EdgeSync with Exchange Server 2010 problem
I've looked through the other posts, and while similar, none seem to be the same as that I'm seeing. Configuration is TMG/Edge Transport on W2K8 R2 and Exchange on W2K8 R2. Mail traffic flowing fine. Looking at the TMG log, I am seeing an LDAPS(EdgeSync) Initiate from the Exchange server to the edge server, followed by a Closed (abort because RST sent), followed by Denied. This happens every time a sync occurs or when I to a manual sync. I have created new subscription information and re-created the edge subscription on the hub transport (deleted old & created new). The Test-EdgeSubscription yields: [PS] C:\Windows\system32>Test-EdgeSynchronization RunspaceId : 69ad3ff1-1c7b-4e32-bfaa-6956ad5e7b3e SyncStatus : Normal UtcNow : 7/7/2011 5:35:08 PM Name : GUARDIAN LeaseHolder : CN=ZAPHOD,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=n1vqw,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=sambelkee,DC=lcl LeaseType : Option FailureDetail : LeaseExpiryUtc : 7/7/2011 6:04:49 PM LastSynchronizedUtc : 7/7/2011 5:34:49 PM TransportServerStatus : Skipped TransportConfigStatus : Skipped AcceptedDomainStatus : Skipped RemoteDomainStatus : Skipped SendConnectorStatus : Skipped MessageClassificationStatus : Skipped RecipientStatus : Skipped CredentialRecords : Number of credentials 3 CookieRecords : Number of cookies 2 This shows an LDAPS(EdgeSync) Initiate in the TMG log. So the real question is whether or not the sync is actually running. I suspect not, but nothing I have tried seems to change the fingerprint in the TMG log. - Mark
July 7th, 2011 8:48pm

It's not working. create an allow rule on TMG that allow traffic from HUB to TMG/EDGE on TCP 50636. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 9:00pm

I could believe that. I'm curious about the rule... In the "System Policy Rules" created by TMG, rule 47 ("Allow LDAP/LDAPS traffic to the local host for the Exchange Server EdgeSync synchronization process") allows LDAP/LDAPS EdgeSync traffic from the internal network (where my HUB is located) to the localhost (where the EDGE is located). Wouldn't this rule do what you suggest? - Mark
July 7th, 2011 9:44pm

That is correct, this rule should do it. Does your TMG/Edge have a single interface, then make sure that HUB servers is includedd in the from tab/traffic Verify clock settings on TMG/Edge. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 11:10pm

TMG/Edge is dual homed. One NIC to the Internet and the other NIC to the internal network. No DMZ per se. I jut checked, and the clocks are within one minute of each other. - Mark
July 7th, 2011 11:14pm

Syncstatus show normal, and I suspect that it is working after all. If you start Exchange Management Console on Edge, look at accepted domains, is it the same list as on an internal server? It looks like the edgesync is working correct. If your org. is small number of mailboxes the edgesync runs very fast, within a second or two. you can also add an accepted domain on HUB, run edgesync and see if its synces to edge correctly. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 11:34pm

Good test. I just tried adding a new accepted domain on EDGE, did a manual sync, and the new domain showed up on EDGE. So it would appear synchronization is happening, although it isn't clear why the denials are showing up in the TMG log. So it does appear to be working correctly; at lease as far as accepted domains go. :-) - Mark
July 7th, 2011 11:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics