added support back in for the Edge Transport Role?
  jon

  No.
  Unless something has radically changed from before...
  EDIT
  No, nothing has changed:
  "If you want to install the Exchange 2013 Mailbox or Client Access roles on a computer, see
  Install Exchange 2013 Using the Setup Wizard. The Edge Transport role can't be installed on the same computer as the Mailbox or Client Access server roles."
  http://technet.microsoft.com/en-us/library/dn635117(v=exchg.150).aspx
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• Exchange Server 2013 Edge Transport Role

  Dear,
           I have a question regarding Exchange Server 2013 SP1 that, I have installed Edge Transport Server Role on separate box without Domain Joined. Obviously I installed Exchange CAS and Mailbox on Same box with
  Domain Joined in Corporate LAN.. But my edge is placed on DMZ and it is ready with all configuration, Mailbox Server Synchronization is also installed with Edge. Means all required configuration are properly configured and it is verified. But I want clients
  to OWA Access from Edge only. Because I want to restrict my internal network from the internet. So kindly provide me any possible ways to access OWA from Edge only ??. I have see some another methods like "Web Application Proxy instead of TMG because
  TMG is expired"..
  Kindly provide me possible ways or URL so I will configure it..
  Thanks.
   Fuzail (FM)

  Hi,
  Is there any further question on this thread?
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Installing and configuring additional Edge Server role[2007] in AD site

  Hello Guys,
  We are planning to migrate our edge server to a new hardware. so my plan is to install new edge server and configure in a new hardware first and then decommisioing the old one.
  Currently we have four servers deployed as below.
  Edge Server - INEDGE001
  HUB/CAS - INHUBCAS002 & INHUBCAS003
  Mailbox - INMBOX004
  Kindly provide the steps for this edge server harware migration.
  ~Karthick

  Hi,
  Based on my research, here are the steps about moving Edge server to a new hardware:
  1.Capture all of your Edge Transport server configuration data
  2.Shut down the existing Exchange 2007 server
  3.Reset the computer account for the existing Exchange 2007 server
  4.For drives that contained Exchange 2007 data, configure drive letters on the new server to map to or match the configuration of the old server.
  5.Setup new Exchange 2007
  6.When the Setup program has completed, install the Exchange 2007 service pack that was installed on the existing server.
  7.Install any Exchange 2007 post-service pack hotfixes that were installed on the existing server.
  8.Copy the ImportEdgeConfig.ps1 script to the root folder of your user profile on the server that you are restoring.
  9.Validate the configuration file, and create an answer file that will provide server-specific information when the file is imported
  10.Open the answer file, and modify any settings that are invalid for the server.
  11.Import the Edge Transport server configuration by using the ImportEdgeConfig.ps1 script.
  12.Run the EdgeSync process to replicate Active Directory information to Active Directory Application Mode (ADAM) and perform regularly scheduled synchronization.
  For more detail inforamtion, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/bb332339(v=exchg.80).aspx
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• Managing Exchange Edge Transport Role from my workstation

  Hi Guys
  I want to manage my Edge Transport Role (2010 sp3) that resides in DMZ  from my workstation that resides on internal network. 
  What ports EMC 2010 is using? so I can open them on firewall.
  How can I add edge transport server in my EMC when ports are opened?
  Thanks in Advance
  Farhad

  Hi Farhad,
  I find a topic that provides information about ports, authentication, and encryption for all data paths. Details for your reference:
  http://technet.microsoft.com/en-us/library/bb331973(v=exchg.141).aspx
  Information :
  1. On servers that have Internet Information Services (IIS) installed, Windows opens the HTTP port (port 80, TCP) and HTTPS port (port 443, TCP). Exchange 2010 Setup doesn't open these ports. Therefore, these ports don't appear in the preceding table.
  2. Make sure the Port 25 open by communication between Hub and Edge, Edge and Edge.
  Thanks

• Edge server not forwarding mail to Hub Transport server

  I have an exchange 2010 VM with latest SP hosting around 500 mailboxes. I wanted to take some of the load off this box so I set up another box, loaded Exchange 2010 with the latest service pack and loaded the Edge Transport role on it. I ran the new-edgesubscription
  cmdlet, copied the file to the HT server and created a new subscription. I have several sites in AD so I chose the site that corresponded to the IP address of the Exchange server. My problem is there is no mail passing between the servers. Here is what I have
  tried so far:
  I can telnet to port 25 on both the HT and Edge servers, and port 50636 on edge server.
  I can ping NetBIOS and DNS name of both machines from each other.
  DNS suffix was added PRIOR to installing edge transport role.
  Running get-edgesubscription on HT shows the Site being used, but on Edge site is blank, is this normal?
  If I run start-edgesynchronization, I can see the data being replicated to the edge.
  If I run test-edgesynchronization from HT, the status is Normal.
  If I run get-exchangecertificate and look at the cert thumbprint on both boxes, they are different (from what I read they should be?)
  Two Send connectors are created and they are both replicated to the edge, along with accepted domains.
  Initially, when I created the subscription, I looked in event viewer on HT and saw Event ID 10104 and 1024, but running start-synchronization seemed to replicate so I thought it may be a one time error. This may be my issue. I have a 3rd party cert on my
  HT server to accept mail and allow TLS to mail.mydomain.com. Any help would be greatly appreciated. I'm ready to pull my hair out. I have reloaded this edge server twice trying to figure out what is going on.
  Jeff Green MCSA/MCSE 2003, MCITP 2008

  OK, first off, I'm not sure that adding an Edge server is going to reduce any of the load on your mailbox server - all emails bound for your system are going to hit the mailbox server anyway, so unless you have huge amounts of spam and viruses bound for
  your system, the savings will be negligible.
  That being said, it's not a bad thing to deploy an Edge Server.  So let's see if we can figure out why yours isn't working as expected.  When you deployed the edge, did you follow all the steps in the following two articles?
  http://technet.microsoft.com/en-us/library/bb124011(v=exchg.141).aspx
  http://exchangeserverpro.com/exchange-2010-install-edge-transport-server/
  If you did follow the steps, do you now see the Edge Server in the list of Exchange servers in the EMC under Server Configuration (not one of its subnodes)?