I have a Hub Transport Server inside the domain and an Edge server in the DMZ. I have opened ports 50389/TCP, 25/TCP, 50636/UDP, and 3389/TCP <for rdp>. I export my edgesubscription and import it to the Hub server I run the start-edgesynchronization, then test-edgsynchronization with success but with the test-edgesynchroniztion -verifyrecipient I get this. [PS] C:\Users\administrator.ENTERPRISE\Desktop>start-edgesynchronization Result : SuccessType : RecipientsName : CN=THEDGESERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=enterprise,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=enterprise,DC=local FailureDetails : StartUTC : 5/4/2009 5:11:50 PMEndUTC : 5/4/2009 5:11:50 PMAdded : 0Deleted : 0Updated : 2Scanned : 8TargetScanned : 8Result : SuccessType : ConfigurationName : CN=THEDGESERVER,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=enterprise,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=enterprise,DC=local FailureDetails :StartUTC : 5/4/2009 5:11:50 PMEndUTC : 5/4/2009 5:11:50 PMAdded : 0Deleted : 0Updated : 2Scanned : 348TargetScanned : 348Then when I do a test-edgesynchronization -verifyrecipient user@domain.com I get this. Name : THEDGESERVERLeaseHolder : EXCHANGETIBLeaseType : OptionConnectionResult : SucceededFailureDetail :LeaseExpiry : 5/4/2009 2:11:50 PMLastSynchronized : 5/4/2009 1:11:50 PMCredentialStatus : SkippedTransportServerStatus : SkippedTransportConfigStatus : SkippedAcceptedDomainStatus : SkippedSendConnectorStatus : SkippedMessageClassificationStatus : SkippedRecipientStatus : SynchronizedCredentialRecords : Number of credentials 3Is this normal?And when I try to do troubleshooting from the MSC I get this message when I run Mail flow troubleshooter. Under the Symptoms are you seeing? I choose Problems with Edge Server Synchronization with Active Directory (for Exchange Server 2007 only).I get this error: No EdgeSync credentials found in Active Directory for Edge Transport server role computer %EDGECN%.I have done nslookup from both servers, they can see each other. I am using server 2008 on both 64bit. I am using Exchange 2007 on both. and the versions match. I have followed http://technet.microsoft.com/en-us/libarary/cc526574.aspx along with many others. Mail is flowing but I dont think ADLDS <2008'S version of ADAM> is sync'd. Can someone help me?

Hi RTibhold, In order to better troubleshoot your issue, please help collect the following information: 1. Open Exchange Management Shell on Hub transport server, run the following command: Get-eventloglevel MSExchange EdgeSync | set-eventloglevel level expert 2. Open Event Viewer, cleanup current application log file, and then run the following command: test-edgesynchronization -verifyrecipient user@domain.com 3. Send the newest application log in Event Viewer to the forum for analyze. 4. On Hub transport server, from a command prompt, type Extra.exe, 5. Select a Task, Trace Control 6. Notice the location of the trace file location and trace file name. By default, file is C:\Program Files\Microsoft\Exchange Server\Bin\ExchangeDebugTraces.etl 7. Uncheck the box next to "Run Traces for" 8. Click Set manual trace tags 9. Check debug, PFD, Fatal, Error, Warning and info in Trace Types, Under components to trace", selecte the following: EdgeSync MSexchangeSync 10. Click Start Tracing. 11. Run test-edgesynchronization -verifyrecipient user@domain.com command. 12. Click Stop Tracing Now. 13. Send the trace file(.etl) to my work e-mail:v-rocwan@microsoft.com. You can use the steps for Verifying EdgeSync Results to diagnostic the issue, for more information about how to verify EdgeSync result, please refer to the following white paper: White Paper: Edge Subscription and Synchronization http://technet.microsoft.com/en-us/library/bb310755.aspx Regards, Rock WangRock Wang MSFT

Here is the log from the Event Viewer. This was cleared and then test-edgesynchronization -verifyrecipient user@domain.comwas ran. Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:18:46 PMEvent ID: 1034Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Found credential THEDGESERVER.enterprise.local for cn=ESRA.THEDGESERVER.EXCHANGETIB.0,CN=Services,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1034</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:18:46.000Z" /> <EventRecordID>109564</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>cn=ESRA.THEDGESERVER.EXCHANGETIB.0,CN=Services,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:18:46 PMEvent ID: 1031Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Rejected credential THEDGESERVER.enterprise.local at 633776627260935452. Effective date is 633773035432172030. Best effective date found: 633773899432172030.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1031</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:18:46.000Z" /> <EventRecordID>109563</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>633776627260935452</Data> <Data>633773035432172030</Data> <Data>633773899432172030</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:18:46 PMEvent ID: 1031Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Rejected credential THEDGESERVER.enterprise.local at 633776627260935452. Effective date is 633786859432172030. Best effective date found: 0.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1031</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:18:46.000Z" /> <EventRecordID>109562</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>633776627260935452</Data> <Data>633786859432172030</Data> <Data>0</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:18:46 PMEvent ID: 1034Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Found credential THEDGESERVER.enterprise.local for cn=ESRA.THEDGESERVER.EXCHANGETIB.0,CN=Services,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1034</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:18:46.000Z" /> <EventRecordID>109561</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>cn=ESRA.THEDGESERVER.EXCHANGETIB.0,CN=Services,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:18:46 PMEvent ID: 1031Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Rejected credential THEDGESERVER.enterprise.local at 633776627260311460. Effective date is 633773035432172030. Best effective date found: 633773899432172030.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1031</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:18:46.000Z" /> <EventRecordID>109560</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>633776627260311460</Data> <Data>633773035432172030</Data> <Data>633773899432172030</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:18:46 PMEvent ID: 1031Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Rejected credential THEDGESERVER.enterprise.local at 633776627260311460. Effective date is 633786859432172030. Best effective date found: 0.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1031</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:18:46.000Z" /> <EventRecordID>109559</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>633776627260311460</Data> <Data>633786859432172030</Data> <Data>0</Data> </EventData></Event> Log Name: ApplicationSource: MSExchangeReplDate: 5/11/2009 2:18:39 PMEvent ID: 2106Task Category: ServiceLevel: ErrorKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:The database was not found after log replay. Storage group: 'EXCHANGETIB\Second Storage Group'. Database: C:\Program Files\Microsoft\Exchange Server\Mailbox\LocalCopies\Second Storage Group\Public Folder Database.edb.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchangeRepl" /> <EventID Qualifiers="49156">2106</EventID> <Level>2</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:18:39.000Z" /> <EventRecordID>109558</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>EXCHANGETIB\Second Storage Group</Data> <Data>C:\Program Files\Microsoft\Exchange Server\Mailbox\LocalCopies\Second Storage Group\Public Folder Database.edb</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:17:37 PMEvent ID: 1020Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:The topology scan successfully completedEvent Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1020</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:17:37.000Z" /> <EventRecordID>109557</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:17:37 PMEvent ID: 1021Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Edge Transport server THEDGESERVER.enterprise.local addedEvent Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1021</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:17:37.000Z" /> <EventRecordID>109556</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:17:37 PMEvent ID: 1034Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Found credential THEDGESERVER.enterprise.local for cn=ESRA.THEDGESERVER.EXCHANGETIB.0,CN=Services,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1034</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:17:37.000Z" /> <EventRecordID>109555</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>cn=ESRA.THEDGESERVER.EXCHANGETIB.0,CN=Services,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:17:37 PMEvent ID: 1031Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Rejected credential THEDGESERVER.enterprise.local at 633776626577664212. Effective date is 633773035432172030. Best effective date found: 633773899432172030.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1031</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:17:37.000Z" /> <EventRecordID>109554</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>633776626577664212</Data> <Data>633773035432172030</Data> <Data>633773899432172030</Data> </EventData></Event> Log Name: ApplicationSource: MSExchange EdgeSyncDate: 5/11/2009 2:17:37 PMEvent ID: 1031Task Category: TopologyLevel: InformationKeywords: ClassicUser: N/AComputer: EXCHANGETIB.enterprise.localDescription:Rejected credential THEDGESERVER.enterprise.local at 633776626577664212. Effective date is 633786859432172030. Best effective date found: 0.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange EdgeSync" /> <EventID Qualifiers="16388">1031</EventID> <Level>4</Level> <Task>2</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2009-05-11T18:17:37.000Z" /> <EventRecordID>109553</EventRecordID> <Channel>Application</Channel> <Computer>EXCHANGETIB.enterprise.local</Computer> <Security /> </System> <EventData> <Data>THEDGESERVER.enterprise.local</Data> <Data>633776626577664212</Data> <Data>633786859432172030</Data> <Data>0</Data> </EventData></Event>

Hi Ron, From your trace file(.etl), I found it is empty. From your event log, it seems that it is ok. If you want to verify the EdgeSync synchronization results for a specific recipient, you can use Ldp.exe to view the recipient properties that are stored in ADAM. You must locate the recipient by its Active Directory GUID and, because the data is sent hashed, you must also be able to interpret the information that is returned when you view the recipient details. To verify the EdgeSync synchronization results for a recipient, follow these steps: 1.Determine the user name of the recipient for which you want to verify EdgeSync synchronization results. 2.Determine the GUID that is associated with the recipient in Active Directory. This GUID is represented as the recipient's canonical name (CN) in ADAM. 3.Determine the Active Directory value of the attributes that you want to verify for that recipient. 4.Use Ldp.exe on the Edge Transport server to retrieve information about that recipient from ADAM. 5.Use the Windows Calculator to translate the retrieved decimal attribute values to hexadecimal and determine the significant byte. 6.Compare the Active Directory attribute values and the ADAM attribute values, and verify that they match. For more information about the steps, please refer to How to Verify EdgeSync Results section for a Recipientthe following article: White Paper: Edge Subscription and Synchronization http://technet.microsoft.com/en-us/library/bb310755.aspx Please let me know the verify result. Thanks for your cooperation. Rock WangRock Wang MSFT

LDP.EXE has nothing in it at all.When I try to connect to the server it times out. How do I make sure Active Directory is able to see the domain from the edge server?

Hi Ron, Could you show me how do you perform LDP.exe utility? Please double check whether your steps are correct according to the following guides: 1.Start Ldp.exe on the Edge Transport server. By default, this tool is located at <System drive>\WINDOWS\ADAM\ldp.exe. 2.Click Connection on the menu bar, and then click Connect 3.In the Connect dialog box, type the name of the Edge Transport server in the Server field. In the Port field, type the ADAM LDAP port. By default, this port number is 50389. Do not select the Connectionless or SSL check boxes. Click OK. 4.Click Connection on the menu bar, and then click Bind. 5.If you are logged on as a local administrator, in the Bind dialog box, select Bind as currently logged on user. To enter administrator credentials, select Bind with credentials, and then enter a user name and password. Click OK. 6.Click View on the menu bar, and then click Tree. 7.In the Tree View dialog box, clear any entry in the BaseDN field. Click OK. You are now connected to the root of the ADAM directory. 8.Click Browse on the menu bar, and then click Search. 9.In the Search dialog box, use the drop-down box for the BaseDN field to select OU=MsExchangeGateway. 10.In the Filter field, enter search criteria that will find the recipient whose CN is equal to the GUID that you obtained from Active Directory. For example, if the GUID starts with 21664853, enter (cn=21664853*). Notice that you do not have to type the complete GUID. You can type the first several characters and then use the * wildcard character to search for all GUIDs that begin with those characters. 11.Select Subtree as the Scope. Click Run. The search results appear in the right pane of Ldp.exe. 12.You can change the list of attributes that are included in the search results. To do this, click Browse on the menu bar, and then click Search. Enter the BaseDN, Filter, and Scope options as instructed in the previous steps. Click Options. 13.In the Attributes field, enter a list of attributes to display. Separate each attribute by using a semicolon. For example, to list the SCL delete threshold and the SCL reject threshold, enter the following text: MsExchMessageHygieneSCLDeleteThreshold;MsExchMessageHygieneSCLRejectThreshold 14.Click OK, and then click Run in the Search dialog box. The search results appear in the right pane of Ldp.exe. Attributes that have a null value do not appear. You should pay attention to steps 5 and 6. If anything is unclear, feel free to let me know. Regards, Rock Wang Rock Wang MSFT

Ok after reading more and more testing. I belive I have narrowed it down. I can not telnet between the Edge server and the Hub server. I have a Sonicwall and I have everything allowed from the DMZ to the Lan (just for testing). I have turned Windows firewalls off on both machines. But I still can not telnet on ports 50636or 25, 80 I can. I don't know where to go from here? After turnning all the firewalls off I should be able to telnet. What am I missing?Frustrated...

Hi Ron, Please follow my suggestion(How to Verify EdgeSync Results) in the previous and let me know the result. At the begin, you described that you have opened ports 50389/TCP, 25/TCP, 50636/UDP, and 3389/TCP <for rdp> Now you told me I cannot telnet between the Edge server and the Hub server. It seems that your configuration for the firewall isnt correct. If you didnt know how to configure the firewall, you should contact the vendor for help. Before you do that, you should know the following information: Hub Transport server to Edge Transport server 25/TCP(SSL) Direct trust Direct trust Yes (TLS) Yes Edge Transport server to Hub Transport server 25/TCP(SSL) Direct trust Direct trust Yes (TLS) Yes MicrosoftExchange EdgeSync service 50636/TCP(SSL), 50389/TCP(NoSSL) Basic Basic Yes (LDAPS) Yes ActiveDirectory Application Mode (ADAM) directory service on Edge Transport server 50389/TCP(NoSSL) NTLM/Kerberos NTLM/Kerberos No No Hub Edge 25 Hub Edge 50636 or 50389 Hub Edge 3389 Communication port settings for Edge Transport servers Network interface Open port Protocol Note Inbound from and outbound to the Internet 25/TCP SMTP This port must be open for mail flow to and from the Internet. Inbound from and outbound to the internal network 25/TCP SMTP This port must be open for mail flow to and from the Exchange organization. Local only 50389/TCP LDAP This port is used to make a local connection to ADAM. Inbound from the internal network 50636/TCP Secure LDAP This port must be open for EdgeSync synchronization. Inbound from the internal network 3389/TCP RDP Opening this port is optional. It provides more flexibility in managing the Edge Transport servers from inside the internal network by letting you use a remote desktop connection to manage the Edge Transport server. Note: Pay attention to the port direction when you configure the firewall. And port 80 is no need for Edge transport. Rock WangRock Wang MSFT

Ok I can see each server, I can telnet to the ports. It is sending and receiving mail. But I am getting this error when running the "Exchange Mail flow Troubleshooter" With Problems with Edge Server Synchronnization with Active Directory (for Exchange Server 2007 only).No EdgeSync credentials were found in Active Directory for Edge Transport server role computer %EDGECN%. This occurs when the tool is unable to retrieve one or more values for the 'msExchEdgeSyncCredential' attribute on the server object '%EDGEDN%' in Active Directory.andOne or more inconsistencies were found with Active Directory Application Mode (ADAM) instance on server THEDGESERVER.enterprise.local. This is an indication that EdgeSync has not successfully replicated critical configuration information from Active Directory to this ADAM instanceandEvent description 'Rejected credential THEDGESERVER.enterprise.local at 633795656538135461. Effective date is 633796503973134238. Best effective date found: 0.' was logged at 2009/06/02 18:54:13 GMT - 000. This may occur if the EdgeSync credential has not yet been synchronized to the Active Directory Application Mode (ADAM) instance on the Edge Transport server role computer or the EdgeSync credentials have expired because EdgeSync has not completed within the credential expiration period. Please remove and recreate the subscription for this Edge Transport server role computerSo I did what it said, I removed the Edge subscription on both. Ran new-edgesubscription -filename "c:\newedge.xml" and copied that file to the HT server did the new edge subscription. It loaded the send connectors, I ran start-edgesynchronization and then test-edgesynchronization. Then reran the above and received the same error.Do I need a signed certificate? Is that what is doing this?I try telneting to port 50386, which was sugested on another post. I can not. The firewall is wide open between the DMZand LAN. Is there a feature in Server 2008 that I need to instal to open that port? I did have to instal smtp server to get another port25 open. So I am wondering if there is another feature I have to load in 2008 to open port 50386.

Hi Ron, Could you follow my suggestion(How to Verify EdgeSync Results) in the previous and let me know the result? Each Edge transport server automatically generates a self-signed certificate during setup, the issue should has nothing to do with your certificate. If you suspect the certificate, you can run get-exchangecertificate | fl *, and post the result into the forum for further analyze. 1. First you should run netstat ano command on the Edge server, to verify whether port 50636 and 50389 are in listening status. 2. Then disable your firewall totally if you didnt know how to configure the firewall. 3. Telnet to Edge servers port 50636 or 50389 on the Hub transport server, and check the effect. Rock WangRock Wang MSFT

Yes I can log into the ldap.exe and I did the bind and I get the following. Established connection to thedgeserver.enterprise.local.Retrieving base DSA information...Getting 1 entries:Dn: (RootDSE)configurationNamingContext: CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}; currentTime: 6/4/2009 4:47:27 PM Eastern Daylight Time; dnsHostName: THEDGESERVER.enterprise.local; domainControllerFunctionality: 3 = ( WIN2008 ); dsServiceName: CN=NTDS Settings,CN=THEDGESERVER$MSExchange,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}; forestFunctionality: 2 = ( WIN2003 ); HighestCommittedUSN: 61655; isSynchronized: TRUE; namingContexts (3): CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}; CN=Schema,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}; OU=MSExchangeGateway; schemaNamingContext: CN=Schema,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}; serverName: CN=THEDGESERVER$MSExchange,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}; subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,CN={7E1CDFB8-DE75-4DD3-AA06-0E05A6C97518}; supportedCapabilities (5): 1.2.840.113556.1.4.1851 = ( ACTIVE_DIRECTORY_ADAM ); 1.2.840.113556.1.4.1670 = ( ACTIVE_DIRECTORY_V51 ); 1.2.840.113556.1.4.1791 = ( ACTIVE_DIRECTORY_LDAP_INTEG ); 1.2.840.113556.1.4.1935 = ( ACTIVE_DIRECTORY_V61 ); 1.2.840.113556.1.4.1880 = ( ACTIVE_DIRECTORY_ADAM_DIGEST ); supportedControl (26): 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.2.840.113556.1.4.801 = ( SD_FLAGS ); 1.2.840.113556.1.4.473 = ( SORT ); 1.2.840.113556.1.4.528 = ( NOTIFICATION ); 1.2.840.113556.1.4.417 = ( SHOW_DELETED ); 1.2.840.113556.1.4.619 = ( LAZY_COMMIT ); 1.2.840.113556.1.4.841 = ( DIRSYNC ); 1.2.840.113556.1.4.529 = ( EXTENDED_DN ); 1.2.840.113556.1.4.805 = ( TREE_DELETE ); 1.2.840.113556.1.4.521 = ( CROSSDOM_MOVE_TARGET ); 1.2.840.113556.1.4.970 = ( GET_STATS ); 1.2.840.113556.1.4.1338 = ( VERIFY_NAME ); 1.2.840.113556.1.4.474 = ( RESP_SORT ); 1.2.840.113556.1.4.1339 = ( DOMAIN_SCOPE ); 1.2.840.113556.1.4.1340 = ( SEARCH_OPTIONS ); 1.2.840.113556.1.4.1413 = ( PERMISSIVE_MODIFY ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST ); 2.16.840.1.113730.3.4.10 = ( VLVRESPONSE ); 1.2.840.113556.1.4.1504 = ( ASQ ); 1.2.840.113556.1.4.1852 = ( QUOTA_CONTROL ); 1.2.840.113556.1.4.802 = ( RANGE_OPTION ); 1.2.840.113556.1.4.1907 = ( SHUTDOWN_NOTIFY ); 1.2.840.113556.1.4.1948 = ( RANGE_RETRIEVAL_NOERR ); 1.2.840.113556.1.4.1974 = ( FORCE_UPDATE ); 1.2.840.113556.1.4.1341 = ( RODC_DCPROMO ); 1.2.840.113556.1.4.2026 = ( DN_INPUT ); supportedLDAPPolicies (12): MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange; supportedLDAPVersion (2): 3; 2; supportedSASLMechanisms (4): GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5; ----------- 0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 0)res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3{NtAuthIdentity: User='administrator'; Pwd=<unavailable>; domain = 'enterprise.local'}Authenticated as: 'THEDGESERVER\Administrator'Where do I find the GUID for a user in Active Directory?The firewalls are all off.Here is the results from the get-exchangecertificate | fl *AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : 96913CB2FE6256A5D5ED270778E76BD4CF1A6E82RootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/29/2010 4:29:07 PMNotBefore : 1/29/2009 4:29:07 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 25...}SerialNumber : 19E0D7CFE9C2C3884DA2980C4DF59724SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : 0AAED3D5E8EA5DF7D25126B5584917E63CEE379DVersion : 3Handle : 480408432Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : 2DE38A02CFFC7754ABE52C52A033F22A38CC95B2RootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/28/2010 4:47:45 PMNotBefore : 1/28/2009 4:47:45 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 30...}SerialNumber : 1E44302BFAE59D95452FA124FD82E097SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : F876F55FECA342152D2A045480F58D0442689764Version : 3Handle : 480407408Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : 0DA7DD50E88E07FB1F754218C6166FD094D33548RootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/27/2010 2:03:30 PMNotBefore : 1/27/2009 2:03:30 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 236...}SerialNumber : ECFEB1D8E08DE0B8479C94F2169FA809SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : A797CF2C11804A1A484C269D970755F688D80456Version : 3Handle : 480408048Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : F04AD7267307C16799F12163F4A5847BC4BD7BD7RootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/27/2010 10:49:48 AMNotBefore : 1/27/2009 10:49:48 AMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 20...}SerialNumber : 14BA31CB677528934BC0CBF984E3681ESubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : C9C998E5905756346AC9CF937963110B91EDDB40Version : 3Handle : 480407536Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : 915A716DFF2AE5D831B9BE888B4CC2C8D7128A51RootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/27/2010 9:14:58 AMNotBefore : 1/27/2009 9:14:58 AMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 138...}SerialNumber : 8A1A1C919B36F8B442652C44F7BC2BADSubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : A206A08AA36BF18E9F83F5022D77EE95B2BF09A9Version : 3Handle : 480407920Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : 20F3830D1D000E35B008C85D99CA4A67E3D86CFFRootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/23/2010 12:43:36 PMNotBefore : 1/23/2009 12:43:36 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 200...}SerialNumber : C87D57B0F312589E4D73B7843DC81E9DSubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : BE88AE6F3BC9F383E2E8B15249063D152FF52907Version : 3Handle : 480407664Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : CA9EC59DD19E99E0AD5A2A509E8744CB9E29549FRootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 1/22/2010 4:49:02 PMNotBefore : 1/22/2009 4:49:02 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 242...}SerialNumber : F2A952C80545FEB04F10FCB4FA209DADSubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : 6D8A2D4B284876A08B071E66615EA63DC55C017EVersion : 3Handle : 480408304Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, Syst em.Security.AccessControl.CryptoKeyAccessRule, System.Se curity.AccessControl.CryptoKeyAccessRule, System.Securit y.AccessControl.CryptoKeyAccessRule}CertificateDomains : {EXCHANGETIB, EXCHANGETIB.enterprise.local}CertificateRequest :IisServices : {}IsSelfSigned : TrueKeyIdentifier : C15A3B8E3375787EA172F257131AAEED0A50AAE8RootCAType : NoneServices : IMAP, SMTPStatus : ValidPrivateKeyExportable : FalseArchived : FalseExtensions : {System.Security.Cryptography.Oid, System.Security.Crypt ography.Oid, System.Security.Cryptography.Oid, System.Se curity.Cryptography.Oid}FriendlyName : Microsoft ExchangeIssuerName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameNotAfter : 11/25/2009 4:06:46 PMNotBefore : 11/25/2008 4:06:46 PMHasPrivateKey : TruePrivateKey : System.Security.Cryptography.RSACryptoServiceProviderPublicKey : System.Security.Cryptography.X509Certificates.PublicKeyRawData : {48, 130, 3, 33, 48, 130, 2, 9, 160, 3, 2, 1, 2, 2, 16, 106...}SerialNumber : 6AF451D10C0C95974E5EFD1B4ECE1B63SubjectName : System.Security.Cryptography.X509Certificates.X500Distin guishedNameSignatureAlgorithm : System.Security.Cryptography.OidThumbprint : 56FD2F6E6B1642AE1B778ED3B0F87DD133B04AA7Version : 3Handle : 480408176Issuer : CN=EXCHANGETIBSubject : CN=EXCHANGETIB [PS] C:\Users\administrator.ENTERPRISE\Desktop>

Are you still there?

Ok, what I had to do to get it working was install the SMTP server on both the Edge and the Hub Transport servers. Then it worked.Ron.

i have the same problem .MSExchangeEdgeSync service can not start. run Start-EdgeSynchronization view result as follow: Unable to contact the EdgeSync service. + CategoryInfo : ReadError: (:) [Start-EdgeSynchronization], EndPointNotRegisteredException + FullyQualifiedErrorId : FF1F0AD3,Microsoft.Exchange.Management.EdgeSync.SyncNowTask could you please tell me how to solve this issure ,thank you very much

i have the same problem. but the edgesync-servies is start. when i run the start-edgesynchronisation view result: Unable to contact the EdgeSync service. + CategoryInfo : ReadError: (:) [Start-EdgeSynchronization], EndPointNotRegis + FullyQualifiedErrorId : FCAE575C,Microsoft.Exchange.Management.EdgeSync.SyncNowTask when i start the test-edgesynchronization view the result: RunspaceId : 7e4c740f-3eae-4e9c-9835-3f93e7fe2329 SyncStatus : Inconclusive UtcNow : 01.07.2010 07:22:48 Name : Edge01 LeaseHolder : CN=xx1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administr ative Groups,CN=domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=co m LeaseType : Lock FailureDetail : LeaseExpiryUtc : 01.07.2010 07:26:40 LastSynchronizedUtc : 01.07.2010 07:21:40 TransportServerStatus : InProgress TransportConfigStatus : InProgress AcceptedDomainStatus : InProgress RemoteDomainStatus : InProgress SendConnectorStatus : InProgress MessageClassificationStatus : InProgress RecipientStatus : InProgress CredentialRecords : Number of credentials 3 CookieRecords : Number of cookies 1 I have already installed the entire exchange re edgesubscription several times rebuilt. is switched off firewall and I can ping the server and each other (all ports are open). I also have the thumnail-Certificate newly created and verified that these do not have the same ID. edge-server is in a DMZ. Installation went through without any error message. what else can I do? I urgently ask for advices. thank you