Category Archives: Edge Server

Quick Bites – Deploy Edge server in Exchange 2010/2013 coexistence scenarios

If you deploy Exchange 2013 servers in your Exchange 2010 organization and you have external mailflow configured to pass emails through exchange 2013 Edge Transport servers, you should configure subscription for Exchange 2013 edge servers to your existing Exchange 2010 hub servers.

You can subscribe an edge server in a site to multiple HUB servers if it is(Exchange 2007/2010) and CAS & Mailbox Combined together if it is Exchange 2013 servers.

You can subscribe a 2007/2010 edge to 2013 Exchange CAS & HUB combined servers. This can be done vice versa as well.

You can import the Edge Subscription file and run EdgeSync on a standalone Exchange 2013 Mailbox server, or on a server where the Mailbox server and the Client Access server are installed on the same computer.

Note :

You can’t import the Edge Subscription file or run EdgeSync only on a standalone Exchange 2013 Client Access server.
You cannot subscribe an edge servers to multiple site since edge servers are bounded to site specific and can be subscribed to multiple mailbox & CAS servers in a single site

Make sure you open the below ports on the firewall

Inbound traffic:
SMTP – TCP port 25 (from Internet)
SMTP – TCP port 25 (from Edge server to Hub server on internal network)
Outbound traffic:
SMTP – TCP/UDP port 25 (from Edge to Internet)
SMTP – TCP/UDP port 25 (from Hub to Edge server)

Very IMP : Do not open the below mentioned ports on perimeter firewall. These ports should be open only on intranet firewall.

LDAP for Edge Sync – TCP port 50389 (from Mailbox to Edge server) Secure LDAP for Edge Sync – TCP port 50636 (from Mailbox to Edge server).

Thanks
Sathish Veerapandian

MVP – Exchange Server

Installing Exchange 2013 Edge Server CU5

Edge server serves as a best security filtering system for all the incoming and outgoing emails  in our organization. It prevents spammers from exploring and hacking our network.

In real time edge servers will be placed in a DMZ zone.
So the setup will be looking like below
Intranet (Basically corporate LAN) – intranet firewall – DMZ – perimeter firewall –  Internet

So we should be placing the edge server’s right in between the intranet and perimeter firewall which is demilitarized zone.
Basically in this DMZ zone there wouldn’t be full access to the directory services because this DMZ zone acts as a first filtering agent for any kind of spam messages that are coming to the network.
We will have the DMZ be placed in a different sub-net apart from LAN sub-net for security reasons not to expose the LAN network to the spammers.So we use the concept of DNS suffix so that we would be able to communicate with the LAN network with minimal required access to few services.

With help of ADLDS installed on edge servers ,directory services would be able to provide dedicated required services for Edge server.Here the edge transport server uses the ADLDS services to store the recipient and configuration information alone.

By having this information it would be able to validate the authenticated valid users on its own domain, applying the required spam filtering agent settings for its recipients, knowing the connector configurations and routing the mail-flow accordingly.
Following are the prerequisites for installing Edge server
Remote Tools Administration Pack
ADLDS
Required Windows components – NET-Framework, ADLDS
Windows Management Framework 4.0
Follow below TechNet article to install Exchange 2013 edge server Prerequisites
http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx

 

1. Configure DNS suffix on Edge server.
Add the edge server name along with the domain name as the DNS suffix.

In my-case im adding it as edge2013.exchangequery.com

2. Configure firewall rule as following:

Inbound traffic:
SMTP – TCP port 25 (from Internet)
SMTP – TCP port 25 (from Edge server to Hub server on internal network)
Outbound traffic:
SMTP – TCP/UDP port 25 (from Edge to Internet)
SMTP – TCP/UDP port 25 (from Hub to Edge server)
LDAP for Edge Sync – TCP port 50389 (from Mailbox to Edge server) Secure LDAP for Edge Sync – TCP port 50636 (from Mailbox to Edge server). Do not open these ports on perimeter firewall. These ports should be open only on intranet firewall.

Note:

If you are installing edge in lab setup you can follow the below steps
1) Bring edge server and do not join it in a domain.
2) Add the DNS suffix with the domain name alone.
3) Have edge server on a different subnet. But have these 2 subnets on the same VLAN.
4) Add one ip range of edge server in mailbox server as Additional in advance TCP/IP settings in the primary NIC. Similarly do the same for edge server. Add one ip range of mailbox server as Additional in advance TCP/IP settings in the primary NIC.
By doing this only you would be able to ping these 2 different sub-nets and they will have network connectivity.
In real time scenarios we have to ensure connectivity between perimeter n\w and LAN n\w and all the required ports open else we will be having trouble with the edge synchronization with the mailbox servers.

 

3. Install the Exchange 2013 Edge server

1

 

Select the edge transport role

 

2

 

Wait for the readiness to be completed.

3

 

 

Reboot the computer once the setup completes successfully.
After the reboot ensure that the edge server is installed. From Exchange 2013 we do not have exchange 2013 management through GUI and it is from exchange management shell on the edge server itself.But after Edge-synchronization is completed we will be able to manage the edge server from EAC.

Run the following command to ensure that edge server is available.

Get-Transportservice
Also you can run Get-Transportservice | FL to check all other parameters as well.

 

5

4. Start edge subscription by following command:

“New-EdgeSubscription –Filename “C:\edgeserversubscription.xml”

 

6

 

5. Copy the xml file to the mailbox server local disk.

6. Complete subscription by running the below command:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path “C:\EdgeServerSubscription.xml” -Encoding Byte -ReadCount 0)) -Site “Default-First-Site-Name”

7. Run Start-EdgeSynchronization

Now we need to Start-EdgeSynchronization cmdlet to immediately start synchronization of configuration data from Active Directory to the subscribed Edge Transport server.
Start-EdgeSynchronization -Server exchangequery.com

Once the synchronization is over the edge setup is completed successfully.
Cheers
Sathish Veerapandian
Technology Consultant  🙂

%d bloggers like this: