How to install and configure an Edge Transport server for Exchange 2007
Step 1: Install the Edge Transport server
Installing an Edge Transport server in an Exchange Server 2007 environment is pretty straightforward:
- Insert your Exchange Server 2007 installation CD. The Windows Autoplay feature should execute the Setup.exe file. When the Exchange Server 2007 splash screen appears, click Step 4: Install Microsoft Exchange to launch the Setup wizard.
- Click Next to bypass the Setup wizard's Welcome screen.
- Accept the End User License Agreement and click Next.
- Setup will ask you if you would like to enable error reporting. Error reporting will automatically send information regarding server errors to Microsoft. Decide whether or not you want to enable error reporting and then click Next.
- The Edge Transport Server role is only available through a custom installation, so choose the Custom Exchange Server Installation option and click Next.
- You should now see a screen asking you which Exchange Server roles you want to deploy. Deselect all the roles, and then select the Edge Transport Role checkbox.
Before moving on, pay attention to the disk space requirements displayed on this screen. The Edge Transport Role only requires 724 MB of disk space, but it's still a good idea to make sure that your server has sufficient disk space. If necessary, this screen gives you the option of changing the installation path.
Click Next and Setup will perform a quick readiness check.
- Assuming that there are no readiness issues, click the Install button and Setup will begin copying all of the necessary files.
- When the installation process completes, click Finish
Step 2: How to set up an Edge Subscription
Open the Exchange Management Shell on the Edge Transport server, and enter this command:
New-EdgeSubscription –file "C:subscription.xml"
At this point, Exchange will display a rather ominous warning message. This warning just tells you about all of the types of objects that will be overwritten or deleted during the subscription process. When the warning asks you if you want to continue, press Y and the command will go to work.
- When you execute this command, Exchange Server will create an XML file named subscription.xml, which it will place in the root directory on the Edge Transport server's C: drive. The command also creates an ADAM account. This account is used for the purpose of securing the configuration data as it's replicated from Active Directory.
Now we need to import the subscription.xml file into the Hub Transport server in order to create the Edge Subscription.
- Copy the XML file to a location where it will be accessible to the machine that you are going to be using to set up the Edge Subscription. My personal recommendation is to copy the file to a USB thumb drive and then erase it from the Edge Transport server (for security reasons).
- Once the file has been copied to an accessible location, log in to your Hub Transport server using an account that is both a local administrator and a member of the Exchange Organization Administrator's group.
- Open the Exchange Management Console and navigate through the console tree to Organization Configuration -> Hub Transport.
- Select the Edge Subscription tab and then click the New Edge Subscription link found in the Actions pane. The New Edge Subscription dialog box asks you which Active Directory site the Edge Transport server should become a part of. If your organization consists only of a single site, then there is no grand decision involved. If you have multiple sites though, then you should make the Edge Transport server a member of the site that has the fastest (or most reliable) network connectivity to the perimeter network.
- After you choose the Active Directory site in which the Edge Transport server should be included, it's time to import the XML file that you created earlier.
- Use the Browse button to browse for and select the subscription.xml file.
- Verify that the Automatically Create A Send Connector for this Edge Subscription checkbox is selected, then click the New button to import the XML file and create the Edge Subscription. (A send connector is used any time that messages are sent to the Internet through the Edge Transport server.)
The process of creating an Edge Subscription is kind of anticlimactic, but there is actually quite a bit going on behind the scenes. Specifically, Exchange Server creates a secure, authenticated communications channel between the Hub Transport server and the Edge Transport server. Once data can be transmitted securely, Exchange Server begins replicating data from Active Directory to the Edge Transport server's ADAM partition.
Step 3:Replicate Active Directory data to the Edge Transport server
The Edge Transport server does not receive a complete copy of Active Directory for security reasons, but there is still quite a bit of information that gets replicated, including:
- The safe senders list
- The Remote Domains list
- The Accepted Domains list
- Recipient data including email address, contacts, distribution lists, etc.
After the initial replication completes, it is up to Exchange Server to keep the information in the ADAM partition up to date. Remember that the Edge Transport server is not a domain controller. This means that the ADAM partition is not updated through the normal Active Directory replication process.
Instead, Exchange Server keeps the ADAM partition synchronized with Active Directory. The EdgeSync synchronization does not occur nearly as quickly as true Active Directory replication though. Exchange Server synchronizes changes to configuration-related data hourly; it synchronizes changes to recipient data once every four hours.
Of course, there may be situations in which waiting four hours for a directory synchronization to occur is simply impractical. Fortunately, there is a way to force a manual EdgeSync synchronization. Just open the Exchange Management Shell and enter this command:
Now that you have created an Edge Subscription, you must wait for the initial synchronization to complete. The amount of time it will take varies depending on the size of your Active Directory and the size of your Exchange Server organization. If possible, recommend just letting the synchronization run overnight.
Step 4:Verify communication between the Edge Transport server and Hub Transport server
The next step is to verify that the Edge Transport server has received the necessary information from the Hub Transport server. Since a full directory comparison would be unfeasible, there are a couple of specific things you can spot check to verify that the Edge Transport server is working correctly:
- First, go to the Edge Transport server and open the Exchange Management Console to verify that the send connector was created successfully. The only primary containers you should see in the console tree should be the Edge Transport container and the Toolbox container.
- To make sure that the send connector was created successfully, select the Edge Transport container. The lower half of the details pane will display a series of tabs. Select the Send Connectors tab and verify that a send connector is present and enabled.
If your organization only contains a single Active Directory site, the send connector should look like this:
edgesync – default-first-site-name to Internet Enablededgesync – Inbound to Default-First-Site-Name Enabled
As you can see, the send connector actually consists of two different components: an inbound connector and an outbound connector. Both of these connectors should be created automatically.
If for some reason the send connector doesn't exist, you can use the New Send Connector option found on the Actions pane to manually create one (there is also an option to enable the send connector if it is disabled for some reason).
Before you create a send connector though, make sure that the Accepted Domains list has been replicated to the Edge Transport server. If the Accepted Domains list has been synchronized, but there is no send connector, you may have simply forgotten to select the checkbox to automatically create it when you set up the Edge Subscription.
If the send connector is missing and the Accepted Domains list has not been synchronized though, there is clearly some sort of problem occurring.
To check the Accepted Domains list, go to the Hub Transport server, open the Exchange Management Shell, and enter this command:
Exchange Server should return a list of the accepted domains
Now that you have a list of the accepted domains in hand, go to your Edge Transport server, open the Exchange Management Shell and issue the Get-AcceptedDomain command.
The Edge Transport server should produce a list of accepted domains. All you have to do now is to verify that the two lists match each other. If the Edge Transport server contains a partial list of accepted domains, then synchronization is most likely working, but probably has not completed yet.
If you have given synchronization time to complete, but the Accepted Domains list is empty, then there is probably some sort of communications problem between the Edge Transport server and the Hub Transport server.