TMG 2010 Without Edge Transport

Similar Messages

• Exchange 2010 Edge Transport - Not being detected by SCOM agent?

  All,
  I recently installed the SCOM 2007 R2 agent onto our Edge Transport server for Exchange 2010.  Our architecture is pretty simple.  We have a DMZ network where I have a SCOM 2007 R2 Gateway server and our Edge Transport server.
  Essentially it goes like this:
     Edge Transport Server Agent <-> Gateway Server <-> SCOM RMS server
  I have the Exchange 2010 and the FOPE for Exchange 2010 MP's loaded on our RMS server.  When I loaded the SCOM 2007 R2 agent onto our Edge server, the agent discovered it had FOPE and does reflect as such on the RMS server, but it did not seem to pick
  up that it was also the Exchange Edge Transport role.
  I looked on the RMS server in the Authoring -> Object Discoveries and the Edge transport is set to discover, so I am a little stumped as to why the agent didn't discover the role.
  Any suggestions where to look next?

  Just a little more detail on this.  I've been working on this exact issue for probably 3 weeks with an engineer. 
  This issue is actually a bug in the Exchange 2010 MP. 
  How is it a bug exactly?  Well, the MP is looking for the Active Directory site that the Edge Server is a member of... let's think about this, the Edge server is NOT domain joined, and as such, shouldn't have an active directory site. 
  Additionally, the regkey path referenced above is incorrect, though it seems that numerous others have figured that out on their own as well.  The correct regkey path should be:
  hklm>system>currentcontrolset >services>netlogon>parameters
  So sure, this "fixes" the issue - but the real issue is that the MP is looking for an Active Directory site, on servers that aren't a member of an active directory site. Kind of a BIG oversight by the MP authors in my opinion.
  I'm sure there are plenty of orgs relying on SCOM to monitor their Exchange 2010 implementations that don't even realize that their Edge servers aren't being monitored for the Exchange roles.

• Exchange 2010 edge transport server, degraded desktop / remote desktop

  I have a 2010 edge transport server loaded on windows server 2008 R2 that after about 3 days will no longer allow RDP connections or desktop logons due to a serious performance lag / time out. A reboot clears the performance issue for about another 3 days. 
  I allowed an RDP connection to stay open for the 3 days and it continues to work however actions like trying to load the task manager, start button, computer or any windows not currently open takes an extremely long time. Task manager and perf mon show very
  little processor and memory usage. 
  Tried the following to resolve:
  Replaced hard drives (raid 1)
  Replaced server (moved drives from one server to another chassis)
  Monitoring iops, memory usage and proc transactions. Nothing shows any unusually high usage.
  I tried disabled AV services, log monitoring and backup services both while the issue was happening and as preventative measure before the issue arose.  

  hi cna you check if by any chance you have bandwidth limitations configured. either on router or on tour switch. i had this kind of issue and it ended with bandwidth issue which was configured wrongly. you said this is happening with RDP. hows the performance
  when accesing locally
  did you check performance counters and event viewer.. anything there
  Mark as useful or answered if my replies helped you solving your query.
  Thanks, Happiness Always
  Jatin
  Skype: jatider2jatin, Email: [email protected]

• Does Edge transport server for Exchange 2013 work with Exchange 2010?

  Hello everyone,
  I want to install Edge transport server for my Exchange servers,
  Could you tell me if Edge transport server 2013 works with Exchange 2010?
  Thank you in advance

  Hello
  tip:
  https://technet.microsoft.com/en-us/library/jj898583%28v=exchg.150%29.aspx
  2   If you want to create an EdgeSync
  Subscription between an Exchange 2010 Hub Transport server and an
  Exchange 2013 SP1 Edge Transport server, you need to install Exchange
  2010 SP3 Update Rollup 5 or later on the Exchange 2010 Hub Transport
  server.
  sorry my english

• Exchange Server 2013 Edge Transport Role

  Dear,
           I have a question regarding Exchange Server 2013 SP1 that, I have installed Edge Transport Server Role on separate box without Domain Joined. Obviously I installed Exchange CAS and Mailbox on Same box with
  Domain Joined in Corporate LAN.. But my edge is placed on DMZ and it is ready with all configuration, Mailbox Server Synchronization is also installed with Edge. Means all required configuration are properly configured and it is verified. But I want clients
  to OWA Access from Edge only. Because I want to restrict my internal network from the internet. So kindly provide me any possible ways to access OWA from Edge only ??. I have see some another methods like "Web Application Proxy instead of TMG because
  TMG is expired"..
  Kindly provide me possible ways or URL so I will configure it..
  Thanks.
   Fuzail (FM)

  Hi,
  Is there any further question on this thread?
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Risk of not having an Edge Transport server

  What is the risk of not using an Edge Transport server? Is it worth the extra cost? Environment is Exchange 2010 and ForeFront TMG 2010.

  Hi,
  if the internal server can handle the load I don't see any problem.
  Regarding the CAS server is facing the Internet you should have a firewall in front of it that stopps most of the attacks.
  Greetings
  Christian
  Christian Groebner MVP Forefront

• Edge Transport Attachment stripping based upon an emails Subject line.

  I am running Exchange 2010 on-prem with a 2013 Hybrid (including a 2013 Edge Transport server for message handling between on-prem and the o365 tenant) connecting to an o365 tenant. I use EMC's SourceOne for archiving running on-prem. The o365
  tenant points to a mailbox on my on-prem Journaling server.
  What I am seeing is that when o365 forwards emails as attachments from the cloud back to the on-prem Journaling server it is examining the subject line of the message and making a decision to strip the attachment based upon the very end of the subject line.
  Example: A simple text message with a subject line of: "Check out the new web site at www.xyz.com"
  The Edge transport server is seeing this as being a ".com" attachment and stripping it off before it gets to the Journaling server. So it does not appear to be looking inside the message to see what it actually is and figure out that it is not
  a ".com" file but a simple text message.
  I have seen this with other file extension types as well. Such as ".exe" . It is also stripping off ".zip" attachments as well, but I understand that and not sure how to deal with it.
  Has anyone else experienced this and how have you dealt with it? Microsoft wants me to take the Edge out of play and go directly to from the cloud to an on-prem Exchange server. But that is not an option as the on-prem servers are not exposed to the internet.
  Thanks, Bob
   

  Hi BobSwe,
  Thank you for your response.
  If you have resolved this question, please mark useful replies as answer.
  Thanks,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• Problem with blocking upload file TMG 2010

  I'm using TMG 2010. I have 3 rules : 
  1/Allow Internet Access : 
  protocols : dns, http, https
  from: loclahost, internal to: External
  2/Allow Protocols :
  protocols : all traffics
  from: localhost, internal to: localhost, internal
  3/Defaul Rule : Block all.
  The problem is : i want to block upload file from internal to external so i've made HTTP filter in Allow Internet Access like this : Config HTTP --> Signature : Search in: Request Header 
   Http header: Content-Type:
   Signature: mutipart/form-data
  Methods : Block method POST
  Unfortunately, it's not work and i dont know why. If i create a rule block web, it's work. Plesase help me. Thanks !

  Hi,
  You could check the following blog to see whether you missed anything.
  How to block Attachment Uploads using Microsoft TMG
  http://www.kuwaitgeekz.com/?p=2248
  (Note: Microsoft provides third-party contact information to help you find technical support. This contact
  information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Login error when publishing OWA 2010 through TMG 2010

  Its configuration publish OWA 2010 with TMG 2010 but when logged through the internet must enter the correct net name: domain.com\administrator and password to login.
  administrator login name or login [email protected] not login. And all the other mailbox account not login.
  This is a picture of my configuration. You do know how to fix it help me okay. Thanks.

  Hi Xuan,
  It depends on your selected authentication method.
  I recommend you refer to the following article, it will give you some hints:
  http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/enabling-forms-based-authentication-external-internal-owa-2010-users-exchange-2010-published-using-forefront-tmg-2010-part2.html
  Please note: Since the website is not hosted by Microsoft, the link may change without
  notice. Microsoft does not guarantee the accuracy of this information. And the
  changes made in the above blog is not supported officially by Microsoft.
  Best regards,
  Niko Cheng
  TechNet Community Support

• Managing Exchange Edge Transport Role from my workstation

  Hi Guys
  I want to manage my Edge Transport Role (2010 sp3) that resides in DMZ  from my workstation that resides on internal network. 
  What ports EMC 2010 is using? so I can open them on firewall.
  How can I add edge transport server in my EMC when ports are opened?
  Thanks in Advance
  Farhad

  Hi Farhad,
  I find a topic that provides information about ports, authentication, and encryption for all data paths. Details for your reference:
  http://technet.microsoft.com/en-us/library/bb331973(v=exchg.141).aspx
  Information :
  1. On servers that have Internet Information Services (IIS) installed, Windows opens the HTTP port (port 80, TCP) and HTTPS port (port 443, TCP). Exchange 2010 Setup doesn't open these ports. Therefore, these ports don't appear in the preceding table.
  2. Make sure the Port 25 open by communication between Hub and Edge, Edge and Edge.
  Thanks

• Edge Transport Upgrade to SP3

  I am in the process of upgrading my Exchange 2010 Edge Server to SP3.  The Edge Server sits in a DMZ part of the DMZ Workgroup.  While the EMC updated to SP3, the Edge Transport has not.
  The following error was logged:
  [05/01/2014 02:22:13.0642] [1] 0.  ErrorRecord: The AD LDS schema import process ldifde.exe failed with error code 8224.  No schema has been imported into AD LDS. View the Setup logs for more information.
  [05/01/2014 02:22:13.0642] [1] 0.  ErrorRecord: Microsoft.Exchange.Management.Edge.SetupTasks.AdamSchemaImportProcessFailureException: The AD LDS schema import process ldifde.exe failed with error code 8224.  No schema has been imported into AD LDS.
  View the Setup logs for more information.
     at Microsoft.Exchange.Management.Edge.SetupTasks.ManageAdamService.ImportAdamSchema(String instanceName, String schemaFilePath, String macroName, String macroValue)
     at Microsoft.Exchange.Management.Edge.SetupTasks.InstallAdamSchemaTask.InternalProcessRecord()
  [05/01/2014 02:22:13.0688] [1] [ERROR] The following error was generated when "$error.Clear(); 
   install-AdamSchema -LdapFileName ($roleInstallPath + "\Setup\Data\schemaadam.ldf")
  " was run: "The AD LDS schema import process ldifde.exe failed with error code 8224.  No schema has been imported into AD LDS. View the Setup logs for more information.".
  My question is, should the upgrade be able to contact our AD domain to get the schema import?  Or should I export this data from our AD domain controller?
  Thank you for reviewing.

  Hello,
  Before you upgrade edge transport server, you need to upgrade other exchange server role to sp3.
  Normally, if the Microsoft Exchange EdgeSync service can performs scheduled updates, the information in AD LDS will remain current.
  It is able to contact your AD domain to get schema import during upgrading.
  I recommend you check if 50636 port is opened during updating exchange 2010 Edge server to sp3.
  Please use EXBPA again your exchange server health.
  Please check if there is related error in application log.
  Cara Chen
  TechNet Community Support

• Tmg 2010 Block Any https web site

   TMG 2010 block any https site And HTTPS Inspection Disabled when i make a Rule and i make TO Exception URL sets.

  HI Jesper
  Thanks for Reply
  Yes Https sites blocked even with https inspection disabled, and I have firewall policy that is allowing http and https.
  If I make firewall policy allowing http and https without Exceptions traffic will be allowed If i make any URL sets Exceptions traffic will be blocked.
  Regards,
  Ahmed Salama.
  Denied Connection
  Log type:
  Web Proxy (Forward)
  Status:
  12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
  Rule:
  Default rule
  Source:
  Internal (10.6.29.199:65109)
  Destination:
  External (10.6.28.5:443)
  Request:
  twitter.com:443
  Filter information:
  Req ID: 0785b898; Compression: client=No, server=No, compress rate=0% decompress rate=0%
  Protocol:
  SSL-tunnel
  Client agent:
  Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0
  Object source:
  Internet (Source is the Internet. Object was added to the cache.)
  Cache info:
  0x0
  Processing time:
  0 MIME type:

• Edge Transport

  Hello every one.. :)
  I'm just new to learning  the technology of exchange server 2013 and i wanted to ask... is it enough to run only two roles (mailbox & client access) so that i can send/receive emails from/to the internet?? or its a MUST to have a dedicated server
  to have the role of Edge transport?
  please advice.. thanks in advance.. :)

  depends :!!!
  An Edge server always have to be on the perimeter network on a standalone server or VM.
  Yes you live without an Edge Server and have both CAS/MBX roles installed (recommended) on the same box/server
  But you will need to protect your Exchange from anti-spam and anti-malware , either you go with and Edge server or have EOP (Exchange Online Protection)
  Hope that answers your question Jaber.
  Where Technology Meets Talent

• Edge Transport Server Limitations - messages delivered per day?

  I'm currently on the hunt for some kind of baseline / benchmark that will indicate how many messages per day (or per second) an Edge Transport server is capable of handling. I feel like this should be in some whitepaper somewhere for when Edge Transport
  is designed, so you know how many to deploy, but I can't find it.
  I know system specs will be a factor. We have the current hardware in our box:
  2 processors (2.67 GHz)
  16 GB RAM
  64-bit OS (Windows Server 2008 R2 Enterprise)
  If anyone has come across any kind of guideline for email delivery limitations of ET, I'd appreciate being pointed to them.
  Thanks

  The current Exchange servers are much faster and beefier than they were when I worked with Exchange 4 Beta 2 with a customer many years ago.  They tried to swamp their Exchange server (dual 90 MHz Pentium server with 128 MB RAM) using six Unix workstations
  running Mailstorm against it.  They had to stop when their primary Unix systems handling inbound email were overloaded due to how they set up their test.  And the Exchange server never skipped a beat.
  Another customer situation that may help is that I have seen 10,000 messages in an Exchange 2010 queue (due the smart host they were using for external delivery was offline for maintenance) drop to zero within 15 minutes.  I'd suggest that you run some
  sort of test of your own to determine how many messages your edge is capable of delivering, but these may give you an indication of the expected capabilities.

• How to publish LDAP to outside of the organization on TMG 2010?

  Hi,
  An external company requires LDAP for the services that they are going to provide to our school for students. I have Windows 2008 R2 forest and domain level Active Directory with TMG 2010 at the edge.
  I was wondering how can I do that task?

  Hi,
  publish the internal LDAP Server with LDAP/LDAPS (UDP/TCP):
  http://technet.microsoft.com/en-us/library/cc995316.aspx
  If you must publish your internal Active Directory I recommend using LDAPS or better? use AD-LDS to sync your AD-DS with AD-LDS and only the required attributes from Active Directory
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote