2.2. Configuring EdgeSync
Let's go through the preconfiguration checklist and
make sure you are ready to configure EdgeSync. Here is a list of tasks
you should perform:
Confirm that DNS name resolution between the
Hub Transport and the Edge Transport works. In some cases, you may need
to create HOSTS files for the two systems if the internal Hub Transport
server is not resolvable in DNS by the Edge Transport server, and vice
versa.
Ensure that the necessary ports on the firewall are opened.
Configure the accepted domains and remote domains for your organization (on the internal Exchange 2010 servers).
Define
the internal SMTP servers so that Sender ID knows which servers are
internal to your organization and the connection filters know not to
reject connections from your internal IP addresses.
The internal SMTP servers must be configured using the EMS cmdlet Set-TransportConfig. In the following example, the internal mail servers are defined as having the IP addresses 192.168.254.102 and 192.168.254.19:
Set-TransportConfig -InternalSMTPServers 192.168.254.102,192.168.254.19
Next, you need to switch to the console of the Edge
Transport server and create the Edge Subscription file. The following
command creates a new EdgeSync subscription file called EdgeSync.xml. Note that the confirmation message mentions a couple of the prerequisites:
New-EdgeSubscription -FileName "c:\EdgeSync.xml"
Confirm
Creating an Edge Subscription makes the configuration of this Edge
Transport server ready to be managed via EdgeSync. Any of the
following types of objects that were created manually will be deleted:
accepted domains; message classifications; remote domains; and Send
connectors. Also, the InternalSMTPServers list of the TransportConfig
object will be overwritten during the synchronization process. The
Exchange Management Shell tasks that manage those types of objects will
be locked out on this Edge Transport server. You must manage those
objects from inside the organization and allow EdgeSync to update the
Edge Transport server. EdgeSync requires that this Edge Transport
server is able to resolve the fully qualified domain names (FQDN) of
the Hub Transport servers in the Active Directory site to which the
Edge Transport server is being subscribed. Those Hub Transport servers
must be able to resolve the FQDN of this Edge Transport server. You
should complete the Edge Subscription inside the organization in the
next "1440" minutes before the bootstrap account expires.
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is "Y"):y
|
One of the things that Exchange administrators are often not prepared for is that they must transfer the edgesync.xml
file from the Edge Transport server to the Hub Transport server. Have a
floppy disk or a USB thumb drive handy when you generate this file at
the Edge Transport server. Of course, if you allow local disk drives to
be mapped through Remote Desktop, then you can copy the file through
that connection.
|
The file that is created is shown in Figure 3. Take special note of the <EdgeServerFQDN>
XML tag. This value will be used by the Hub Transport server when it
must transmit data (SMTP data or EdgeSync replication data) to the Edge
Transport server, so this FQDN must be resolvable by the Hub Transport
server.
Other content you will find in the EdgeSync
subscription file includes the Edge server's certificate, the username,
and password information that the Hub Transport server will use when
authenticating to the Edge Transport server, and vice versa.
You need to transport this EdgeSync.xml
file to the Hub Transport server now. If all file-sharing ports between
the perimeter and the internal network are locked down, you may have to
use a USB drive, CD-ROM, or a floppy disk (oh, the horror). Once you
have the EdgeSync subscription file on the Hub Transport server, you
can import the file into the Exchange 2010 organization.
In the Organization Configuration work center of the
Exchange Management Console, open the Hub Transport subcontainer and
select the Edge Subscriptions tab. To import the new EdgeSync
subscription file, choose the New Edge Subscription task from the
Actions pane. This launches the New Edge Subscription wizard (shown in Figure 4).
You must specify the Active Directory site of which
this Edge Transport server will be a member. We recommend that you
allow the New Edge Subscription wizard to create the necessary send
connector to be used with the Edge Transport server. When you are
ready, click the New button. The Completion page will remind you to
verify firewall connectivity and name resolution.
The Edge Synchronization process should start almost
immediately and will synchronize configuration data once every three
hours afterward. Recipient information will be synchronized once every
five hours. You can force the synchronization to run by running the EMS
cmdlet Start-EdgeSynchronization with no parameters.
If you want to include your user's safe sender list in the synchronization, you should also schedule the Update-SafeList
cmdlet to run periodically (usually once per day is fine). This command
should run on the Hub Transport server. Here is an example that will
update the safe sender lists for all users so that they are pushed to
the Edge Transport via the EdgeSync process:
Get-Mailbox | Update-SafeList
If you have more than 1,000 recipients in your organization, you will need to tell Get-Mailbox to return more than the default 1,000 recipients. You can use this command instead:
Get-Mailbox -ResultSize Unlimited | Update-SafeList
2.3. Confirming That EdgeSync Is Running
Once you have started Edge Synchronization, you can
perform a few tasks to confirm that the data is synchronizing to the AD
LDS database on the Edge Transport server. The quickest and most
accurate way to verify that Edge Synchronization is functioning
properly is to use the Test-EdgeSynchronization cmdlet. An example of this cmdlet using the -FullCompareMode switch is shown in Figure 5.
Annoyingly, the times listed in 1000 are in GMT rather than in local time, but this is rather minor.
In addition, you can verify that the configuration
data has been transferred over to the Edge Transport server's AD LDS
database by looking in the EMC on the Edge Transport server. Figure 6
shows the EMC and the Edge Transport work center. On the Accepted
Domains tab in the Work pane for server HNLET01, you can see the
accepted domains that were transferred from the Exchange 2010
organization.
Any objects or properties that have
synchronized from the internal Exchange Server 2010 organization (such
as accepted domains, remote domains, or send connectors) should not be
managed on the Edge Transport server. These objects and properties
should be managed on the internal Exchange Server 2010 organization;
they will be replicated to the Edge Transport server automatically.
Note that the Edge Transport's management console cannot be accessed
remotely. You must manage Edge Transport servers from their console or
using Remote Desktop Connection.
